RE: [Full-Disclosure] Wireless Security

• Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:109 - Updated gnupg packages fix vulnerability with ElGamal signing keys"
• Maybe in reply to: Patrick Doyle: "[Full-Disclosure] Wireless Security"
• Next in thread: Joel R. Helgeson: "Re: [Full-Disclosure] Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Fri, 28 Nov 2003 17:27:10 -0000

It's an interesting topic, thanks to all your replies.

Have a good weekend

Paddy

-----Original Message-----
From: Jonathan A. Zdziarski [mailto:jonathan@nuclearelephant.com]
Sent: 28 November 2003 16:46
To: jan.muenther@nruns.com
Cc: Simon Hailstone; Patrick Doyle; full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Wireless Security

> You should be aware that MAC addresses can be forged as well.

I believe this also works (at least in Linux)

ifconfig wlan0 hw ether [new mac]

Tools like kismet make it all too easy to find a valid MAC address to
spoof on the network.

Application-Layer encryption is definitely the most secure method.
EAP+Dynamic WEP keys is a significant enhancement, but still vulnerable
to session hijacking. You may also consider using Token-based
authentication if you are going to run EAP (and to authenticate your
shells too). RSA SecurID's ACE/Server will emulate a RADIUS server,
making it very useful for these types of authentication. I'm sure
Cryptocard has something useful too.

What would be schweet is if you could use the SecurID token code (which
changes every 30 or 60 seconds) as a one-time pad for dynamic WEP key
changes. Then you wouldn't have to pass WEP keys across the network
where they could be intercepted...and changing every 60 seconds would
make it virtually un-bruteable.

If you haven't read "Wireless Hacks" by O'Reilly yet, I strongly
recommend you grab a copy; it's an excellent little book.

http://www.amazon.com/exec/obidos/tg/detail/-/0596005598/qid=1070037607/sr=1-1/ref=sr_1_1/002-0400399-7348019?v=glance&s=books

Jonathan

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:109 - Updated gnupg packages fix vulnerability with ElGamal signing keys"
• Maybe in reply to: Patrick Doyle: "[Full-Disclosure] Wireless Security"
• Next in thread: Joel R. Helgeson: "Re: [Full-Disclosure] Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-disclosure] RE: Full-Disclosure Digest, Vol 19, Issue 9 ... controller which serviced the authentication request and even on 2003 it ... Subject: [Full-disclosure] Active Directory accounts ... Is the lastLogon AD account ... (Full-Disclosure) Re: [Full-disclosure] Most common keystroke loggers? ... It's a two-factor authentication service that can be easily plugged ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... (Full-Disclosure) Re: [Full-disclosure] Secure OWA ... One possibility is to consider doing a two-stage authentication ... OWA login page. ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure)