[Wolves] wireless - bambam

fizzy wolves at mailman.lug.org.uk
Wed Sep 17 14:27:00 2003


 --- Jono Bacon <jonobacon@yahoo.com> wrote: > 
>Hi Fizzy,

Hullo old man, happy birthday :)
> 
> I just read the article and I knew wireless was
> pretty
> insecure, but I didnt realise you could fiddle MAC
> addresses and WEP so easily.

Yeah, i knew you could brute force MAC address's, but
i didn't know it was /that/ simple!
> 
> Would it be possible to filter all traffic through
> SSH
> or something so even if someone gets access, they
> need
> as key to do anything useful or read your traffic?
> 
That's basically what a VPN (FreeS/WAN is the linux
implementation of this) does, it encrypts all trafic
over the wire - regardless of application level stuff,
so your whole network link is encrypted, rather than
just one application (like ssh is encrypted telnet,
this encrypts the lot).  What you would have to do is
VPN all connections on your wireless LAN and then only
let VPN connections into your firewall from the
wireless device (FreeS/WAN gives you /dev devices for
VPN connections so with a few fancy rules this is
possible).

I struggled for a day trying to setup a connection
between a win2k laptop and my gateway, I gave up in
the end.  (I believe this is easier between two linux
machines).

The point being, if this is the only way of securing a
wireless network why is next to nobody doing it!

> I suppose we need some software that acts like a
> daemon to check forged MAC addresses and boot them
> off
> the network - I don't know how plausable this is
> though.

Yeah, sounds like an option, not really a replacement
for real security tho.
 
> The other option of course is if there is a way of
> password protecting a session.

The nocat software i mentioned does this, but it looks
pretty weak. 

>   Jono

fizz


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk