|
It's a shame the airbridges cannot check the
incoming packets against the stored wep keys, because kit like the Cisco Aironet
provides a 'wep key rotation' option, however when I enabled it, the airbridges
failed to connect when the key was rotated. This would certainly provide
enhanced security, as you can set how long between each rotatation. Key changing
every 10 minutes would really annoy the airsnorters :)
----- Original Message -----
Sent: Friday, September 19, 2003 1:20
PM
Subject: RE: [smartBridges] Stealing
service
Hi Seeni,
So if it the APPO is in AP mode and all 4 WEP
keys are filled, then any airBridge can connect using any of those 4 keys,
right?
Unfortunately, I tried this and it didn't seem to work. I
have all 4 WEP keys filled on the APPO in AP mode. All of my airBridges
have the same 4 keys, but are currently using key 1 as default.
Yesterday, I changed one of the airBridges to key 2. This airBridge
disappeared from the network completely. I couldn't get it back to
change it back to key 1. (I'm expecting the customer to call me and tell
me that he's not getting service. A hard reset should revert it back, I
hope?)
What did I do wrong
here?
Thanks,
Sevak
On Thu, 2003-09-18 at 18:12,
Seeni Mohamed wrote:
Hi
Sevak,
In airBridges and aPPO, you will be able to save 4 WEP
keys. As you said, there is no cycling selection of WEP keys in
airBirdge. We can activate only one key at a same time.
We have
implemented this option only on the aPPO in AP mode.
When airPointPRO
is running on AP mode, “Default key” selection option will not work and we
use this option for the other operational mode like client bridge
mode.
In AP mode, it is capable to accept multiple WEP keys
from the multiple clients.
For
example,
AP= key1 and key2
Client airBridge1= key1 and
Client bridge2=key2
Both entries are already in the
AP, it will pass the traffic. As long as the access point entries matched
with the key table, the traffic will pass through.
Seeni
sB Tech Support
[EMAIL PROTECTED]
-----Original
Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sevak
Avakians
Sent: Friday, September 19, 2003 3:12 AM
To:
'[EMAIL PROTECTED]'
Subject: RE: [smartBridges] Stealing
service
Thanks,
Sully! It will save me some restless nights.
;-)
I'm going to
look into the pppoe more closely, but probably will not implement it for a
few months.
Talking about WEP keys, I have all 4 WEP keys listed in
the appo and on the airBridges. I've just tried flipping the default
key on the appo from key 1 to key 2, but lost all the airBridges. I
guess the airBridges don't have a cycling method to check for the next WEP
key, huh? That would be a nice feature, I think.
Kind
regards,
Sevak
On Thu, 2003-09-18 at 12:10, The Wirefree
Network wrote:
The amount of
traffic that MUST be sniffed to crack WEP is HUGE. I sniffed traffic
for 72 hours at the head-end (which hears ALL traffic on my network), and I
did not receive a single “interesting packet”. You need thousands or
even millions of “interesting packets” to crack WEP. After
successfully cracking WEP, the hacker would need to sniff the MAC and
IP pairing (not difficult), spoof them, and overpower the legitimate client
so that he drops off the network, and then you can assume his
identity.
In other words….I don’t see it
happening.
Don’t get me wrong…I still
recommend PPPoE as well…but I would NOT lose any sleep about someone
spoofing your customer’s MAC address.
BTW…the internal
MAC authorization table (at the aPPo) authorizes the MAC of the sB device
only (not the internal MAC addresses). I only install exterior (roof
top) sB devices. So…my client does not know their MAC address….and
therefore you also don’t have to worry about them giving their MAC address
to a neighbor. But…even if they did, the bandwidth still counts
against the legitimate client.
Sully
-----Original
Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sevak
Avakians
Sent: Thursday, September 18, 2003 6:58 AM
To:
[EMAIL PROTECTED]
Subject: RE: [smartBridges] Stealing
service
Hi
Sully,
You're right. I am using WEP. No one has yet done
this on our network, but I would like to take preventative
measures.
Thanks,
Sevak
On Thu, 2003-09-18 at 09:48, The
Wirefree Network wrote:
My
question is: How are they spoofing the MAC address if you are using
WEP? I highly doubt that they sniffed long enough to break it….so are
you not using WEP?
Personally…I think that it is
plain old stupid to not use WEP…unless you are running a
HOTSPOT.
If you are using sB devices at the client-side, then
you just preload the WEP keys (preferably with simpleDeploy) and you are
done.
Sully
-----Original
Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sevak
Avakians
Sent: Thursday, September 18, 2003 6:12 AM
To:
[EMAIL PROTECTED]
Subject: [smartBridges] Stealing
service
I vaguely
remember someone else discussing this on this list: Has anyone come
across "customers" who duplicate legitimate MAC addresses (such as their
neighbor's) on another device to get your Internet service for free?
If so, what can be done about it?
Thanks,
Sevak
|
