And I would like to add a comment about something I took for granted. I assumed that a wireless sniffer couldn't see traffic if its MAC address was not on the list of MAC addresses at the access point. I thought it wouldn't be able to join the wireless network. I was wrong. It can see traffic (unless the traffic is WEP or LEAP encrypted, I would guess). The host running the sniffer can't actually use the access point to reach the wired network (because of the MAC access control lists) but it can still see packets on the wireless RF side.
I guess that makes sense, but it surprised me. One caveat: this testing was done with access control lists configured on a non-Cisco access point, so may not apply to a Cisco access point. Anyone know? (Also, it's a bit different from applying the access control lists on the wired switch which we were discussing. In that case, one wouldn't assume that there was any security on the wireless side, I guess.) Priscilla At 11:44 PM 11/15/01, Andras Bellak wrote: >I missed something in my last reply that some folks might not take for >granted - once you have sniffed the mac address of a wireless card, >changing your card to match is simple - I did it on a card integrated >into a notebook inside of 30 seconds - you set it in the GUI even. > >Andras > >-----Original Message----- >From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] >Sent: Thursday, November 15, 2001 7:10 PM >To: [EMAIL PROTECTED] >Subject: RE: Mac Address filtering on a 3512XL [7:26398] > > >Ken, this comes up regularly with customers who want to do wireless, as >if >wireless will solve some great problem of theirs. well, in the case of >my >customers, there are indeed some great vertical applications that make >this >a wonderful technology. but... > >yes, mac filtering is one way to provide some modicum of security. >spoofing >mac's is not the first thing that enters the hacker's mind, so I've >heard, >but I would not rely on any one method to ensure a secure net. remember >that >there are several "wireless sniffers" available, so mac information can >be >decoded, and later spoofed. > >some folks I have spoken with do a number of things, including WEP, >LEAP, >and IPSec or L2TP from the wireless end device into the network, end to >end. >some folks go so far as to encrypt everything on storage devices, so >that >even if the wireless authentication is broken, it does hacker no good. > >if your app is hand-held based these may not be options. then you are >back >to the mac filtering. still, you might want to think about upping to 128 >WEP >anyway. how concerned are you about the integrity and confidentiality of >the >data going over the wireless? more so or less so than if that same data >were >available via VPN across the internet or via dial up access? > >Chuck > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Ken Diliberto >Sent: Thursday, November 15, 2001 3:18 PM >To: [EMAIL PROTECTED] >Subject: Re: Mac Address filtering on a 3512XL [7:26398] > > >Yes, I do have a goal in mind. I just purchased some wireless equipment >and >would like to restrict the MAC addresses allowed in. 40 bit encryption >is >not good enough for the paranoid like me. It seems the network name is >advertised. To me, that security really sucks. > >Besides, it's another challenge. Next, maybe a VPN tunnel. :-) > >Ken > > >>> "Howard C. Berkowitz" 11/15/01 02:24PM >>> > >I am wanting to configure a mac-address filter on my switch but need >some > >help. Has anyone done this? > > > >Thanks. > > > >Ken > >Well, yes. But to coin a phrase, and to put it into a better context, >what problem are you trying to solve? I find people learn better >when they have a goal in mind, then look at configuration >alternatives and how they relate to the problem. > >Howard ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26516&t=26398 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
