Re: Wireless Lans give EVERYONE ACCESS

[diphen () agitation net]

Perhaps I'm on crack, but I've never encountered a MAC address of the
format "127.0.0.1". That is typically known as an IP address. A MAC
address is the physical ethernet address of the card. It typically has a
format like:

ether 00:d0:09:1e:be:04

While some cards allow you to change the MAC address, and this is
certainly a problem for networks which use MAC-based authentication, I
don't think that's what you were doing.

-gabe

On Mon, Aug 0 , 2001 at 05:21:08PM -0400, Russell Handorf wrote:
> Traditional authentication with wireless lan's consist of the following 
> simplified procedure:
> 1). Wireless nic asks for an IP
> 2). Base station checks to see if the MAC Address can be passed.
> 3). If the authentication is successful then the DHCP server leases an IP 
> to the Wireless nic.
>
> Today, I have circumvented the MAC Address authentication method, and had 
> also sniffed successfully on a switched network with wireless stations on 
> it without authentication into the network.
>
> For sniffing onto a wireless network without a registered MAC Address AND 
> using WEP Encryption Methods:
> 1). Set the MAC Address of the card to 127.0.0.1 and the Netmask to 255.255.0.0
> 2). The card takes care of the rest. Just sit back and listen to the sounds 
> of the network (NOTE: There will NOT be any DNS RESOLVING and quite 
> possibly NO IP's will show up, only the computers MAC Addressed) (Double 
> NOTE: All you need is another machines MAC Address to start a 
> Man-in-the-Middle).
>
> For Getting an IP Address for Internet Connectivity:
> First Method requires that you have already sniffed on the network for an 
> extended amount of time. Needed information is the IP Ranges, Netmask, and 
> Gateway of the Lan. All of this can be acquired through HUNT. All you do is 
> sift through the data generated, find an IP that hasn't sent any traffic 
> take it and configure the other things (such as Netmask and Gateway manually).
>
> Second method requires you to have physical access to the lan. Take a 
> hardwired nic and spoof it's MAC Address to that of the wireless nic's 
> address. Run a command like 
'pump,' swap cards and you should be on the 
> network.
>
> The following instructions were executed on a Dell laptop with Redhat 7.0. 
> The Ethernet card that was used is a Xircom 10/100 56k Combo thingy and the 
> wireless lan card is a Lucent Technologies Wavelan Gold Turbo 128RC4.
>
> The base stations that these were tested on is a D-Link 1000AP, Orinoco 
> AP-1000 Access Point, Orinoco COR-1100, and Cisco Aironet 350 Series.
>
> Will someone else please confirm that this is successful?
>
>
> Thanks
>
> Russ
> ==================================
> Russell Handorf
> oooo, shiney ::Wanders after it::
>
> www.russells-world.com
> www.inside-aol.com
> www.terrorists.net
> www.bad-mother-fucker.org
> www.philly2600.net
>
> "Computer games don't affect kids, I mean if Pacman affected us as kids, 
> we'd all be running around in darkened rooms, munching pills and listening 
> to repetitive music." ~unknown
> ==================================