Re: Rogue Wireless LANs [7:47287]
NetStumbler is good for War Driving and finding potential customers. And you don't have to hack or access someones network to do it. When you approach a potential customer that has an open access point, all that needs to be said is that you were doing a site survey for another customer in the area, building, etc. From the survey, you identified their system, and the appliaction also detected the lack of security. I think this is closer to driving down the street to see who leaves their doors open, rather than going to each house and seeing which closed doors are unlocked. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48182t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rogue Wireless LANs [7:47287]
I am not, by any stretch of the imagination, a lawyer ... however my understanding of the current interpretation of the laws applicable to WarDriving are that if the owner/operator does not make atleast some minimal effort to secure the transmissions then it is considered 'for public use'. So if the WAP is happily broadcasting it's SSID and no encryption is enabled ... OTOH, if you capture packets, crack a wep key and spoof a MAC you are putting forth effort to get into somewhere that has the proverbial No Entry sign. Similar to how, currently, a basic port scan against someone's machine is not illegal. It may violate your acceptable-use/subscription agreement/whatever and you may get a slap on the wrist or a nasty-gram from the lucky recipient, but AFAIK that is about as far as it goes ... until you actually attempt to launch an exploit against those services/ports. ... back to wardriving ... Simple Bandwidth Leeching is about all you could do without crossing any really bad lines, and even that is questionable - bandwidth is a company resource that they must provision, pay for, etc. and you are depriving them of the use of it. Obviously, if you do any of this and then proceed maliciously into their network, or pose as a member of that firm, etc. you are _at_that_point_ definitively violating the law and deserve whatever befalls you ;) Again - that is my understanding of the current laws/policies/interpretations. Corrections always accepted ... Thanks! TJ -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: RE: Rogue Wireless LANs [7:47287] At 2:26 PM -0400 6/26/02, Dan Penn wrote: I think the take the company would take on it would depend highly on how worried they are about security. If they have a well written security policy I think you would be in for some arguments from their legal department. On the other hand what if it's a company that doesn't even know that employee Joe Schmoe has installed a WAP under his desk running 802.11 unsecured to world...I think in that situation they might be interested to hear what you have to say. Over all this whole deal is very cloudy to say the least. What legal rights does a company have if they are broadcasting wireless unsecured...it is like throwing money into the air then trying to arrest someone if they take it. No, there really are very specific rules for electromagnetic emissions, beginning with the (US) Communications Act of 1934. Essentially, it says that any signals not explicitly meant for public broadcast may be intercepted, but that disclosure of the content to third parties is illegal. This is enforced by the Federal Communications Commission, which is the US agency that regulates, among other things, the use of spectrum space, and the licensing (when required) of parts of the spectrum. There certainly are blurred areas, such as disclosing statistical aggregates that do not reveal content, or intercepting communications by other than the primary signal (i.e., eavesdropping through incidental radiation, power line coupling, etc.). In general, though, the law is much more clear about hacking involving the electromagnetic spectrum in free space than it is on entering computers. It's an old well known fact you don't say welcome in your motd banner because you welcomed the intruder in. You could say, you didn't know that you were unauthorized because you could connect to it from somewhere not on their property and you were never warned that you were unauthorized. I'm not saying you would win the legal battle...but there would most likely be a legal battle over it. I am interested to know the outcome if anybody does actually try this and approaches the company about it. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ken Diliberto Sent: Wednesday, June 26, 2002 11:04 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Agreed. This could be a big legal trap. If you use something like Network Stumbler, you're not actually using their network. You're just seeing the broadcasts from it. Maybe that would be a good approach. Ken Thomas E. Lawrence 06/25/02 11:09AM I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom [snip
RE: Rogue Wireless LANs [7:47287]
At 6:35 AM -0400 6/27/02, Evans, TJ wrote: I am not, by any stretch of the imagination, a lawyer ... however my understanding of the current interpretation of the laws applicable to WarDriving are that if the owner/operator does not make atleast some minimal effort to secure the transmissions then it is considered 'for public use'. So if the WAP is happily broadcasting it's SSID and no encryption is enabled ... OTOH, if you capture packets, crack a wep key and spoof a MAC you are putting forth effort to get into somewhere that has the proverbial No Entry sign. Similar to how, currently, a basic port scan against someone's machine is not illegal. It may violate your acceptable-use/subscription agreement/whatever and you may get a slap on the wrist or a nasty-gram from the lucky recipient, but AFAIK that is about as far as it goes ... until you actually attempt to launch an exploit against those services/ports. The difference here is that the first case uses electromagnetic spectrum and the second doesn't. Electromagnetic spectrum use is more regulated. Let's put it this way--people have been successfully prosecuted for disclosing the content of unencrypted cellular or other radio communications. Now, if you didn't disclose the information, or use it to penetrate, you probably would be OK. That's the basis of the legality of such things as short wave listening. It's specifically illegal to disclose it to a third party. The lawyers could have fun arguing whether you are the third party disclosing to one of the parties to the communication. Actually, if a broadcaster wants to be public access, they generally must positively register as such with the FCC. A public broadcaster actually has more regulatory requirements, such as outage reporting. There may also be issues of ownership and monopoly within a given market area. ... back to wardriving ... Simple Bandwidth Leeching is about all you could do without crossing any really bad lines, and even that is questionable - bandwidth is a company resource that they must provision, pay for, etc. and you are depriving them of the use of it. Obviously, if you do any of this and then proceed maliciously into their network, or pose as a member of that firm, etc. you are _at_that_point_ definitively violating the law and deserve whatever befalls you ;) Again - that is my understanding of the current laws/policies/interpretations. Corrections always accepted ... Thanks! TJ -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: RE: Rogue Wireless LANs [7:47287] At 2:26 PM -0400 6/26/02, Dan Penn wrote: I think the take the company would take on it would depend highly on how worried they are about security. If they have a well written security policy I think you would be in for some arguments from their legal department. On the other hand what if it's a company that doesn't even know that employee Joe Schmoe has installed a WAP under his desk running 802.11 unsecured to world...I think in that situation they might be interested to hear what you have to say. Over all this whole deal is very cloudy to say the least. What legal rights does a company have if they are broadcasting wireless unsecured...it is like throwing money into the air then trying to arrest someone if they take it. No, there really are very specific rules for electromagnetic emissions, beginning with the (US) Communications Act of 1934. Essentially, it says that any signals not explicitly meant for public broadcast may be intercepted, but that disclosure of the content to third parties is illegal. This is enforced by the Federal Communications Commission, which is the US agency that regulates, among other things, the use of spectrum space, and the licensing (when required) of parts of the spectrum. There certainly are blurred areas, such as disclosing statistical aggregates that do not reveal content, or intercepting communications by other than the primary signal (i.e., eavesdropping through incidental radiation, power line coupling, etc.). In general, though, the law is much more clear about hacking involving the electromagnetic spectrum in free space than it is on entering computers. It's an old well known fact you don't say welcome in your motd banner because you welcomed the intruder in. You could say, you didn't know that you were unauthorized because you could connect to it from somewhere not on their property and you were never warned that you were unauthorized. I'm not saying you would win the legal battle...but there would most likely be a legal battle over it. I am interested to know the outcome if anybody does actually try this and approaches the company about it. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ken Diliberto Sent: Wednesday, June 26, 2002 11:04 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless
Re: Rogue Wireless LANs [7:47287]
Agreed. This could be a big legal trap. If you use something like Network Stumbler, you're not actually using their network. You're just seeing the broadcasts from it. Maybe that would be a good approach. Ken Thomas E. Lawrence 06/25/02 11:09AM I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47488t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rogue Wireless LANs [7:47287]
I think the take the company would take on it would depend highly on how worried they are about security. If they have a well written security policy I think you would be in for some arguments from their legal department. On the other hand what if it's a company that doesn't even know that employee Joe Schmoe has installed a WAP under his desk running 802.11 unsecured to world...I think in that situation they might be interested to hear what you have to say. Over all this whole deal is very cloudy to say the least. What legal rights does a company have if they are broadcasting wireless unsecured...it is like throwing money into the air then trying to arrest someone if they take it. It's an old well known fact you don't say welcome in your motd banner because you welcomed the intruder in. You could say, you didn't know that you were unauthorized because you could connect to it from somewhere not on their property and you were never warned that you were unauthorized. I'm not saying you would win the legal battle...but there would most likely be a legal battle over it. I am interested to know the outcome if anybody does actually try this and approaches the company about it. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ken Diliberto Sent: Wednesday, June 26, 2002 11:04 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Agreed. This could be a big legal trap. If you use something like Network Stumbler, you're not actually using their network. You're just seeing the broadcasts from it. Maybe that would be a good approach. Ken Thomas E. Lawrence 06/25/02 11:09AM I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47497t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rogue Wireless LANs [7:47287]
At 2:26 PM -0400 6/26/02, Dan Penn wrote: I think the take the company would take on it would depend highly on how worried they are about security. If they have a well written security policy I think you would be in for some arguments from their legal department. On the other hand what if it's a company that doesn't even know that employee Joe Schmoe has installed a WAP under his desk running 802.11 unsecured to world...I think in that situation they might be interested to hear what you have to say. Over all this whole deal is very cloudy to say the least. What legal rights does a company have if they are broadcasting wireless unsecured...it is like throwing money into the air then trying to arrest someone if they take it. No, there really are very specific rules for electromagnetic emissions, beginning with the (US) Communications Act of 1934. Essentially, it says that any signals not explicitly meant for public broadcast may be intercepted, but that disclosure of the content to third parties is illegal. This is enforced by the Federal Communications Commission, which is the US agency that regulates, among other things, the use of spectrum space, and the licensing (when required) of parts of the spectrum. There certainly are blurred areas, such as disclosing statistical aggregates that do not reveal content, or intercepting communications by other than the primary signal (i.e., eavesdropping through incidental radiation, power line coupling, etc.). In general, though, the law is much more clear about hacking involving the electromagnetic spectrum in free space than it is on entering computers. It's an old well known fact you don't say welcome in your motd banner because you welcomed the intruder in. You could say, you didn't know that you were unauthorized because you could connect to it from somewhere not on their property and you were never warned that you were unauthorized. I'm not saying you would win the legal battle...but there would most likely be a legal battle over it. I am interested to know the outcome if anybody does actually try this and approaches the company about it. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ken Diliberto Sent: Wednesday, June 26, 2002 11:04 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Agreed. This could be a big legal trap. If you use something like Network Stumbler, you're not actually using their network. You're just seeing the broadcasts from it. Maybe that would be a good approach. Ken Thomas E. Lawrence 06/25/02 11:09AM I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47510t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47373t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47387t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Pat, The 8th layer policy idea is good. I would take that one step further, after checking with your legal department to make sure they don't have a problem with it and that it's airtight: In addition to the disciplinary action up to and including termination clause, incorporate in company policy a clause something like this: Any personal computer or networking equipment that is plugged into company infrastructure without explicit approval is forfeit and becomes the property of the company. This is particularly effective if your policies include a statement that those who agree to it also agree to any future revisions of said policy. As for a technical way to stop it ... shutdown all unused switchports, or assign them to a VLAN that goes nowhere. You'd still need to check for rogue equipment -- someone could set up their machine with two NICs, hang an AP off one of them, and make it work with address translation. Thanks, Shawn Patrick Donlon wrote: Thanks Chris, I was thinking more about securing the switch ports by authenticating mac's (probably a bit OTT) or using SNMP to check for new devices, any other ideas? I've already set up a wireless LAN here with WEP with authentication on an ACS server, which is a waste of time when you have people setting up there own kit, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47391t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Thanks for all the good info about wireless security. I have one philosophical comment, one semi-technical comment, and one question: Philosophical: It amazes me that companies (especially small companies) don't want to hear about their security vulnerabilities. I see that a lot too. It means your business plan will have to include a lot of up front salesy type stuff to convince people that they really have a problem. Semi-technical: As you mentioned, WEP is quite crackable. Some people in the industry are outraged that the IEEE let it out the door. See this good WEP FAQ from UC Berkeley: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html Question: Is Cisco's LEAP better than WEP? Does it have the same purpose but without some of the issues? I should know this, but I don't use Cisco for wireless (shame, shame). Thanks for all your excellent advice. Priscilla At 12:02 PM 6/25/02, Stephen Manuel wrote: Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http
RE: Rogue Wireless LANs [7:47287]
You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47397t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
I attended a Cisco Wireless update last month and came out of it with this information. Their updated WEP provides dynamic keys now. It is still crackable, but by the time it is cracked the key has regenerated. Also the keys are no longer hard coded into the device, since they are dynamic. __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47400t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does
RE: Rogue Wireless LANs [7:47287]
You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan I'd get some legal advice, or at least talk to the FCC, about whether this would be a violation of the Communications Act of 1934. I _think_ it would be OK as long as you didn't disclose message content. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47407t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Rogue Wireless LANs [7:47287]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Penn Sent: Tuesday, June 25, 2002 11:33 AM To: [EMAIL PROTECTED] Subject: RE: Rogue Wireless LANs [7:47287] You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47406t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure
Re: Rogue Wireless LANs [7:47287]
Question: Is Cisco's LEAP better than WEP? Does it have the same purpose but without some of the issues? I should know this, but I don't use Cisco for wireless (shame, shame). It's not that it's better than WEP, it just provides reasonably secure authentication and a bandaid for WEP's security issues. Using LEAP or EAP-TLS provides a dynamic unicast WEP key. If you specify RADIUS attribute 27 (Session-Timeout) then the connection will be cut after that many seconds. When it reauthenticates, a new WEP key is in place. Thanks, Shawn Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47413t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
the question is would you as the messenger be the one who is shot? in a rational world, your idea is great. in a world where people either 1) don't want to be bothered or 2) have a strong desire to cover up any mistakes they may have made you might want to carefully consider the wisdom of your plan. Ironic, isn't it. You want to do some good, and you have to consider that some people might want to punish you for it. I think they call it the no good deed goes unpunished syndrome. A variant of Murphy's Law. Chuck Stephen Manuel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Tom, I'm not speaking jest, I have used netstumbler to find wireless networks that are wide open, some are in major companies. However, I turn off my client manager before I go wardriving, that way I don't accidentially connect to someone's network without authorization. I can't see how this is considered hacking. When I initially approached the 3 companies I mentioned earlier, I had a developed a 3-page document on the ease of implementation of wireless networks and the inherit security risks associated with wireless networks. I didn't mention to any of the 3 that I had already detected their networks and how wide open they really were. I am toying with the idea of sending specific information to them about their wireless networks, like the MAC address of the AP, the SSID, the network name, the exact location on a map of the AP, the manufacturer of the AP, if WEP is turned on, plus if I really want to get serious I could tell them if the AP is issuing IP addresses via DHCP and their network settings if it is. The question I have is, would the company be happy to know that they have security holes and were alerted to it, would they threaten me by calling law enforcement, or would they ignore me as a nut or go and fix the problem without hiring me to do it for them. I was simply amazed at the shear number of AP's out there and how many were in businesses wide open. Stephen Manuel - Original Message - From: Thomas E. Lawrence To: Sent: Tuesday, June 25, 2002 2:09 PM Subject: Re: Rogue Wireless LANs [7:47287] I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much s
Re: Rogue Wireless LANs [7:47287]
At 3:21 PM -0400 6/25/02, Stephen Manuel wrote: Tom, I'm not speaking jest, I have used netstumbler to find wireless networks that are wide open, some are in major companies. However, I turn off my client manager before I go wardriving, that way I don't accidentially connect to someone's network without authorization. I can't see how this is considered hacking. In general, the US Communications Act of 1934, as amended, makes illegal the disclosure to a third party of any electromagnetic traffic you have received, assuming the transmission is not intended for the public. Obviously, it gets a little blurry when you are disclosing the communication to its originator, but I still would be very careful here. When I initially approached the 3 companies I mentioned earlier, I had a developed a 3-page document on the ease of implementation of wireless networks and the inherit security risks associated with wireless networks. I didn't mention to any of the 3 that I had already detected their networks and how wide open they really were. I am toying with the idea of sending specific information to them about their wireless networks, like the MAC address of the AP, the SSID, the network name, the exact location on a map of the AP, the manufacturer of the AP, if WEP is turned on, plus if I really want to get serious I could tell them if the AP is issuing IP addresses via DHCP and their network settings if it is. I could see this part, fairly easily, as something an aggressive member of law enforcement considering a violation. The law is less than ideally clear here. People certainly have sued successfully for invasion of privacy when someone gets on a ladder and photographs over a fence, but the courts have also stated that the role of celebrity waives some parts of an expectation of privacy. Nevertheless, I wouldn't even think of doing this without getting legal advice, and also possibly discussing it first with local law enforcement (including the nearest FBI office with a technical group). The question I have is, would the company be happy to know that they have security holes and were alerted to it, would they threaten me by calling law enforcement, or would they ignore me as a nut or go and fix the problem without hiring me to do it for them. It's a tossup. In the present concern over both surveillance and terrorism, I wouldn't want to deal with explaining it to less than technically significant law enforcement. I was simply amazed at the shear number of AP's out there and how many were in businesses wide open. Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47438t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47288t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
It's only a matter of time. It's bad enough they can buy their own servers and switches down at CompUSA and set up situations that can bring your network down while spanning tree runs.. 1) does your employer have a written security policy in place? Will your management enforce such a policy if it does exist? 2) would a demonstration to senior management about how easily anyone can get into the company net help? Especially if it were done from the Visitors Parking Lot? 3) is it just easier to take on the responsibility for these kinds of rogue operations by initiating the practices recommended by others who have responded? meaning configuring the WAP's, installing the appropriate software on the wireless client machines, etc? not to mention the inevitable troubleshooting, and listening to and having to do something about the inevitable complaints about slow network? best of luck. long experience suggests that in the end, whoever set up this rogue net will win any argument you may have. Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47291t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
What about restricting DHCP based on MAC Address. Problem is a lot more administration. --- Patrick Donlon wrote: I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47292t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Thanks Chris, I was thinking more about securing the switch ports by authenticating mac's (probably a bit OTT) or using SNMP to check for new devices, any other ideas? I've already set up a wireless LAN here with WEP with authentication on an ACS server, which is a waste of time when you have people setting up there own kit, Cheers Pat -- email me on : [EMAIL PROTECTED] chris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47293t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Don't know if you know about this or not, but NetStumbler is a good freeware (begware) app for finding those rogue wireless apps that you might not know about. Check them out at: http://www.netstumbler.org/ What about restricting DHCP based on MAC Address. Problem is a lot more administration. --- Patrick Donlon wrote: I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47294t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
When we find access points like that, we disable the switch port they connect to. We are using Network Stumbler to find rogue access points. Works well and it's free. Ken Patrick Donlon 06/24/02 08:48AM I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47296t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
At 11:54 AM 6/24/02, chris wrote: WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's supposed to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47303t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Sorry misread the question, best option is to disable unused swithcports and resric them to mac, like you were mentioning. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks Chris, I was thinking more about securing the switch ports by authenticating mac's (probably a bit OTT) or using SNMP to check for new devices, any other ideas? I've already set up a wireless LAN here with WEP with authentication on an ACS server, which is a waste of time when you have people setting up there own kit, Cheers Pat -- email me on : [EMAIL PROTECTED] chris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47305t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rogue Wireless LANs [7:47287]
Ah the old eighth layer. Policy policy policy = termination termination termination. Usually the first one to go gets the point across to the other folks. ; -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 1:27 PM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] At 11:54 AM 6/24/02, chris wrote: WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's supposed to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47306t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
- Original Message - From: Priscilla Oppenheimer To: Sent: 24 June 2002 2:26 pm Subject: Re: Rogue Wireless LANs [7:47287] At 11:54 AM 6/24/02, chris wrote: WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Those problems might constitute an instance where the plaintext authentication mechanisms that modern routing protocols support could serve a purpose other than RFC-2223 compliance. Their use generally don't provide an adequate level of security, but they might provide enough of an obstacle to deter some of the end-users bent on bringing the network down via their participation on (in?) it. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's supposed to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47343t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]