I was running tcpdump (this tool monitors a network interface and displays ip packets to the screen or places them in a file) on our network this evening to work on a problem. I happened to start the simpleMonitor for aBO to validate a setting for one of our clients. To my surprise, the simpleMonitor Administrator password flashed across the tcpdump window as I logged in. I switched to the Link Status tab of the simpleMonitor and the Administrator password was displayed on the tcpdump screen each time the signal strength and link quality values were updated in the simpleMonitor. This happens about once every two seconds so the password got Lots of exposure.
We need to be able to access the settings of our client boxes using the wireless interface for a number of reasons (simpleMonitor, simpleNMS, ...). I'm concerned about how easy it would be for someone to crack a smartBridges network and change the settings on the AP and Client boxes. Our network is currently running with WEP Disabled until a planned network outage early next week. I hope the Admin passwords will not be in clear text after WEP is turned on. Please be aware of this password exposure if you are not running with WEP enabled. Greg ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
