Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Replacing WEP was Re: Dsniff'ng wireless networks

From: "Artes, Francisco" <francisco () ea com>
Date: Wed, 18 Jul 2001 03:16:39 -0500
Here you assume that you have some security by using WEP.  WLANs are simply
not secure, and should never be treated as a private network.  They should
always be treated like a public network and secured accordingly.  E.g.,
place them behind a firewall with no routing between the private and the
WLAN IP network, and open VPN tunnels into the private network.

If by community network you mean a public access point to the Internet via
802.11 then just pop up some SSIDs and leave the WEP  key off so people can
just attach.  (Without the hassle of cracking WEP.)   


-----Original Message-----
From: Simon Waters [mailto:Simon () wretched demon co uk]
Sent: Tuesday, July 17, 2001 16:15
Cc: pen-test () securityfocus com
Subject: Replacing WEP was Re: Dsniff'ng wireless networks


Someone is thinking of doing a community network with
Wireless LAN.

WEP seems to offer little in this environment, so thinking
of replacing it with IP based encryption - sort of a public
PKI. Assuming we can get users to switch of non-IP protocols
on their client PCs (I know it is hard to right click
network neighbourhood and pick properties), do we lose any
security at layer two by not using WEP?

i.e. Are we more vulnerable to some other types of attack -
I'm guessing mostly DoS if any more are possible. But hey
they can probably DoS more profitably by stealing the
antennas from the relays and selling them.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: