On Mon, Feb 11, 2002 at 11:44:50PM -0500, Jason Costomiris wrote:
> On Mon, Feb 11, 2002 at 08:13:22PM -0800, David Talkington wrote:
> : Chad and Doria Skinner wrote:
> :
> : >1. Setup DHCP to only assign IPs to specific MAC Addresses
> :
> : Wrong already. MAC addresses are under client control. You can
> : assign a different one to your network card with ifconfig (if the
> : driver can handle that). Try it. :-)
> Now before you immediately discount that, remember that a would-be
> attacker would need to know the MAC address of an *authorized* client.
> Any by the way - MAC addresses aren't always under the control of the user
> when we're talking about WLAN cards.
1) Which they can sniff from the air. This is TRIVIAL. You can
do this without even needing to put the card in RF Monitor mode.
2) Which can be extrapolated / deduced... When sniffing a large
network, if you see four mac addresses in sequence (or with a hole or
two) chances are really REALLY good you will find adjoining (contained)
ones are authorized. We have ordered "batches" of cards that were
over 90% sequencial on a regular basis.
3) Which can be "brute forced". Once you know the small domain
where the authorized MAC addresses lie (they are often clustered around
vendors, models, and batches) guessing becomes pretty damn easy. How
many "MAC ACL" limited wireless networks have a minimum of 10,000
dispersion (no two cards are closer than 10,000 apart in MAC)? It
would be simple to guess through 10,000 MAC addresses. Just fire
off 10,000 hand crafted dhcp requests and see what responses you get
back with the card in promiscuous mode.
> It's not what I'd call great security, but it's definitely a part of
> a reasonable WLAN security plan. That, coupled with strong authentication,
> strong encryption (i.e. NOT WEP!) and physical separation from the wired
> LAN would result in a good policy.
MAC addresses are not encrypted and easily discerned. They have
no part in hardened security.
> Remember, wired LAN jacks aren't magically secure either. How many times
> do you see sites that just have jacks all over the place patched in? All
> the time! Ok, so I want to infiltrate your building. No problem, I'll get
> a job on your cleaning staff, or with the company that cleans your building.
> That gives me nearly open access during off-hours. I'd plant a laptop
> on your network. Or, how about instead, I plant a wireless access point?
> Now I'll hack you from your parking lot.
> Properly deployed, WLAN can be just as secure, or MORE secure than wired
> LAN technology.
No. When identical technology (vpn, encryption, authentication,
etc) are applied to both, there is nothing in wireless technology which
increases security, so it can never be "MORE" secure that the equivalent
wired technology.
> --
> Jason Costomiris <>< | Technologist, geek, human.
> jcostom {at} jasons {dot} org | http://www.jasons.org/
> Quidquid latine dictum sit, altum viditur.
> My account, My opinions.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
