If you run the WLAN station with POOL-NAT the attacker can still DOS the VPN authentication service, but it wont be able to reach the other clients on the WLAN since the VPN clients can be configured to only send and recieve traffic through the encrypted tunnel. The "allowed MAC addresses" feature of the basestation prevents the flooding of the station itself, even though its quite easily hacked. jonas -----Original Message----- From: dgillettat_private [mailto:dgillettat_private] Sent: den 14 augusti 2001 01:14 To: VULN-DEVat_private; bugtraqat_private Subject: RE: Wireless Lans give EVERYONE ACCESS VPN makes it possible to assure yourself that only legitimate users are coming in through your wireless network to reach your trusted servers, etc. However, it seems likely to me that a hostile operative could, without successfully authenticating to the VPN, still swamp your wireless access points with traffic. Paradoxically, this DoS attack may actually require the attacker to be physically nearby.... David Gillett On 13 Aug 2001, at 13:35, Jonas Thambert wrote: > ofcourse anti virii/p.firewall protection is a must. Setting up > anti-spoof protection is also regular sysadmin duty, even if its not a > WLAN interface. > > anyway the only usage for WLAN as I see it is in combination with VPN. > > http://www.cs.rice.edu/~astubble/wep/wep_attack.html > > jonas
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 08:24:35 PDT