RE: Wireless Security

From: Steve Skoronski (skoronskiat_private)
Date: Thu Aug 16 2001 - 14:20:54 PDT

  • Next message: BOVO Marcelo DICAU: "RE: ipforwarding enabled, what can I do"

    Do you mean pretending to be an authorized access point to gain access to
    all of the clients? I guess if there is a trust relationship (NetBIOS for
    instance) then this would expose the clients as on a wired LAN, but you
    still need to authenticate on the network, using l0phtcrack can aid this. 
    
    Really though, what is the point when 90% of security architectures mandate
    that critical files be stored server side so that when you lose your laptop,
    critical info is not on it. 
    
    Here's an idea....get the WEP key (if it's even being used) and passively
    sniff to gain passwords. Then the fun begins.
    
    However, in a 'coffee-shop' environment your idea is sound. Many people in
    public places use these to send e-mail, even log in to the corporate VPN:) I
    hope these people are using personal firewalls and strong encryption. 
    
    Steve
    
    
    
    
    -----Original Message-----
    From: Wyatt Fradenburg [mailto:wy4ttat_private]
    Sent: Thursday, August 16, 2001 6:59 AM
    To: pen-testat_private
    Subject: Wireless Security
    
    
    Hello Everyone,
         My two cents, what about a attack that is using a access point to grab 
    the information from the wireless cards.  Then using a wireless card to 
    attack.  What are your thoughts about this?
    Dr. Wyatt R. Fradenburg
    Ph.D. Information Technogoly
    CCNA, CCDA, SCA, SCNA
    
    
    _________________________________________________________________
    Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    



    This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 11:31:22 PDT