Re: Wireless Lans give EVERYONE ACCESS

[Conal Darcy <hersh () blindskier com>]

But can't you just set up a firewall to block any packets from the
wireless device that claim they're coming from the loopback device
(127.0.0.1)?

My experience with wireless devices is minimal so I may be wrong.

Conal Darcy
hersh () blindskier com

On Mon, 6 Aug 2001, Russell Handorf wrote:

> Traditional authentication with wireless lan's consist of the following
> simplified procedure:
> 1). Wireless nic asks for an IP
> 2). Base station checks to see if the MAC Address can be passed.
> 3). If the authentication is successful then the DHCP server leases an IP
> to the Wireless nic.
>
> Today, I have circumvented the MAC Address authentication method, and had
> also sniffed successfully on a switched network with wireless stations on
> it without authentication into the network.
>
> For sniffing onto a wireless network without a registered MAC Address AND
> using WEP Encryption Methods:
> 1). Set the MAC Address of the card to 127.0.0.1 and the Netmask to 255.255.0.0
> 2). The card takes care of the rest. Just sit back and listen to the sounds
> of the network (NOTE: There will NOT be any DNS RESOLVING and quite
> possibly NO IP's will show up, only the computers MAC Addressed) (Double
> NOTE: All you need is another machines MAC Address to start a
> Man-in-the-Middle).
>
> For Getting an IP Address for Internet Connectivity:
> First Method requires that you have already sniffed on the network for an
> extended amount of time. Needed information is the IP Ranges, Netmask, and
> Gateway of the Lan. All of this can be acquired through HUNT. All you do is
> sift through the data generated, find an IP that hasn't sent any traffic
> take it and configure the other things (such as Netmask and Gateway manually).
>
> Second method requires you to have physical access to the lan. Take a
> hardwired nic and spoof it's MAC Address to that of the wireless nic's
> address. Run a command like 
'pump,' swap cards and you should be on the
> network.
>
> The following instructions were executed on a Dell laptop with Redhat 7.0.
> The Ethernet card that was used is a Xircom 10/100 56k Combo thingy and the
> wireless lan card is a Lucent Technologies Wavelan Gold Turbo 128RC4.
>
> The base stations that these were tested on is a D-Link 1000AP, Orinoco
> AP-1000 Access Point, Orinoco COR-1100, and Cisco Aironet 350 Series.
>
> Will someone else please confirm that this is successful?
>
>
> Thanks
>
> Russ
> ==================================
> Russell Handorf
> oooo, shiney ::Wanders after it::
>
> www.russells-world.com
> www.inside-aol.com
> www.terrorists.net
> www.bad-mother-fucker.org
> www.philly2600.net
>
> "Computer games don't affect kids, I mean if Pacman affected us as kids,
> we'd all be running around in darkened rooms, munching pills and listening
> to repetitive music." ~unknown
> ==================================