Security Basics mailing list archives
Re: wireless help
From: "Patoff Pat-EtHiQ" <patoff22 () hotmail com>
Date: Fri, 03 Oct 2003 21:55:09 +0000
I've already found a program (software, not free...) that you could map your house/office with it, and it check where every user is on the wirelessLan, if someone, who is wardriving or, is not in the restricted area he wont be able to connect trought the server.
With some Mac and ip list restrict to your user only, it could be a good mix.
and like its say below, security on the server dhcp and other services is the best way, if the attacker as an ip and a mac but cant use any services on the lan, well its useless ... ;)
But i dont know if someone talk about it, but if an attacker has a Mac and ip of a user already connect and he as a Better signal and he is closer than the victim, the victim, is out, and the attacker can get is connection. this way i dont know how to secure...
Pat www.pyrofreak.org
Though presumably an attacker could spoof a MAC address which you have listed as valid, no? Simply by passively sniffing, he could gain a valid IP *and* MAC, and use both.Just my little something... Tomas
Even if you were to require user authentication, and time out inactive sessions, he could concievably hijack an active session, so long as the legit client doesn't do anything when it recieves responses to connections it's never made (I suspect a Windows machine with a personal firewall like ZoneAlarm would behave in this way, failing to terminate connections initiated by the attacker in its name). So a hijacker could probably grab an active connection for the duration of its activity, or even keep it active after it's been abandoned. The only real foolproof way to prevent this would be encryption like VPN or IPSec, I suspect. Which is certainly overkill or simply unfeasable for many installations.
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- _________________________________________________________________MSN Search, le moteur de recherche qui pense comme vous ! http://fr.ca.search.msn.com/
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: wireless help George Peek (Oct 02)
- RE: wireless help David Gillett (Oct 02)
- Re: wireless help Tomas Wolf (Oct 02)
- Re: wireless help N407ER (Oct 03)
- Re: wireless help Tomas Wolf (Oct 03)
- Re: wireless help N407ER (Oct 03)
- <Possible follow-ups>
- RE: wireless help Zachary Mutrux (Oct 03)
- Re: wireless help Patoff Pat-EtHiQ (Oct 03)