OpenAir pen-testing

Hi All:

Does anyone have any experience with pen-testing or general security
setup/issues of any "OpenAir" wireless devices? It appears to be a
pre-802.11 wlan protocol from proxim.

I can't seem to find any *real* information on the protocol, or how it's
used and implemented. I understand that the data is not encryped, but that
there is a shared security ID that needs to be sent to join the network.

Any advice on how to connect/sniff/break/audit/etc this type of traffic?


Here is some of the information that I've found so far:

From: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=OpenAir
An earlier wireless LAN protocol endorsed by the Wireless LAN
Interoperability Forum (WLIF). It used a frequency hopping spread
spectrum (FHSS) air interface in the unlicensed 2.4GHz band and was
based on Proxim's RangeLAN2 architecture.

And from: http://www.istpl.com/80211_std.htm
Pre-802.11 protocol, using Frequency Hopping and 0.8 and 1.6 Mb/s
bit rate. CSMA/CA with MAC retransmissions. OpenAir doesn't
implement any encryption at the MAC layer, but generates Network ID
based on a password (Security ID). OpenAir is the proprietary
protocol from Proxim. All OpenAir products are based on Proxim's
module.

Here is a bit more info:
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.std.html#OpenAir

It appears that the original consortium (WLIF, wlif.org, Wireless LAN
Interoperability Forum) that helped push it is now belly-up as well.

Linux used to have support for this, but I think it has been removed from
this site, and I haven't seen anything for recent kernels:
http://www.komacke.com/archive/rl2-library/

I found what looks like a mirror of the files here, but this is still for
old versions of linux:
http://www.haucks.org/download/

Also, probably the best bug I've seen in a while is from the openBSD
drivers:
http://nixdoc.net/man-pages/OpenBSD/man4/rln.4.html
The very last line in the man page: "Oh, and transmit doesn't seem to work."

Thanks,


Aaron

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

Relevant Pages

  • Re: Protocol Analysis
    ... Subject: Protocol Analysis ... Concerned about Web Application Security? ... testing and vulnerability management needs. ... most comprehensive solutions to meet your application security penetration ...
    (Pen-Test)
  • [fw-wiz] UNSUBSCRIBE
    ... (Paul D. Robertson) ... > fixup protocol icmp error ... >> isn't about the security properties of the control, ... errors in the firewall, configuration errors, and it then takes physical ...
    (Firewall-Wizards)
  • Re: 802.11i
    ... Access" and it is security "system" for wireless networks that employs ... While TKIP "Temporal Key Integrity Protocol" is actual protocol under ... safer to communicate using RC4 stream cipher, ... But that is WPA v1., which is done to be as an enhancement ...
    (Security-Basics)
  • RE: Ambiguities in TCP/IP - firewall bypassing
    ... T/TCP does indeed require multiple flags to be set ... simultaneously, however, it's also not a proven protocol. ... There's also a clear security issue with allowing one side of the ... standard TCP/IP it's relatively easy to spoof the source IP for the SYN ...
    (Bugtraq)
  • Re: how to secure my computer
    ... You can encrypt everything in IRC as ... well as in MSN, and there are ways to guarantee authenticity. ... which protocol you use to transmit your data. ... so they don't possibly have some ancient security problem. ...
    (comp.os.linux.security)