Firewall Wizards mailing list archives
RE: Wireless
From: "Frank Darden" <fdarden () locked com>
Date: Fri, 9 Aug 2002 16:07:46 -0400
One option that you might consider (assuming Netstumbler isn't enough for you) would be www.airdefense.net I haven't personally used this product, but watched a demo of it last week, and it does some pretty neat things. Frank ======================================= Frank Darden Chief Technology Officer Mission Critical Systems 3320 NW 53rd St. Suite 202 Fort Lauderdale, FL 33309 Phone (954)766-2550 x203 Fax (954-766-2580 AIM/MSN FishinCritical =========================================== -----Original Message----- From: Carl Friedberg [mailto:friedberg () exs esb com] Sent: Friday, August 09, 2002 2:23 PM To: Paul Robertson; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Wireless Paul, An easy starting point (very easy to use, and very low cost) is to buy an Orinoco Gold card, put it in a laptop, and get netstumbler (www.netstumbler.org). It's not an enterprise solution, but for a quick heads up, it's a very impressive piece of software. I've found that the el-cheapo stuff (Linksys and SMC, haven't used any D-Link but suspect it comes from the same, or similar manufacturer) just is not reliable enough. Especially when you turn on encryption, (128-bit Wep) I've found that those routers tend to stop forwarding packets after some random amount of time, requiring a reboot. The RF characeristics are not as good as Orinoco (or, presumably, Cisco Aironet). If you can afford it, go with Cisco. They have some excellent white papers (as usual) describing the Cisco add-ons which will make it much harder to get rogue ap's and/or PC Cards connecting to your network. They use techniques like rekeying with every packet, etc. Cisco is working on various techniques which integrate this to an enterprise, including Radius, etc. Some noteworthy points about WiFi: (1) all forms of WEP have been cracked; and the software to do that is easily available; (2) WiFi is radio, so 802.11a has higher bandwidth and shorter range than 802.11b. 802.11b can/will interfer with other devices on the same frequence band, such as newer portable phones, some microwaves, and potentially (though they deny it) Blue Tooth. (3) WiFi uses half duplex, so it is a shared collision domain, just like the old days of 10mbps and hubs. The more users on an AP, the less bandwidth each can get. (4) Any allowed access points should be on their own subnet, and in their own security domain. (5) Most illicit installations have "out of the box" settings, typically the password, ip settings, and lack of encryption. That makes it easy to take control of the rogue AP and potentially completely disable it (i.e., change admin password and IPrange, disable wireless, disable DHCP, etc). (6) WiFi is radio. You could get fancy and try to triangulate to find out where it is, but that is getting more expensive. my 2 cents Carl -----Original Message----- From: Paul Robertson [mailto:proberts () patriot net] Sent: Friday, August 09, 2002 2:03 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Wireless How are people starting to deal with hunting down and killing rogue Wireless Access Points (WAPs)[1]? It seems pretty easy in environments where wireless isn't allowed at all, but is anyone dealing with the situation in an environment where there are sanctioned wireless networks? Thanks, Paul [1] I'm thinking a lot about the built-in laptop WAPs, people bringing in 802.11b-enabled hubs, and only slightly about the cleaning folks hiding one in the ceiling tiles. ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Wireless, (continued)
- Re: Wireless Paul Robertson (Aug 09)
- Re: Wireless Dave Piscitello (Aug 19)
- Re: Wireless ejb3 (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- RE: Wireless Paul Robertson (Aug 09)
- RE: Wireless R. DuFresne (Aug 09)
- RE: Wireless Carl Friedberg (Aug 09)
- RE: Wireless Paul Robertson (Aug 09)
- RE: Wireless Loomis, Rip (Aug 09)
- RE: Wireless Loomis, Rip (Aug 09)
- RE: Wireless Frank Darden (Aug 09)
- RE: Wireless R. DuFresne (Aug 09)
- Re: Wireless Roger Marquis (Aug 09)
- Re: Re: Wireless Gary Flynn (Aug 09)
- Re: Wireless Dennis.Archambault (Aug 09)
- Re: Re: Wireless Paul Robertson (Aug 09)
- Re: Re: Wireless Adam Shostack (Aug 11)
- Re: Re: Wireless Dennis.Archambault (Aug 12)
- Re: Re: Wireless kadokev (Aug 12)
- Re: Re: Wireless Kirby Kuehl (Aug 12)
- Re: Re: Wireless kadokev (Aug 12)
- RE: Wireless Frank Darden (Aug 19)