Security Basics mailing list archives
Re: About War Driving ..
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 2 Dec 2006 14:59:07 +0100
On 2006-11-30 FatalSaint wrote:
Just a couple.. I'm kind of a noob here but: 1) Use WPA/TKIP instead of WEP. Harder to crack (though not impossible)
Please elaborate: how do you believe WPA could be cracked? I know that WPA-PSK can be cracked if a weak passphrase is chosen, but I haven't yet seen a mention of WPA-PSK with a strong passphrase or WPA/TKIP being cracked.
2) Disable DHCP if you have it running or
Pointless, because the attacker can spoof a valid IP address.
2a) Enable static DHCP for the MAC Addresses of the authorized PC's
Pointless, because the attacker can spoof a valid MAC address.
3) MAC Address Filter your router
Pointless, because the attacker can spoof a valid MAC address.
4) Disable SSID Broadcast (easily got around by anyone with kismet.. but still an added layer)
Pointless, because the attacker doesn't need a broadcast SSID to detect the WLAN.
5) If your router has the capability; explicitly allow only the IP's for the machine's you assign to get out to the internet.
Pointless, because once the attacker can spoof a valid IP address.
6) Disable the torrent ports at the firewall .. I am not sure what they are or if torrent will get around them by using port 80 instead. (in actuallity, in a business environment I'd disable -all- outgoing ports except 80 and 443 - if someone needs specific access have your net-admin explicitly allow their machine out.)
Not entirely pointless, but a) limits valid users as well, and b) is only effective once the attacker already *got* access to your network. Which is what you want to prevent in the first place.
7) You could get as detailed as static routing and limiting the amount of bandwidth each machine/IP could use.
Pointless, because the attacker can spoof a valid MAC and IP address.
Log MAC Addresses. If he's smart enough to crack your wep then he's prolly spoofing MAC's.. but you could always go into your logs, see which MAC is associated with that IP - and then go to all the machines in your building that you can control and check the MAC Addresses - might tell you which machine is doing it.
That does only help if you know how to locate that machine. Which is exactly the problem the OP has (because with a WLAN you can't simply follow the wire).
Some more advanced things could be to install a proxy server; require the use of login's to get to the internet - then you can track by login. Or even installing a transparent proxy and logging all websites/communication out to the internet (this could cause a very large logfile.)
That may work, but also means a lot of work. Plus, it just moves the authentication to a higher layer. Why not just leave it in the network layer? Has the same effect, is easier to set up, and keeps a potential attacker entirely out of your network. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Re: About War Driving .., (continued)
- Re: About War Driving .. Dave Moore (Dec 01)
- Re: About War Driving .. Sudev Barar (Dec 01)
- Re: About War Driving .. Robert Szewczyk (Dec 01)
- Re: About War Driving .. gaurav saha (Dec 01)
- Re: About War Driving .. Dave Moore (Dec 04)
- Re: About War Driving .. Steven (Dec 06)
- list moderation (was Re: About War Driving.) Kelly Martin (Dec 07)
- Re: About War Driving .. gaurav saha (Dec 01)
- Re: About War Driving .. Joel W Pauling (Dec 01)
- Re: About War Driving .. giles (Dec 01)
- Re: About War Driving .. FatalSaint (Dec 01)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. FatalSaint (Dec 06)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Kelly Martin (Dec 08)
- Re: About War Driving .. pryorda pryor (Dec 12)