Text 344, 105 rader
Skriven 2005-05-30 21:51:38 av Peter Knapper (3:772/1.10)
    Kommentar till text 342 av Michiel van der Vlist (2:280/5555)
Ärende: Sharing InterNet between more machines on the LAN
=========================================================
Hi Michiel,

 > Also using the MAC a hacker can use
 > his own AP to "take control" of the Wireless environment as
 > seen by YOUR machine and effectively stop your machine from
 > being seen by the "real" AP.

 MvdV> I am a ham. I may not know the ins and outs of WiFi 
 MvdV> protocols, but I do know quite a bit about radio. And 
 MvdV> I know that creating interference is easy, but 
 MvdV> totally overpowering another transmitter in such a 
 MvdV> way that the reciever is not even aware that 
 MvdV> something odd is happening is not that easy.

The catch being that that is NOT how its done. You need to look at the layer
above the simple frequency spectrum being used. In fact you can have multiple
WiFi Networks sharing the same physical area, and all effectively "isolated" by
standard settings within the provided devices. You may not be able to block the
frequency itself, but you can infiltrate an SSID and take control. 

All you have to do is bombard a Wireless card with interference that forces
that card to re-negotiate its connection with the "closest" AP and then you
step in with your rogue AP and provide the expected responses worked out from
previously captured traffic.

 MvdV> The only practical way to do it is to be a lot closer 
 MvdV> to the target than the riginal transmitter. And 
 MvdV> getting closer to my AP then my laptop without me 
 MvdV> seeing it is e real feat.

For simple RF signalling you are right, but you need to be able to play this
game at a higher level than simple RF, and output power has nothing (or very
little) to do with it...


 > its just a pity the Wireless world rushed to market
 > without thinking things through fully.

 MvdV> I always wonder why they just can't do things like 
 MvdV> that right. 

It all comes down to $$$, get it to market before the next chap and you take
the lions share of the eargerness of Joe Public. I guess its not surprising how
man is his own worst enemy........;-)


 MvdV> Strong encryption has been around for 
 MvdV> some time, so why not use it? And why not use it as 
 MvdV> an overall shell? Why are the MAC addresses 
 MvdV> transmited in clear instead of encrypting them as 
 MvdV> well, so that it MAC address filtering would be more 
 MvdV> effective?

Yes, those are all the obvious questions, why did no-one consider this when
they looked at the WiFi concept. In hindsight it seems to have been a very
rushed job...

 > Yes, please note that all this can only happen using the
 > current common "standards" in the Wireless world. If you add
 > any extra security NOT based on the WiFi standard, then you
 > are a bit safer from this.

 MvdV> Doesn't that slow things down?

All security has a price, an overhead that needs to be factored into the
equation. At the moment, using current, readily available technology, perhaps
one of the quickest methods of securing a WiFi Connection is probably to use a
VPN OVER the Wireless environment. That adds a performance overhead of about
5-10%.

It also comes down to what are you trying to secure, the data being passed, or
just the "unplanned" use of the WiFi environment by others? A VPN by itself
does not stop the later...

 MvdV>  MvdV>> Well, security is fine but one can also overdo it.

 > Absolutely, but as a minimum have some security is better than
 > none.

 MvdV> That is why I only use WiFi for the laptop, have 
 MvdV> anebaled MAC adress filtering and WEP. (I use old 
 MvdV> stuff, it does not support WPA, let alone WPA2.)

The cracking demo I saw operating "broke" a WPA connection in 8 seconds. Those
demonstrating the event indicated that their testing revealed variable results
for WPA2, varying from about 5 mins to just under 1 hour. The capture tool was
AirSnort and the decoder I think was aircrack. Both a freely available...


 MvdV>  MvdV>> It /is/ convenient to not have wires on the laptop. I balance
 MvdV>  MvdV>> the convenience against the risk. I sleep at night...

 > And that is the basis that most home users work on, I just
 > wonder if anything really bothers them...

 MvdV> As long as 99.9% percent of them gets away with it, 
 MvdV> that attitude won't change...

Yes, ignorance is bliss...........;-)

Cheers..............pk.


--- Maximus/2 3.01
 * Origin: Another Good Point About OS/2 (3:772/1.10)