On Mon, 9 Jul 2001 ed.rolisonat_private wrote: > Correct me if I'm wrong, but IIRC wireless lans are effectively switched. > Each access point-NIC uses a separate encryption key (there are weaknesses > but...) Nope, this is not the case. WEP Encryption at the access-point to NIC requires a lot of overhead and effectively limits throughput at less than 2Mbps. Now, one could use a software IPSec client and do IPSec over the link, but most software clients promise no more than 128kbps throughput. An SSID can be utilized, but it's been my experience that it's not hard to find out what the SSID is, since in Win32 platforms it's listed in the clear in the hardware properties. Also, I've found it's generally the case that in a large wireless deployment, you will find at least one 802.11b access point that has been (mis)configured to broadcast SSID. > and thus the NIC only 'sees' traffic being directed at it. > It seems also that it's quite hard to get them to enter promiscuous mode for > similar reasons - if it's listening to all the traffic, then the > encryption breaks down. I assure you, based on my own experience, this is not the case. > You might have some joy, but the best I can see for collecting the datagrams > would be something like > a scanner (radio) interfaced to a computer. Of course, you still have to break > the encryption, but there > was an article posted to one of the securityfocus lists regarding 'weaknesses' > in WEP. Nope. With an IBM Thinkpad, Aironet 4800 PCMCIA NIC, OpenBSD and libpcap I wrote a very simple packet sniffer in C that I used to audit the wireless network at my previous employer. I then used dsniff and had no problems grabbing passwords out of the air for various different services. Althought I knew the SSID, I took the total outsider approach and learned the SSID by catching it via the broadcast. WEP was not used, because at the time, Aironet/Cisco could not get WEP to work properly. Regards, -- Joseph W. Shaw II Network Security Specialist/CCNA Unemployed. Will hack for food. God Bless. Apparently I'm overqualified but undereducated to be employed. -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 08:09:45 PDT