Re: wireless help

From: Patoff Pat-EtHiQ (patoff22_at_hotmail.com)
Date: 10/03/03

  • Next message: MacDougall, Shane: "RE: Would you bet your life on your security?"
    To: security-basics@securityfocus.com
    Date: Fri, 03 Oct 2003 21:55:09 +0000
    
    

    I've already found a program (software, not free...) that you could map your
    house/office with it, and it check where every user is on the wirelessLan,
    if someone, who is wardriving or, is not in the restricted area he wont be
    able to connect trought the server.

    With some Mac and ip list restrict to your user only, it could be a good
    mix.

    and like its say below, security on the server dhcp and other services is
    the best way, if the attacker as an ip and a mac but cant use any services
    on the lan, well its useless ... ;)

    But i dont know if someone talk about it, but if an attacker has a Mac and
    ip of a user already connect and he as a Better signal and he is closer than
    the victim, the victim, is out, and the attacker can get is connection. this
    way i dont know how to secure...

    Pat
    www.pyrofreak.org

    >Just my little something...
    >Tomas
    Though presumably an attacker could spoof a MAC address which you have
    listed as valid, no? Simply by passively sniffing, he could gain a valid IP
    *and* MAC, and use both.

    Even if you were to require user authentication, and time out inactive
    sessions, he could concievably hijack an active session, so long as the
    legit client doesn't do anything when it recieves responses to connections
    it's never made (I suspect a Windows machine with a personal firewall like
    ZoneAlarm would behave in this way, failing to terminate connections
    initiated by the attacker in its name). So a hijacker could probably grab an
    active connection for the duration of its activity, or even keep it active
    after it's been abandoned. The only real foolproof way to prevent this would
    be encryption like VPN or IPSec, I suspect. Which is certainly overkill or
    simply unfeasable for many installations.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    _________________________________________________________________
    MSN Search, le moteur de recherche qui pense comme vous !
    http://fr.ca.search.msn.com/

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: MacDougall, Shane: "RE: Would you bet your life on your security?"

    Relevant Pages

    • Re: About War Driving ..
      ... However, MAC filtering does not qualify as defense in depth, ... because the attacker can spoof a valid IP address. ... broadcasting the SSID doesn't hide a network, but just makes it show up ... machines in your building that you can control and check the MAC ...
      (Security-Basics)
    • Re: A new Mac
      ... I made up my mind and have bought a new 20" iMac computer ... & have you got the Mac Version of the DOSH/MTOB Accounts Package ... But a lot will depend on what sort of Internet Connection you have. ... (or whether it's an ADSL Connection or a Cable Modem Connection)... ...
      (uk.people.silversurfers)
    • Re: More on caching and logging
      ... Please point to a citation of where, exactly, Apple said any such thing. ... PPC machines are still the majority of Macs, ... By the end of the first year I had that machine, ... single-button, and the connection was still proprietary, but the ADB ...
      (comp.sys.mac.system)
    • Re: Connect Powerbook G4 (OS X 10.4.10) to SBS2003
      ... I was able to make the VPN connection from the Powerbook, ... This is probably due because I am not logged into the server from ... Also on this machine is a version of MS Office for Mac ...
      (microsoft.public.windows.server.sbs)
    • Network Bridging & MAC Address Filtering Help?
      ... DLink DI-624 wireless router. ... ZoneAlarm Pro and XP's Internet Connection Firewall is ... My issue is that I wish to enable MAC Address Filtering. ... is because the MAC address for the BRIDGE is ...
      (microsoft.public.windowsxp.network_web)