Firewall Wizards mailing list archives
RE: Wireless
From: "Frank Darden" <fdarden () locked com>
Date: Mon, 19 Aug 2002 17:00:20 -0400
Some of the more "interesting" Wireless security products can detect MAC spoofing based on the behavior of a particular wireless card vs its claimed MAC address. For instance, the ability to detect a Cisco card claiming a 3com mac address. I fully expect that as the wireless security market heats up, you will begin to see dozens of intrusion detection/prevention style solutions hit the marketplace. Frank ======================================= Frank Darden Chief Technology Officer Mission Critical Systems 3320 NW 53rd St. Suite 202 Fort Lauderdale, FL 33309 Phone (954)766-2550 x203 Fax (954-766-2580 AIM/MSN FishinCritical =========================================== -----Original Message----- From: ejb3 () cornell edu [mailto:ejb3 () cornell edu] Sent: Friday, August 09, 2002 2:53 PM To: Scott, Richard Cc: 'Paul Robertson'; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Wireless
Why not restrict access via MAC addresses on the wireless cards? This
would
be a preventative measure.
Spoofing MAC addresses is easy, even on 802.11b cards. Managing permitted MAC addresses is a good idea for home users with few cards and only a single base station. It's a management nightmare for large installations. Besides, that just restricts access to approved APs, and does nothing to address the problem at hand. Find rogue networks the same way their users do, with netstumbler or something similar. Anything that's got an SSID other than the official one, or that's offering up addresses beyond the approved wireless range gets hunted down. Perhaps this is the kind of thing that should be built into next-gen APs? The AP will notice if someone else in range is offering service, and syslog this fact. ericb
------- How are people starting to deal with hunting down and killing rogue Wireless Access Points (WAPs)[1]? It seems pretty easy in
environments
where wireless isn't allowed at all, but is anyone dealing with the situation in an environment where there are sanctioned wireless networks?
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Wireless, (continued)
- RE: Wireless Frank Darden (Aug 09)
- RE: Wireless R. DuFresne (Aug 09)
- Re: Wireless Roger Marquis (Aug 09)
- Re: Re: Wireless Gary Flynn (Aug 09)
- Re: Wireless Dennis.Archambault (Aug 09)
- Re: Re: Wireless Paul Robertson (Aug 09)
- Re: Re: Wireless Adam Shostack (Aug 11)
- Re: Re: Wireless Dennis.Archambault (Aug 12)
- Re: Re: Wireless kadokev (Aug 12)
- Re: Re: Wireless Kirby Kuehl (Aug 12)
- Re: Re: Wireless kadokev (Aug 12)
- RE: Wireless Frank Darden (Aug 19)
- RE: Wireless Frank Darden (Aug 09)