Re: detecting wireless access points

From: Security (security@mynetfutures.com)
Date: 03/06/02


Date: Wed, 06 Mar 2002 10:51:20 -0800
From: Security <security@mynetfutures.com>
To: Jon Erickson CCG <Jon.Erickson@caspiangroup.com>, Trevor <trevorsayle@attbi.com>, security-basics@securityfocus.com


    what is a MiM attack I have never seen this acronym before?

Thanks
Jayme
----- Original Message -----
From: "Jon Erickson CCG" <Jon.Erickson@caspiangroup.com>
To: "Trevor" <trevorsayle@attbi.com>; <security-basics@securityfocus.com>
Sent: Tuesday, March 05, 2002 4:11 PM
Subject: RE: detecting wireless access points

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> To once again quote David Weiss...
>
> "Yes, they do."
>
> In addition... Running VPN over unWEPed wireless still leaves every
> other network connection that is on the same segment as the wireless
> access point vulnerable. ARP poisoning attacks over wireless can
> provide some unexpected results. Even if you use WEP, most keys are
> vulnerable, leaving the same vulnerabilities open. VLAN your wireless
> network. VPN is not enough. (In addition, there is the potential for
> MiM attacks to your encrypted VPN traffic).
>
> - --
> Jon Erickson Cryptologist and Security Designer Caspian
> 415.974.7081 D49B 4561 1078 0A72 DDF3 7250 8EF4 4681 587E 41DD 1728748
>
> > -----Original Message-----
> > From: Trevor [mailto:trevorsayle@attbi.com]
> > Sent: Tuesday, March 05, 2002 8:58 AM
> > To: David@cawdgw.net; Marc Eiler (Volt); Hornat, Charles;
> > security-basics@securityfocus.com
> > Subject: Re: detecting wireless access points
> >
> >
> > Even if you had your setup as an AdHoc system running VPN over it?
> >
> >
> > ----- Original Message -----
> > From: <David@cawdgw.net>
> > To: "Trevor S" <trevorsayle@ATTBI.COM>; "Marc Eiler (Volt)"
> > <a-marcei@Exchange.Microsoft.com>; "Hornat, Charles"
> > <Charles_Hornat@standardandpoors.com>;
> > <security-basics@securityfocus.com>
> > Sent: Tuesday, March 05, 2002 4:02 AM
> > Subject: RE: detecting wireless access points
> >
> >
> > > Yes, they do.
> > >
> > > D. Weiss
> > > MCSE/CCNA/SSP2
> > >
> > >
> > > -----Original Message-----
> > > From: Trevor S [mailto:trevorsayle@ATTBI.COM]
> > > Sent: Monday, March 04, 2002 5:28 AM
> > > To: Marc Eiler (Volt); Hornat, Charles;
> > > security-basics@securityfocus.com
> > > Subject: Re: detecting wireless access points
> > >
> > >
> > > Do sniffers like AirSnort detect the MAC addresses of the
> > devices that
> > > are being used?
> > >
> > > On Thursday 28 February 2002 04:36 pm, Marc Eiler (Volt) wrote:
> > > > Depending on the brand of transceiver that you are using,
> > you may be
> > > > able to add all of the MAC addresses of the access points
> > that you
> > > > are using into the transceiver's DB. I used a Lucent WaveLAN
> > > > wireless network, and we were able to prevent anybody from
> > > > connecting unless we had entered the MAC address into our DB. I
> > > > realize that this doesn't address the question of "how do
> > I discover
> > > > if a rogue is connected", but this information may be
> > able to allow
> > > > you to not to have to worry about the need to detect rogue
> > > > connections.
> > > >
> > > > Virtually,
> > > > MarC Eiler
> > > >
> > > > -----Original Message-----
> > > > From: Hornat, Charles [mailto:Charles_Hornat@standardandpoors.com]
> > > > Sent: Friday, February 22, 2002 1:22 PM
> > > > To: security-basics@securityfocus.com
> > > > Subject: detecting wireless access points
> > > >
> > > > What is the best method to discover rogue wireless access
> > points on
> > > > your network? Other than the obvious, buy a laptop with
> > a wireless
> > > > card and search theory. Is there a network tool that
> > would detect a
> > > > wireless access point being plugged in?
> > > >
> > > > As a security administrator, I would like to have the ability to
> > > > know if a user has purchased an access point and plugged
> > it into my
> > > > network.
> > > >
> > > > Any thoughts are appreciated.
> > > >
> > > > mrcorp
> > > >
> > > >
> > > > ________________________________________________________________
> > > > The information contained in this message is intended
> > only for the
> > > > recipient, may be privileged and confidential and protected from
> > > > disclosure. If the reader of this message is not the intended
> > > > recipient, or an employee or agent responsible for
> > delivering this
> > > > message to the intended recipient, please be aware that any
> > > > dissemination or copying of this communication is strictly
> > > > prohibited. If you have received this communication in
> > error, please
> > > > immediately notify us by replying to the message and deleting it
> > > > from your computer.
> > > >
> > > > Thank you,
> > > > Standard & Poor's
> > >
> > >
> > >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPIVeoI70RoFYfkHdEQKXWwCgtYepLwP4ZCeAkycH4tD+1osdvxkAnR7f
> pAmOxNxMMEPuYuBag9scQCse
> =VWVz
> -----END PGP SIGNATURE-----