Penetration Testing mailing list archives
OpenAir pen-testing
From: Aaron Peterson <aaron () midnightresearch com>
Date: Tue, 10 Jul 2007 00:37:23 -0700
Hi All: Does anyone have any experience with pen-testing or general security setup/issues of any "OpenAir" wireless devices? It appears to be a pre-802.11 wlan protocol from proxim. I can't seem to find any *real* information on the protocol, or how it's used and implemented. I understand that the data is not encryped, but that there is a shared security ID that needs to be sent to join the network. Any advice on how to connect/sniff/break/audit/etc this type of traffic? Here is some of the information that I've found so far: From: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=OpenAir An earlier wireless LAN protocol endorsed by the Wireless LAN Interoperability Forum (WLIF). It used a frequency hopping spread spectrum (FHSS) air interface in the unlicensed 2.4GHz band and was based on Proxim's RangeLAN2 architecture. And from: http://www.istpl.com/80211_std.htm Pre-802.11 protocol, using Frequency Hopping and 0.8 and 1.6 Mb/s bit rate. CSMA/CA with MAC retransmissions. OpenAir doesn't implement any encryption at the MAC layer, but generates Network ID based on a password (Security ID). OpenAir is the proprietary protocol from Proxim. All OpenAir products are based on Proxim's module. Here is a bit more info: http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.std.html#OpenAir It appears that the original consortium (WLIF, wlif.org, Wireless LAN Interoperability Forum) that helped push it is now belly-up as well. Linux used to have support for this, but I think it has been removed from this site, and I haven't seen anything for recent kernels: http://www.komacke.com/archive/rl2-library/ I found what looks like a mirror of the files here, but this is still for old versions of linux: http://www.haucks.org/download/ Also, probably the best bug I've seen in a while is from the openBSD drivers: http://nixdoc.net/man-pages/OpenBSD/man4/rln.4.html The very last line in the man page: "Oh, and transmit doesn't seem to work." Thanks, Aaron ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- OpenAir pen-testing Aaron Peterson (Jul 10)
- Re: OpenAir pen-testing Paul Melson (Jul 11)
- Re: OpenAir pen-testing Michael Painter (Jul 13)
- <Possible follow-ups>
- Re: OpenAir pen-testing hwertz (Jul 12)
- Re: OpenAir pen-testing Paul Melson (Jul 11)