Re: [fw-wiz] Wireless

From: Jeff Newton (Jeff_Newton@pmc-sierra.com)
Date: 08/09/02 

From: Jeff Newton <Jeff_Newton@pmc-sierra.com>
To: "R. DuFresne" <dufresne@sysinfo.com>
Date: Fri Aug  9 21:31:01 2002

Absolutely. Not only are management frames in the clear, they are not
authenticated nor even acknowledged in most cases.

If you want to completely rid your enterprise of 802.11b, try this nice DOS:

- set up a bunch of machines with 802.11b NICs, ensuring good wireless
coverage.
- broadcast 'disassociate' management frames from all NICs

No one is going to be able to associate with a WAP, rogue or otherwise!

Cheers,

"R. DuFresne" wrote:

> On Fri, 9 Aug 2002, Jeff Newton wrote:
>
> > ejb3@cornell.edu wrote:
> >
> > > Find rogue networks the same way their users do, with netstumbler or
> > > something similar. Anything that's got an SSID other than the official
> > > one, or that's offering up addresses beyond the approved wireless range
> > > gets hunted down.
> >
> > Netstumbler is great at finding "mis-configured" WAPs, or those with
> > SSID broadcast enabled. If the user has disabled the broadcast, nothing
> > short of a wireless sniffer is going to see it.
> >
>
> Even with SSID broadcast disabled, those management packets will contain
> the SSID's when folks are communicating with the AP or through it. Not
> much trouble to sniff this leakage out for sure.
>
> Thanks,
>
> Ron DuFresne
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards 

--
Jeff Newton, CISSP
Information Security Analyst
PMC-Sierra Inc.

Relevant Pages

  • Re: New wireless security question
    ... >> have a desktop in the basement and a new wireless laptop upstairs. ... >> Melvin: It's working fine, but I've been given some advice ... >> to disable the ssid broadcast since it is already secured. ... I've read documents that advises disabling SSID broadcast. ...
    (alt.sys.pc-clone.dell)
  • Re: New wireless security question
    ... > MAC address filtering and "SSID Hiding" do little for wireless security. ... > Nefarious types can determine the presence of your network without even ... > Turning off SSID broadcast at your access point does no more for wireless ... It's not casual users you need to worry about but "the other" ...
    (alt.sys.pc-clone.dell)
  • Re: New wireless security question
    ... | desktop in the basement and a new wireless laptop upstairs. ... MAC address filtering and "SSID Hiding" do little for wireless security. ... Turning off SSID broadcast at your access point does no more for wireless ... The "prevents casual users" argument is, in my opinion, not a valid ...
    (alt.sys.pc-clone.dell)
  • Re: New wireless security question
    ... I recently installed your product to my desktop so that I can access wireless via my new notebook. ... Melvin: It's working fine, but I've been given some advice regarding additional security. ... If you're going to set a security there's no need to disable the ssid broadcast since it is already secured. ... Wireless security is the password for wireless connection but since you enable the wireless mac address on the computer, ...
    (alt.sys.pc-clone.dell)
  • New wireless security question
    ... desktop in the basement and a new wireless laptop upstairs. ... Melvin: It's working fine, but I've been given some advice regarding ... do you recommend that I shut off SSID Broadcast and if so how do I do ... connection but since you enable the wireless mac address on the computer, ...
    (alt.sys.pc-clone.dell)