Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Wireless Lans give EVERYONE ACCESS

From: Jonas Thambert <JonasT () guld spray se>
Date: Tue, 14 Aug 2001 11:30:54 +0200

If you run the WLAN station with POOL-NAT the attacker can still
DOS the VPN authentication service, but it wont be able to reach the 
other clients on the WLAN since the VPN clients can be configured to
only send and recieve traffic through the encrypted tunnel.

The "allowed MAC addresses" feature of the basestation 
prevents the flooding of the station itself, even though 
its quite easily hacked.



jonas



-----Original Message-----
From: dgillett () deepforest org [mailto:dgillett () deepforest org] 
Sent: den 14 augusti 2001 01:14
To: VULN-DEV () securityfocus com; bugtraq () securityfocus com
Subject: RE: Wireless Lans give EVERYONE ACCESS


  VPN makes it possible to assure yourself that only legitimate users 
are coming in through your wireless network to reach your trusted 
servers, etc.

  However, it seems likely to me that a hostile operative could, 
without successfully authenticating to the VPN, still swamp your 
wireless access points with traffic.  Paradoxically, this DoS attack 
may actually require the attacker to be physically nearby....

David Gillett


On 13 Aug 2001, at 13:35, Jonas Thambert wrote:


ofcourse anti virii/p.firewall protection is a must. Setting up 
anti-spoof protection is also regular sysadmin duty, even if its not a 
WLAN interface.

anyway the only usage for WLAN as I see it is in combination with VPN.

http://www.cs.rice.edu/~astubble/wep/wep_attack.html

jonas
Previous By Date Next
Previous By Thread Next

Current thread: