RE: Wireless Lans give EVERYONE ACCESS

From: Jonas Thambert (JonasTat_private)
Date: Tue Aug 14 2001 - 02:30:54 PDT

  • Next message: Tamer Sahin: "tamersahin.net Code Red Cleaner v1.0"

    If you run the WLAN station with POOL-NAT the attacker can still
    DOS the VPN authentication service, but it wont be able to reach the 
    other clients on the WLAN since the VPN clients can be configured to
    only send and recieve traffic through the encrypted tunnel.
    
    The "allowed MAC addresses" feature of the basestation 
    prevents the flooding of the station itself, even though 
    its quite easily hacked.
    
    
    
    jonas
    
    
    
    -----Original Message-----
    From: dgillettat_private [mailto:dgillettat_private] 
    Sent: den 14 augusti 2001 01:14
    To: VULN-DEVat_private; bugtraqat_private
    Subject: RE: Wireless Lans give EVERYONE ACCESS
    
    
      VPN makes it possible to assure yourself that only legitimate users 
    are coming in through your wireless network to reach your trusted 
    servers, etc.
    
      However, it seems likely to me that a hostile operative could, 
    without successfully authenticating to the VPN, still swamp your 
    wireless access points with traffic.  Paradoxically, this DoS attack 
    may actually require the attacker to be physically nearby....
    
    David Gillett
    
    
    On 13 Aug 2001, at 13:35, Jonas Thambert wrote:
    
    > ofcourse anti virii/p.firewall protection is a must. Setting up 
    > anti-spoof protection is also regular sysadmin duty, even if its not a 
    > WLAN interface.
    > 
    > anyway the only usage for WLAN as I see it is in combination with VPN.
    > 
    > http://www.cs.rice.edu/~astubble/wep/wep_attack.html
    > 
    > jonas
    



    This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 08:24:35 PDT