Penetration Testing mailing list archives
Re: Replacing WEP was Re: Dsniff'ng wireless networks
From: "Crist Clark" <crist.clark () globalstar com>
Date: Wed, 18 Jul 2001 14:26:59 -0700
Simon Waters wrote:
Someone is thinking of doing a community network with Wireless LAN. WEP seems to offer little in this environment, so thinking of replacing it with IP based encryption - sort of a public PKI. Assuming we can get users to switch of non-IP protocols on their client PCs (I know it is hard to right click network neighbourhood and pick properties), do we lose any security at layer two by not using WEP?
What security at layer 2? Layer 2 security has almost always been sacrificed for easy operability.
i.e. Are we more vulnerable to some other types of attack - I'm guessing mostly DoS if any more are possible. But hey they can probably DoS more profitably by stealing the antennas from the relays and selling them.
A good remark at DEFCON was that it is pretty much impossible to prevent DoS of a wireless network. It's not data layer attacks, but physical layer attacks. I believe the memorable quote was something along the lines, "Anyone can put a coat hanger in a microwave oven and aim it at your base station." (Can't resist, when it comes to wireless base stations: "All your base are belong to us.") -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Dsniff'ng wireless networks, (continued)
- RE: Dsniff'ng wireless networks Matthew Jach (Jul 10)
- Re: Dsniff'ng wireless networks Joe Shaw (Jul 10)
- RE: Dsniff'ng wireless networks Bourque Daniel (Jul 10)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 11)
- Re: Dsniff'ng wireless networks Dragos Ruiu (Jul 12)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 11)
- RE: Dsniff'ng wireless networks Kohlenberg, Toby (Jul 12)
- RE: Dsniff'ng wireless networks R. DuFresne (Jul 12)
- RE: Dsniff'ng wireless networks Kohlenberg, Toby (Jul 12)
- RE: Dsniff'ng wireless networks Mike . Ruscher (Jul 13)
- Replacing WEP was Re: Dsniff'ng wireless networks Simon Waters (Jul 17)
- Re: Replacing WEP was Re: Dsniff'ng wireless networks Crist Clark (Jul 22)
- Replacing WEP was Re: Dsniff'ng wireless networks Simon Waters (Jul 17)