On Sunday 10 August 2003 17:27, White-Tiger wrote: > Ok, > I do not know about eapol for wireless products, just > hardline. > > when you plug in your device, you won't be able to see any > broadcasts until you go through the eapol process with the > MAC of the NIC, this is interesting, i havent worked on that issue before. How is that eapol working actually?
> so if they have access to a PC, they can look at the pc > MAC, then spoof it on the switch with their own device. just if it allows booting from cd. usually i turn all that options off and restricting access to the bios as is. In case you're dealing with a thin-client booting from network i guess this method is getting even harder. > > BUT if they already have access to a network PC, why don't > they just boot from CD and load whatever CD os with there > tools on it ! that way they don't have to worry about > spoofing. > > I kinda thought this is what WEP was for? WEP is an encryption option for 802.11a/b though its design is rather weak and can be cracked quite fast. > > How about depending on os, the client side of wireless, had > a cert file, that creates a VPN that all traffic gets sent > through, Not impossible to sniff, but just would take them > a while, depending how strong crypto you use. in this case an simple IPSec AH in transport mode would do it, since it should be able to traverse NAT/PAT. but using certificates makes it hard to administrate though you could set up a CA. > > --- Sebastian Schneider <[EMAIL PROTECTED]> wrote: > > no problem ;-) > > > > > I am sorry I got on this late... Some switches support > > > eapol > > > that works with a radius server to auth mac address at > > > > port > > > > > level before the switch will enable that port... I have > > > done limited testing. If you unplug a live connect, > > > > not > > > > > only will someone be calling saying that something > > > > doesn't > > > > > work, but when they plug in there NIC the switch will > > > > see a > > > > > new MAC and disable the port. > > > > > > > > > > > > Some one can give some ideas about MAC spoofing, But > > > doesn't the NIC give its real MAC to the switch while > > > > you > > > > > are trying to spoof someone elses MAC? > > > > if someone is setting the card into listening mode, > > nobody > > will get any address (i haven't checked this one out > > yet)... > > and by analyzing broadcast traffic you might be able to > > get existing MACs on the network and spoof hosts easily. > > this is a big deal for wireless based communications > > > > On Saturday 09 August 2003 17:18, White-Tiger wrote: > > > I am sorry I got on this late... Some switches support > > > eapol > > > that works with a radius server to auth mac address at > > > > port > > > > > level before the switch will enable that port... I have > > > done limited testing. If you unplug a live connect, > > > > not > > > > > only will someone be calling saying that something > > > > doesn't > > > > > work, but when they plug in there NIC the switch will > > > > see a > > > > > new MAC and disable the port. > > > > > > > > > > > > Some one can give some ideas about MAC spoofing, But > > > doesn't the NIC give its real MAC to the switch while > > > > you > > > > > are trying to spoof someone elses MAC? > > > > > > if this is the case, then you can disable and port that > > > > is > > > > > not a known MAC. > > > > > > I have a baystack450, and I can setup the MAC in each > > > > of > > > > > the switchs, but that will be kinda hard to maintain. > > > > So > > > > > I am looking at free radius for OpenBSD that supports > > > eapol, so I can just setup a file with all allowed > > > > MACs. > > > > > Hope this helps, sorry if someone already said this, I > > > > am > > > > > a little late on the thread. > > > > > > > > > WT > > > > > > --- Sebastian Schneider <[EMAIL PROTECTED]> wrote: > > > > On Friday 08 August 2003 14:19, CHRIS GRABENSTEIN > > > > wrote: > > > > > As far as the hard wires, I think the best solution > > > > is > > > > > > to search out those > > > > > > > > > unused ports and unplug them from the switch. They > > > > can > > > > > > be quickly > > > > > > > > > reconnected if needed, and you'll know about it. > > > > > > > > I guess you're actually aware, that not everyone is > > > > locking up rooms > > > > containing switches. > > > > And just plugging out unused cables won't be > > > > sufficient, > > > > > > since usually > > > > I just can plug out any computer and plug in my own. > > > > > > > > > |-----Original Message----- > > > > > |From: netsec novice [mailto:[EMAIL PROTECTED] > > > > > |Sent: Thursday, August 07, 2003 4:51 PM > > > > > |To: [EMAIL PROTECTED] > > > > > |Subject: Network scanning > > > > > | > > > > > | > > > > > |Are there tools out there that would allow system > > > > > > > > administrators to be > > > > > > > > > |notified when a new workstation attaches to a > > > > network? > > > > > > I'm > > > > > > > > > |thinking both > > > > > |wireless and ethernet in this case. SNMP maybe? > > > > I am > > > > > > in a > > > > > > > > > |credit union > > > > > |environment and my concern is that someone would > > > > be > > > > > > able to steal an > > > > > > > > > |existing jack or a jack that is not physically > > > > > > > > protected but > > > > > > > > > |live and be > > > > > |able to capture traffic or do reconaissance. We > > > > don't > > > > > > have > > > > > > > > > |Wireless access > > > > > |at this point but may look to it in the future. > > > > My > > > > > > only > > > > > > > > > |thought in that > > > > > |case would be to encrypt all traffic since > > > > wireless > > > > > > security > > > > > > > > > |is a bit scary > > > > > |at this point. Any ideas? > > --------------------------------------------------------------------------- > > > > > --------------------------------------------------------------------------- > > > > > >- > > > > > > > > -- > > > > > > > > ----------------------------- > > > > straightLiners IT Consulting & Services > > > > Sebastian Schneider > > > > Metzer Str. 12 > > > > 13595 Berlin > > > > Germany > > > > > > > > Phone: +49-30-3510-6168 > > > > Fax: +49-30-3510-6169 > > > > Mail: [EMAIL PROTECTED] > > > > > > > > > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich > > > > geschützte Informationen. > > > > Wenn Sie nicht der richtige Adressat sind oder diese > > > > E-Mail irrtümlich > > > > erhalten haben, > > > > informieren Sie bitte sofort den Absender und > > > > vernichten > > > > > > Sie diese Mail. > > > > Das unerlaubte Kopieren sowie die unbefugte > > > > Weitergabe > > > > > > dieser Mail ist nicht > > > > gestattet. > > > > > > > > This e-mail may contain confidential and/or > > > > privileged > > > > > > information. > > > > If you are not the intended recipient (or have > > > > received > > > > > > this e-mail in error) > > > > please notify the sender immediately and destroy this > > > > e-mail. Any unauthorized > > > > copying, > > > > disclosure or distribution of the material in this > > > > e-mail > > > > > > is strictly > > > > forbidden. > > --------------------------------------------------------------------------- > > > > --------------------------------------------------------------------------- > > === message truncated === > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com -- straightLiners IT Consulting & Services Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-3510-6169 Mail: [EMAIL PROTECTED] Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. --------------------------------------------------------------------------- ----------------------------------------------------------------------------