 | russotto
join:2000-10-05
Collegeville, PA | WEP might be halfway decent Some manufacturers have put in workarounds to avoid generating breakable keystreams. This is great -- provided you make sure all systems on your network use them. | |
| 
dnoyeB
Ferrous Phallus
join:2000-10-09
Southfield, MI
|  Ignorance
If you want security you should use PGP or some other software based encryption ala VPN.
Processors are so fast their is no more arguement that things should be done in hardware.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16
| |
|  | 
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
 ·Comcast
| Re: Ignorance said by dnoyeB  :
Processors are so fast their is no more arguement that things should be done in hardware.
This is a very bad idea. Any encryption can be broken through brute force methods. As computers become more powerful, such brute force methods make this even easier to do. Embedding encryption into hardware only guarantees that you will have to replace your hardware each time a better form of encryption comes out.
--
DRM == Doesn't Read MP3s | |
| 
Rodney W
 from:
pnh102
| Learn more Obviously, Iron Dick, you know nothing about WIFI. If someone broke into your physical location and put a good sniffer on your LAN, that is illegal and prosicutable. If however, someone parked outside your office and used a promiscuous WIFI card to snoop your network, it is neither detectable, or prosicutable. It is very hard to prove someone is stealing over-the-air signals, unless you could catch it on surveilance cameras.
A GOOD sniffer rolling to a large backup device could pick up every password, email, file, etc transversing the network. This can be accomplished either wired or wireless. PGP or another file scrambling utility is not going to scramble your network password and logon, is it?
Since the FCC allowed WIFI cards to be run in the "promiscuous mode" a few years ago, all you have to do is be within radio range to a WIFI network to access it. Did that sink in? Hackers know this, as they cruise warehouse districts or rich suburbia to find networks with improper security, and launch their attacks from there. Totally non-tracable. Except to the owner of the network.
Yes, I do work in this industry. And most companies have poor or no directions on how to enable WEP on their devices. Or stupid people don't change the default encryption settings. Very easy to hack.
Thats my rant.
Rod | |
| | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: Learn more said by Rodney W:
Obviously, Iron Dick, you know nothing about WIFI. If someone broke into your physical location and put a good sniffer on your LAN, that is illegal and prosicutable. If however, someone parked outside your office and used a promiscuous WIFI card to snoop your network, it is neither detectable, or prosicutable. Rod
Promiscuous Mode cards can be detected, its hard but it can be done. Also if somebody is sniffing your network and you prove that something malicous was done then they can be prosecuted. (although this is damn hard to do)
»webbuilder.netscape.com/webbuild···1-4.html
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
| | |
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
| Re: Learn more said by vic102482 :
Promiscuous Mode cards can be detected, its hard but it can be done.
Cards running in monitor mode are even harder to detect because they don't bind with any access point, they just sit and happily listen away at all your transmissions.
--
DRM == Doesn't Read MP3s | |
| | | | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: Learn more Yeah no bull there are tricks though, I was reading a step sheet to find certain cards in sniffer mode off of their domain membership, it was ingenus although it had a 25% false alarm rating.
But to keep all that off of your network just tag MAC addresses and you should be str8. I know of cisco switches have the ablility to de-activate ports if the mac address for that specific port ever changes. Wouldnt stop somebody that steals your NIC then uses that port, but thats for security guards to worry about not sys admins.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
Rodney W
| Promiscuous girls...er, cards OHMYGOD, it appears Vic is one of 3 people left using Netscape;>) I love it. I figure there is enough security holes in my Winblows OS, without using a browser that is as flawed as IE.
You cannot detect promiscuous rf cards, unless you set an access list for known MAC addresses, with logging of violations. But then again, if you know how to do that, you are not a target anyway. Of course, if they don't get in, just roll to the next open network. Always attack the weakest herd member. A recent survey in my city that consisted of driving the major freeways turned up over 700 open WIFI networks in less than 3 hours.
Also, the old WEP system when first released had a back door you could drive a truck through. The stage 2 version wasn't much better. So the manufacturers started coming up with proprietary solutions, but they are not interoperable.
Promiscuously Yours
Rod | |
| | russotto
join:2000-10-05
Collegeville, PA
| Re: Promiscuous girls...er, cards You can't detect cards in monitor mode without special equipment to detect the internal oscillators (and the range on such equipment would be laughable). Even MAC address limiting won't stop a slightly determined hacker, as he'll just sniff your legitimate MAC addresses and use one of them (preferably one which isn't in use at the time) when he decides to go active. | |
| | | |
|
|
home
Question...