Re: Wireless Lans give EVERYONE ACCESS

[Russell Handorf <rhandorf () mail russells-world com>]

i mean ip- my bad :P im the one on crack ;) my bad typo

At 04:46 PM 8/6/2001 -0700, you wrote:
> Perhaps I'm on crack, but I've never encountered a MAC address of the
> format "127.0.0.1". That is typically known as an IP address. A MAC
> address is the physical ethernet address of the card. It typically has a
> format like:
>
> ether 00:d0:09:1e:be:04
>
> While some cards allow you to change the MAC address, and this is
> certainly a problem for networks which use MAC-based authentication, I
> don't think that's what you were doing.
>
> -gabe
>
> On Mon, Aug 0 , 2001 at 05:21:08PM -0400, Russell Handorf wrote:
> > Traditional authentication with wireless lan's consist of the following
> > simplified procedure:
> > 1). Wireless nic asks for an IP
> > 2). Base station checks to see if the MAC Address can be passed.
> > 3). If the authentication is successful then the DHCP server leases an IP
> > to the Wireless nic.
> >
> > Today, I have circumvented the MAC Address authentication method, and had
> > also sniffed successfully on a switched network with wireless stations on
> > it without authentication into the network.
> >
> > For sniffing onto a wireless network without a registered MAC Address AND
> > using WEP Encryption Methods:
> > 1). Set the MAC Address of the card to 127.0.0.1 and the Netmask to 
> 255.255.0.0
> > 2). The card takes care of the rest. Just sit back and listen to the 
> sounds
> > of the network (NOTE: There will NOT be any DNS RESOLVING and quite
> > possibly NO IP's will show up, only the computers MAC Addressed) (Double
> > NOTE: All you need is another machines MAC Address to start a
> > Man-in-the-Middle).
> >
> > For Getting an IP Address for Internet Connectivity:
> > First Method requires that you have already sniffed on the network for an
> > extended amount of time. Needed information is the IP Ranges, Netmask, and
> > Gateway of the Lan. All of this can be acquired through HUNT. All you 
> do is
> > sift through the data generated, find an IP that hasn't sent any traffic
> > take it and configure the other things (such as Netmask and Gateway 
> manually).
> >
> > Second method requires you to have physical access to the lan. Take a
> > hardwired nic and spoof it's MAC Address to that of the wireless nic's
> > address. Run a command like 'pump,' swap cards and you should be on the
> > network.
> >
> > The following instructions were executed on a Dell laptop with Redhat 7.0.
> > The Ethernet card that was used is a Xircom 10/100 56k Combo thingy and 
> the
> > wireless lan card is a Lucent Technologies Wavelan Gold Turbo 128RC4.
> >
> > The base stations that these were tested on is a D-Link 1000AP, Orinoco
> > AP-1000 Access Point, Orinoco COR-1100, and Cisco Aironet 350 Series.
> >
> > Will someone else please confirm that this is successful?
> >
> >
> > Thanks
> >
> > Russ
> > ==================================
> > Russell Handorf
> > oooo, shiney ::Wanders after it::
> >
> > www.russells-world.com
> > www.inside-aol.com
> > www.terrorists.net
> > www.bad-mother-fucker.org
> > www.philly2600.net
> >
> > "Computer games don't affect kids, I mean if Pacman affected us as kids,
> > we'd all be running around in darkened rooms, munching pills and listening
> > to repetitive music." ~unknown
> > ==================================

==================================
Russell Handorf
oooo, shiney ::Wanders after it::

www.russells-world.com
www.inside-aol.com
www.terrorists.net
www.bad-mother-fucker.org
www.philly2600.net

"Computer games don't affect kids, I mean if Pacman affected us as kids, 
we'd all be running around in darkened rooms, munching pills and listening 
to repetitive music." ~unknown
==================================