-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Penn Sent: Tuesday, June 25, 2002 11:33 AM To: [EMAIL PROTECTED] Subject: RE: Rogue Wireless LANs [7:47287]
You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel ----- Original Message ----- From: "Neil Borne" To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] > The problem that I am coming accross is that some of my customers take the > wireless gear outta the box and plug it in and when they figure that work > with factory defaults they leave it alone....then all of a sudden someone > pulls up in the front yard and starts snooping around. > > One thing you can do is WEP and depending on the vendor try some filtering > by mac, ssid, or protocol... > > > You will have do some serious lockdown measures when its a internal user as > opposed to outside users....... > > > But like the last email stated if things get bad use netstumbler but be > careful from the last I heard it works with only some wireless cards... > > > >From: "Patrick Donlon" > >Reply-To: "Patrick Donlon" > >To: [EMAIL PROTECTED] > >Subject: Rogue Wireless LANs [7:47287] > >Date: Mon, 24 Jun 2002 11:48:48 -0400 > > > >I've just found a wireless LAN set up by someone in the building, I found > >it > >by chance when I was checking something with a colleague from another dept. > >The WLAN has zero security which is not a surprise and lets the user into > >the main LAN in the site with a DHCP address served up too! Does anyone > >have > >any tips on preventing users and dept's who don't think about security from > >plugging whatever they like into the network, > > > >Cheers > > > >Pat > > > > > > > >-- > > > >email me on : [EMAIL PROTECTED] > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47406&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]