Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

OpenAir pen-testing

From: Aaron Peterson <aaron () midnightresearch com>
Date: Tue, 10 Jul 2007 00:37:23 -0700
Hi All:

Does anyone have any experience with pen-testing or general security
setup/issues of any "OpenAir" wireless devices?  It appears to be a
pre-802.11 wlan protocol from proxim.

I can't seem to find any *real* information on the protocol, or how it's
used and implemented.  I understand that the data is not encryped, but that
there is a shared security ID that needs to be sent to join the network.

Any advice on how to connect/sniff/break/audit/etc this type of traffic?


Here is some of the information that I've found so far:

From: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=OpenAir
        An earlier wireless LAN protocol endorsed by the Wireless LAN
        Interoperability Forum (WLIF). It used a frequency hopping spread
        spectrum (FHSS) air interface in the unlicensed 2.4GHz band and was
        based on Proxim's RangeLAN2 architecture.

And from: http://www.istpl.com/80211_std.htm
        Pre-802.11 protocol, using Frequency Hopping and 0.8 and 1.6 Mb/s
        bit rate.  CSMA/CA with MAC retransmissions.  OpenAir doesn't
        implement any encryption at the MAC layer, but generates Network ID
        based on a password (Security ID).  OpenAir is the proprietary
        protocol from Proxim. All OpenAir products are based on Proxim's
        module. 

Here is a bit more info:
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.std.html#OpenAir

It appears that the original consortium (WLIF, wlif.org, Wireless LAN
Interoperability Forum) that helped push it is now belly-up as well.

Linux used to have support for this, but I think it has been removed from
this site, and I haven't seen anything for recent kernels:
http://www.komacke.com/archive/rl2-library/

I found what looks like a mirror of the files here, but this is still for
old versions of linux:
http://www.haucks.org/download/

Also, probably the best bug I've seen in a while is from the openBSD
drivers:
http://nixdoc.net/man-pages/OpenBSD/man4/rln.4.html
The very last line in the man page: "Oh, and transmit doesn't seem to work."

Thanks,


Aaron

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: