> Date: Wed, 16 Mar 2005 17:29:53 +
> From: "Konstantin V. Gavrilenko" <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Wi-fi. Approaching
> customers
> To: Ryan Sumida <[EMAIL PROTECTED]>,
> full-disclosure@lists.grok.org.uk
> Message-ID: <
ll-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] Wi-fi. Approaching customers
>
> Just making a wild guess here, but - if I were going to
> implement something like this, I'd think to use a rough sort
> of triangulation.
> Put access points outside the building,
What a great possibilities for remote dos.
Just imagine what would happen to a finely tuned network, when attacker starts
cloning the mac addresses :)
--
Respectfully,
Konstantin V. Gavrilenko
Arhont Ltd - Information Security
web:http://www.arhont.com
http://www.wi-foo.com
e-mail: [E
According to the sales engineer that
came in, a directional antenna / amp would not fool the system on where
your location is. I think it is using a combination of triangulation
along with the RF fingerprint to calculate where you are.
--Ryan
[EMAIL PROTECTED] wrote on
03/15/2005 05:08:19 PM:
I don't think it is based on MAC. That
would be too easy to spoof.
Ron DuFresne <[EMAIL PROTECTED]> wrote
on 03/15/2005 05:20:26 PM:
>
>
> From what little I read on their site, it seems to be a radius auth
mech
> based upon MAC addresses.
>
> Thanks,
>
> Ron DuFresne
>
>
> On Tue, 15
But wouldn't you need to know where
the sensors are located? If they are passive and never send out traffic
how would you find them aside from social engineering?
Ryan
[EMAIL PROTECTED] wrote on
03/16/2005 08:25:53 AM:
>
> Just making a wild guess here, but - if I were going to implement
> so
They didn't use a GPS in our live demonstration.
From what I understand the US army sent out an RFP to secure WiFi
on their bases and Newbury Networks won. Maybe you can find an article
on them that can explian more of this than I can.
--Ryan Sumida
[EMAIL PROTECTED] wrote on
03/15/2005 09:0
I am no Wi-Fi expert by any means but
I will try to convey what they told me in layman terms. Their product
uses passive sensors that basically just listen for any kind of WiFi traffic.
Using the signal strength, attenuation, and some other attributes,
their algorithm creates an RF fingerprint f
disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Wi-fi. Approaching customers
Just making a wild guess here, but - if I were going to implement
something like this, I'd think to use a rough sort of triangulation.
Put access points outside the building, but don't use them to grant
I guess you could only meaningfully compare signal strengths as seen at
different points, as at light speed the delays wouldn't be measurable
with any sort of accuracy. (If you could measure the delays you'd be in
great shape - that was used in WWI to pick out the location of gun
batteries, just
Actually it was a live setup. It
was a live demonstration of their product and not a pretty little powerpoint
presentation. They brought in 1 sensor and an AP to calibrate the
room. Usually you would use 3 to 4 sensors in a production environment
but this was just a demonstration and they had l
Just making a wild guess here, but - if I were going to implement
something like this, I'd think to use a rough sort of triangulation.
Put access points outside the building, but don't use them to grant
network access, only to compare the signal strength of transmissions you
pick up on the inside a
Soderland, Craig wrote:
Now here's the .90 cent question:
If ISP's are not liable for the content across them, and cannot be held
liable.
And you run an Open WIFI network...
Aren't you in effect an ISP Albeit a free one?
And if you are an ISP, then wouldn't you, not be liable for content se
On Wed, 16 Mar 2005, Gregh wrote:
[HEADERS SNIPPED]
>
>
> >
> >>From what little I read on their site, it seems to be a radius auth mech
> > based upon MAC addresses.
> >
>
> Isn't that basically what a lot of wi-fi broadband router/modems do anyway?
>
> Eg, set up a netgear DG834 (think
- Original Message -
From: "Ron DuFresne" <[EMAIL PROTECTED]>
To: "KF (Lists)" <[EMAIL PROTECTED]>
Cc:
Sent: Wednesday, March 16, 2005 12:20 PM
Subject: Re: [Full-disclosure] Wi-fi. Approaching customers
>
>>From what little I read on thei
>From what little I read on their site, it seems to be a radius auth mech
based upon MAC addresses.
Thanks,
Ron DuFresne
On Tue, 15 Mar 2005, KF (Lists) wrote:
> hrmm... is that based on signal strength or something?
> -KF
>
> Ryan Sumida wrote:
> >
> > As a side note..
> >
> > Newbury Networ
On Tue, 15 Mar 2005, Ryan Sumida wrote:
> As a side note..
>
> Newbury Networks has a product called WiFi Watchdog that can allow/deny
> access based on physical location. As an example, it can be configured
> where anyone outside the building walls can not connect to the network but
> once they
Would guess so,
but this would be easily overtaken by using directional antenna / amplifier :)
to add my 0.1 GBP, we have written to NHS in UK on one occasion couple of years
ago, warning them on them having open wireless link. The response was somewhat
ridiculous that they employ CCNA, so they ha
hrmm... is that based on signal strength or something?
-KF
Ryan Sumida wrote:
As a side note..
Newbury Networks has a product called WiFi Watchdog that can allow/deny
access based on physical location. As an example, it can be configured
where anyone outside the building walls can not connect to
As a side note..
Newbury Networks has a product called
WiFi Watchdog that can allow/deny access based on physical location. As
an example, it can be configured where anyone outside the building walls
can not connect to the network but once they move inside the building they
are allowed access.
uot;Gregh" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, March 15, 2005 2:55 PM
Subject: Re: [Full-disclosure] Wi-fi. Approaching customers
> Gregh,
> IMO, you're covered legally. I know it sounds fishy to approach a
> potential client already knowing they're insecure...but
and, Craig
> Sent: Tuesday, March 15, 2005 4:41 PM
> To: Marcus Graf; full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] Wi-fi. Approaching customers
>
> Now here's the .90 cent question:
>
> If ISP's are not liable for the content across them, and
&g
What about doing a targeted mail campaign (zip code, zip +4 , etc) with
a flyer about wireless security/insecurity in general with specific
statistics for the target area, or even a generic (not pinpoint gps
accuracy, but large area overview) map showing open access points?
Coral
Gregh wrote:
>
mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 15, 2005 4:28 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Wi-fi. Approaching customers
Matthew Sabin wrote:
> My company has made a conscious decision to leave our WiFi open to
visitors, while our internal machines connect vi
Matthew Sabin wrote:
My company has made a conscious decision to leave our WiFi open to visitors,
while our internal machines connect via IPSec on the open airwaves.
A drive-by would show the open nature of our WiFi, but wouldn't immediately
tell you that we've secured our business fairly well.
b
My lawyer advised me against approaching people with the information that
their wifi is open to hackers. Honestly, there are too many laws in your
way (in the US at least). I urge you to look into your local laws and see
if there is a good way to approach customers without making it seem like
ldn't immediately
tell you that we've secured our business fairly well.
--Matthew Sabin
- Original Message -
From: "Wade Woolwine" <[EMAIL PROTECTED]>
To: Gregh <[EMAIL PROTECTED]>
Subject: Re: [Full-disclosure] Wi-fi. Approaching customers
Date:
Gregh,
IMO, you're covered legally. I know it sounds fishy to approach a
potential client already knowing they're insecure...but don't all of us to
that on a regular basis? I mean I will hit google with a vengence before I
go into the kick-off meeting...I want to know what I'm up against.
I would r
I have asked this on another list and there has been discussion but nothing
that really seems like an answer so I am asking for help in here.
I did a war drive (and in MY terms that means just driving along gathering SSID
data showing open and closed and nothing else BUT that) and found one HELL
29 matches
Mail list logo