Security Basics: Re: wireless help

[Tomas Wolf <tomas () skip cz>]

Yes, I fully agree... There is always a posibility :-) - RSN (Robus 
Security Networks -as it was named :-) ) was proven hijackable and 
volnurable to MitM attacks, and DoS attacks... Sorry for not making 
myself more clear about the MAC fingerprinting... It actually probes the 
card for several test and that evaluates against their fingerprint 
database - so that way it can say that a MAC saying "CISCO" is really 
not. Of course reliability is unknown to me... Hopefuly high. :-)
Thank you for your input. I appreciate it.
Good luck -
Tomas

N407ER wrote:

> Tomas Wolf wrote:
>
> > But the problem is, that after WEP is cracked (talking easy with 
> > 802.11b), one has total access to traffic (for passive listening) and 
> > the network (nodes, bandwith, wherever this LAN leads to -- Internet, 
> > internet... etc.).
> > Let's not forget that unauthorized wireless user can be a user that 
> > wants to be unauthorized, not just an accidental cross-authorization.
> > So if some relies on WEP and complexity of maintaining mac filter 
> > rules for mobile users is unreachable, then we should look at some 
> > "unconventional" solutions. IP filter doesn't change much, since by 
> > observing decoded traffic for a while one can pretty much guess what 
> > "ranges" or selective IPs are allowed. DHCP would make it just 
> > "automatic".
> > In WPA, there is a technology (if I remember corectly - it might be 
> > somewhere else though :-), maybe one of the cisco wireless aps) that 
> > looks at the "manufacturer" part of MAC and can tell spoofed MAC. But 
> > that is just a little off topic :-)
> > Just my little something...
> > Tomas
> Though presumably an attacker could spoof a MAC address which you have 
> listed as valid, no? Simply by passively sniffing, he could gain a valid 
> IP *and* MAC, and use both.
> Even if you were to require user authentication, and time out inactive 
> sessions, he could concievably hijack an active session, so long as the 
> legit client doesn't do anything when it recieves responses to 
> connections it's never made (I suspect a Windows machine with a personal 
> firewall like ZoneAlarm would behave in this way, failing to terminate 
> connections initiated by the attacker in its name). So a hijacker could 
> probably grab an active connection for the duration of its activity, or 
> even keep it active after it's been abandoned. The only real foolproof 
> way to prevent this would be encryption like VPN or IPSec, I suspect. 
> Which is certainly overkill or simply unfeasable for many installations.


---------------------------------------------------------------------------
----------------------------------------------------------------------------