RE: WLAN

From: dgw (dgw@cawdgw.net)
Date: 12/06/01

Previous message: blitzkrieg: "Re: pix firewall and mail server"
In reply to: Thomas Ullrich: "WLAN"
Next in thread: Stefan Osterlitz: "RE: WLAN"
Next in thread: Ralph Chapman: "Re: WLAN"
Reply: Stefan Osterlitz: "RE: WLAN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "dgw" <dgw@cawdgw.net>
To: <security-basics@securityfocus.com>
Date: Thu, 6 Dec 2001 08:24:33 +0100

Besides the fact it's trivia to sniff and then spoof a MAC address AND
someone using that same sniffer can crack the WEP after about 400,000
packets (Maybe less) -- if you are running everyone through an IPSEC tunnel
over the air and have a set of firewalls between your 802.11b and your
security domain, you should be fine as long as you change your key on the
WEP every 200,000 packets or so.

This is definitely NOT something for sensitive data. And it can be sniffed
with the right equipment from distances MUCH MUCH greater than it's
operational distances.

Use Google and look for 802.11b exploits. There are a bunch of papers out
there, including ways to increase the sniffing distances with common, easy
and cheap stuff.

I use it at home for guests, but I can't think of a corporate setting that
I'd volunteer to use it and, if forced, they'd have to sign a statement
saying they understand the weaknesses and the extra man-hours necessary to
support it.

D. Weiss
CCNA/MCSE/SSP2

-----Original Message-----
From: Thomas Ullrich [mailto:ullrich@conti.de]
Sent: Tuesday, December 04, 2001 3:58 PM
To: Security-basics
Subject: WLAN

Hello everybody,

we made positive experiences with a "3COM access point
6000", which works according to 802.11b.

So far, I haven't heard any security doubts against this technology. The

most important issue during configuration of a WLAN seems to be to allow
only
registered MAC addresses or WLAN cards to join the network.

Are there any other points that should be considered when implementing
wireless LANs?

Thanks
Thomas

Previous message: blitzkrieg: "Re: pix firewall and mail server"
In reply to: Thomas Ullrich: "WLAN"
Next in thread: Stefan Osterlitz: "RE: WLAN"
Next in thread: Ralph Chapman: "Re: WLAN"
Reply: Stefan Osterlitz: "RE: WLAN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: WEP alternative
... > I believe netgear is "wireless"? ... Yeah WEP can be broken ... Yes, technically it requires a lot of packets, but for any network running ... > 3)Many of the slightly better quality APs support MAC address security ...
(Security-Basics)
Re: Whats the current status on WEP cracking?
... Some claim that WEP is/can be secured so that it is practically ... MAC filtering also doesn't work. ... addresses can be found from traffic on the network. ... but the tools require a certain number of packets. ...
(sci.crypt)
RE: WLAN
... >Besides the fact it's trivia to sniff and then spoof a MAC address ... >packets -- if you are running everyone through an IPSEC ... >WEP every 200,000 packets or so. ... >registered MAC addresses or WLAN cards to join the network. ...
(Security-Basics)
Re: Catalyst 4000 - Ciscos Response
... on a variety of factors such as Switch load and traffic patterns. ... Flooding packets ... database on the switch containing switch ports and the MAC addresses sourced ... Sniffer is on a different port than the workstation and servers. ...
(Bugtraq)
[UNIX] Bug in Linux 2.4 and IPTables MAC Match Module
... Bug in Linux 2.4 and IPTables MAC Match Module ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... perform NAT, mangle packets, and access custom extensions for packet ...
(Securiteam)