Re: OpenAir pen-testing

["Paul Melson" <pmelson () gmail com>]

> Does anyone have any experience with pen-testing or general security
> setup/issues of any "OpenAir" wireless devices?  It appears to be a
> pre-802.11 wlan protocol from proxim.

It's actually not pre-802.11.  It's nothing like it.  It's FHSS
(frequency hopping spread spectrum), while 802.11 (and its precursor
WaveLAN) are DSSS (direct sequence).

You you will need special hardware to test this network.  Proxim made
RangeLAN2 PCMCIA cards that work with Win2K and Linux.  (They probably
work fine with XP also, but I've never tried.)  Last time I tried,
Knoppix came with the rl2 driver and loaded with my card just fine.

The Security ID you mentioned is stored in the firmware of the NIC
itself.  It's blank by default, which is pretty much what you have to
hope for, because the Security ID is actually the key for frequency
modulation.  Sniffing without it is essentially impossible since your
card won't be listening to the right frequency at the right time, and
while you could write a script to try and brute force the key with
proxcfg, it's theoretically 36^20, so that could take a smidge more
time than you have for this work.

More here: http://kristi.erdves.lt/books/wireless/rl2security.pdf

Good luck!

PaulM

PS - If you can't find a card, e-mail me off-list.  I doubt I'll use mine again.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------