Re: Wireless Lans give EVERYONE ACCESS

From: Conal Darcy (hershat_private)
Date: Tue Aug 07 2001 - 19:28:36 PDT

  • Next message: Michael J. Cannon: "Re: CR II - winME? confirmation? (Slightly OT)"

    But can't you just set up a firewall to block any packets from the
    wireless device that claim they're coming from the loopback device
    (127.0.0.1)?
    
    My experience with wireless devices is minimal so I may be wrong.
    
    Conal Darcy
    hershat_private
    
    On Mon, 6 Aug 2001, Russell Handorf wrote:
    
    > Traditional authentication with wireless lan's consist of the following
    > simplified procedure:
    > 1). Wireless nic asks for an IP
    > 2). Base station checks to see if the MAC Address can be passed.
    > 3). If the authentication is successful then the DHCP server leases an IP
    > to the Wireless nic.
    >
    > Today, I have circumvented the MAC Address authentication method, and had
    > also sniffed successfully on a switched network with wireless stations on
    > it without authentication into the network.
    >
    > For sniffing onto a wireless network without a registered MAC Address AND
    > using WEP Encryption Methods:
    > 1). Set the MAC Address of the card to 127.0.0.1 and the Netmask to 255.255.0.0
    > 2). The card takes care of the rest. Just sit back and listen to the sounds
    > of the network (NOTE: There will NOT be any DNS RESOLVING and quite
    > possibly NO IP's will show up, only the computers MAC Addressed) (Double
    > NOTE: All you need is another machines MAC Address to start a
    > Man-in-the-Middle).
    >
    > For Getting an IP Address for Internet Connectivity:
    > First Method requires that you have already sniffed on the network for an
    > extended amount of time. Needed information is the IP Ranges, Netmask, and
    > Gateway of the Lan. All of this can be acquired through HUNT. All you do is
    > sift through the data generated, find an IP that hasn't sent any traffic
    > take it and configure the other things (such as Netmask and Gateway manually).
    >
    > Second method requires you to have physical access to the lan. Take a
    > hardwired nic and spoof it's MAC Address to that of the wireless nic's
    > address. Run a command like 'pump,' swap cards and you should be on the
    > network.
    >
    > The following instructions were executed on a Dell laptop with Redhat 7.0.
    > The Ethernet card that was used is a Xircom 10/100 56k Combo thingy and the
    > wireless lan card is a Lucent Technologies Wavelan Gold Turbo 128RC4.
    >
    > The base stations that these were tested on is a D-Link 1000AP, Orinoco
    > AP-1000 Access Point, Orinoco COR-1100, and Cisco Aironet 350 Series.
    >
    > Will someone else please confirm that this is successful?
    >
    >
    > Thanks
    >
    > Russ
    > ==================================
    > Russell Handorf
    > oooo, shiney ::Wanders after it::
    >
    > www.russells-world.com
    > www.inside-aol.com
    > www.terrorists.net
    > www.bad-mother-fucker.org
    > www.philly2600.net
    >
    > "Computer games don't affect kids, I mean if Pacman affected us as kids,
    > we'd all be running around in darkened rooms, munching pills and listening
    > to repetitive music." ~unknown
    > ==================================
    >
    



    This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:43:01 PDT