> Sorry to jump into the middle of this and I don't have > anything to offer > that is even close to the technical level you guys are > talking about but for > 802.11a/b networks why not just configure an access point > with the same SSID > and channel, plant a big ole' antenna (tm) on it and simply > over power the > real AP? Not an ongoing DoS but a pretty effictive short term > one I would > think. Indeed, that would be possible. However, if clients are configured with WEP, I don't think they will log on to an AP that has simply WEP turned off, they will simply fail in their attempt to authenticate to the AP with WEP. What you can do is, make a rogue AP, like simply a Linux computer that you configure as an AP. WEP doesn't define two-way authentication, i.e. the AP doesn't authenticate to the client. This is a big problem with WEP. Make your own AP software for linux that replies to all WEP authentication requests by a "password correct" message and all the clients will try to send their packets to your AP. You can simply discard the packets, creating an effective Denial of Service attack. I believe it is task group I of the 802.11 working group that is developing new security mechanisms for WLANs. There have been some good ideas on how to improve WEP or on what to come up as a successor for WEP, and all the technologies contain two-way authentication, so you can't just spoof the network name and pretend to be a real AP. TONI HEINONEN, CISSP TELEWARE OY Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321 Wireless +358 40 836 1815 Kauppakartanonkatu 7, 00930 Helsinki, Finland toni.heinonenat_private * www.teleware.fi
This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 08:18:08 PST