RE: radius+ wireless

["Dante Mercurio" <Dante () webcti com>]

Gaspar,

If both PC's are on at the same time, then there will be confusion and both systems would see connectivity issues. The 
goal of anyone attempting to access would be to clone the MAC at a time that the other system is not on for full 
connectivity.

For more advanced security and easy use, look at WPA using TKIP or AES encryption. The authentiation handshake uses 
certificates and is secured, and the keys change automatically. The main problem is backward compatibility, but most XP 
users should have the patch needed to use it at this point.

M. Dante Mercurio, CISSP, CWNA, Security+

-----Original Message-----
From: Gaspar de Elías [mailto:gaspar.delias () gmail com] 
Sent: Wednesday, November 17, 2004 10:40 PM
To: Scott Bauer; security-basics () securityfocus com
Subject: Re: radius+ wireless

Thanks for your answers. I'll investigate in google.
But i'm still thinking on something: Suppose somebody cracks my WEP key, and he clones his mac address and ip address; 
How could the access point distingish one pc from another? i mean if my customer is checking his mail, and the cracker 
is trying to download something, and both are comunicating to port 80, how would the information find a way to go to 
the right device?
I think that ethernet frames would be accepted by both, customer and cracker (they have the same mac address). Then the 
frame become a package, and it's accepted by both too (same ip address) at internet or network layer. Finally is in the 
transport layer where it becomes a segment. And here is where data is accepted or rejected depending on the header's 
flags (ack,syn,seq).
I wanted to know if i'm right or not. What do you think?

thanks 

On Wed, 17 Nov 2004 19:00:36 -0700, Scott Bauer <scottybauer () gmail com> wrote:
> Yes, Every wireless sends out Becaon Packets. Some of these packets 
> contain the WEP Key, Right now im in the middle of cracking a 128 bit 
> key, and I have captured 100,000 of the packets I need over the past 3 
> days. You need Alot of packets to beable to crack the key. Once the 
> key is cracked. The user will log on under the ap and He wont be 
> athentacated but if he puts his card in proximious mode He will get 
> all packets. Therefor he would be able to see a MAC adress that is 
> athentacated. With the server. Also If you have a static IP on the 
> server he (I think) could just put in the static IP and wala he is in.
> I really dont think You should be worried with all these security features.
> PS if you have WPA you should use it. There is a way to crack it (very 
> underground right now) but only a few know how ( encluding me). So if 
> you do have WPA you should use it. Also if the user is just getting 
> the antenna directly from the antenna to the computer through a 
> wireless card. You will need to update the drivers  and make sure 
> those drivers will support WPA. There are other security features. But 
> You will get more responses from other people.
>
> Hope I helped.
> Scott.
>
> PS the tools I use are as followed.
> I use Airopeek nx Demos' files to make a program work. The program is 
> Air-Crack. its a zip and contains alot of things.
> I use Ethereal and Netstumbler
>
> Cheers
>
>
>
>
> On Wed, 17 Nov 2004 19:18:03 -0300, Gaspar de Elías 
> <gaspar.delias () gmail com> wrote:
> > hello
> > I'm an isp, and i'm providing internet to my customers via wireless, 
> > authenticating with a radius server on freeBSD. My question is the
> > folowing: Can somebody sniff the wireless conections, crack WEP 
> > alghoritm, and cheat his mac and ip addresses in order to steal 
> > information from one of my customers?
> > A friend told me that doing this is incredibly easy, so i'm investigating.
> > What should i implement to make my wireless lan more secure?
> >
> > --
> > Gaspar de Elías


--
Gaspar de Elías