Home: www.packetnexus.com
sum up from different papers and other various sources. anonymous@segfault.net ------------------------------------------ ftp://ftp.orinocowireless.com/pub/software/ORiNOCO/PC_Card/Firmwarelookup warheac.net http://www.cs.umd.edu/~waa http://www.cs.umd.edu/~waa/wireless.pdf datatwirl.yi.org/wep-faq.html http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html misc quotes from papers. Later on a few comments by myself: --------------------------- Operating at 2.4GHz, I've heard rumours that if you wander through Stockholm's business district or through the Square Mile in London, if you're in promiscuous mode you can pick up all sorts of transmissions and a large number of DHCP servers offering IPs to anyone who gets the ESS ID right. Hope this helps someone. Just be careful out there ;) 3) This is the biggie - the WEP authentication protocol relies on DNS and is therefore prone to massive man-in-the-middle attacks. There is a paper by Jesse Walker called "Wireless LANs Unsafe at Any Key Size; and analysis of the WEP encapsulation" that I encourage everyone to read. The authentication methods supported by the current 802.11 standard are Open System and Shared Key. The Shared Key method requires that the WEP algorithm be implemented on both the wireless terminal and the access point. In the Open System authentication scheme, which is the default scheme, a terminal announces that it wishes to associate with an access point, and typically the access point allows the association. The user authentication in TWISS is based on public-key cryptography. Each user has a public/private key pair, which is generated on the TWISS server and then delivered to the user in a distribution file. The keys in a distribution file are protected using a password that only the user knows. The password is entered when logging locally to the TWISS client in order to access the private key needed when logging on to the TWISS server. As the user logs on to the TWISS server, the client and the server negotiate a symmetric encryption/decryption key that is used for data confidentiality during a single security connection. If attacker cuts down the power of the whole site, then all wired networks are usually useless, but the wireless LANs can be used in the ad-hoc configuration with laptops or other battery powered computers. The data security is accomplished by a complex encryption technique know as the Wired Equivalent Privacy Algorithm (WEP). WEP is based on protecting the transmitted data over the RF medium using a 64-bit seed key and the RC4 encryption algorithm. WEP, when enabled, only protects the data packet information and does not protect the physical layer header so that other stations on the network can listen to the control data needed to manage the network. However, the other stations cannot decrypt the data portions of the packet. You can configure a wireless network to broadcast its name, or not. It's probably wise not to broadcast, so that people are less likely to accidentally discover it. You can configure most wireless access points to allow only certain MAC addresses (like Ethernet 802.11 uses MAC addresses). a useful tool for win2k is wildpackets "airopeek" wireless sniffer. it has just come out of beta, and the beta version only supports the cisco 340 family NIC, due to modified NDIS drivers. with this running on