Re: Wireless Lans give EVERYONE ACCESS

From: diphenat_private
Date: Mon Aug 06 2001 - 16:46:38 PDT

  • Next message: Russell Handorf: "Re: Wireless Lans give EVERYONE ACCESS"

    Perhaps I'm on crack, but I've never encountered a MAC address of the
    format "127.0.0.1". That is typically known as an IP address. A MAC
    address is the physical ethernet address of the card. It typically has a
    format like:
    
    ether 00:d0:09:1e:be:04
    
    While some cards allow you to change the MAC address, and this is
    certainly a problem for networks which use MAC-based authentication, I
    don't think that's what you were doing.
    
    -gabe
    
    On Mon, Aug 0 , 2001 at 05:21:08PM -0400, Russell Handorf wrote:
    > Traditional authentication with wireless lan's consist of the following 
    > simplified procedure:
    > 1). Wireless nic asks for an IP
    > 2). Base station checks to see if the MAC Address can be passed.
    > 3). If the authentication is successful then the DHCP server leases an IP 
    > to the Wireless nic.
    > 
    > Today, I have circumvented the MAC Address authentication method, and had 
    > also sniffed successfully on a switched network with wireless stations on 
    > it without authentication into the network.
    > 
    > For sniffing onto a wireless network without a registered MAC Address AND 
    > using WEP Encryption Methods:
    > 1). Set the MAC Address of the card to 127.0.0.1 and the Netmask to 255.255.0.0
    > 2). The card takes care of the rest. Just sit back and listen to the sounds 
    > of the network (NOTE: There will NOT be any DNS RESOLVING and quite 
    > possibly NO IP's will show up, only the computers MAC Addressed) (Double 
    > NOTE: All you need is another machines MAC Address to start a 
    > Man-in-the-Middle).
    > 
    > For Getting an IP Address for Internet Connectivity:
    > First Method requires that you have already sniffed on the network for an 
    > extended amount of time. Needed information is the IP Ranges, Netmask, and 
    > Gateway of the Lan. All of this can be acquired through HUNT. All you do is 
    > sift through the data generated, find an IP that hasn't sent any traffic 
    > take it and configure the other things (such as Netmask and Gateway manually).
    > 
    > Second method requires you to have physical access to the lan. Take a 
    > hardwired nic and spoof it's MAC Address to that of the wireless nic's 
    > address. Run a command like 'pump,' swap cards and you should be on the 
    > network.
    > 
    > The following instructions were executed on a Dell laptop with Redhat 7.0. 
    > The Ethernet card that was used is a Xircom 10/100 56k Combo thingy and the 
    > wireless lan card is a Lucent Technologies Wavelan Gold Turbo 128RC4.
    > 
    > The base stations that these were tested on is a D-Link 1000AP, Orinoco 
    > AP-1000 Access Point, Orinoco COR-1100, and Cisco Aironet 350 Series.
    > 
    > Will someone else please confirm that this is successful?
    > 
    > 
    > Thanks
    > 
    > Russ
    > ==================================
    > Russell Handorf
    > oooo, shiney ::Wanders after it::
    > 
    > www.russells-world.com
    > www.inside-aol.com
    > www.terrorists.net
    > www.bad-mother-fucker.org
    > www.philly2600.net
    > 
    > "Computer games don't affect kids, I mean if Pacman affected us as kids, 
    > we'd all be running around in darkened rooms, munching pills and listening 
    > to repetitive music." ~unknown
    > ==================================
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 19:31:01 PDT