Undetectable APs
in [Wireless Internet]
|
From: DevilsPGD on 30 Jul 2010 18:57 In message <i2vgp2$lts$1(a)speranza.aioe.org> Dobie <DobieG(a)gmail.com> was claimed to have wrote: >DevilsPGD <Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote in >news:1gd4565s83iq8hhaajpcvvvijmccvl8jo7(a)4ax.com: > >> You can deny a computer on any basis your AP allows. In >general this >> means MAC addresses, occasionally hostnames or similar, in >rare cases >> other parameters are probably going to be possible too. > >Rare cases? Depends on your hardware and software, yes. Most people buy the cheapest thing at Best Buy, this severely limits your options vs what higher end choices might allow. >Paramaters? Such as? Well, one example would be to allow 802.11b or g clients. Another might be only allow WPA2-PSK but not WPA-PSK. >Do you even know what your talking about? If you use manufacturer supplied software on your AP then your ability to set limitations are based on the feature set the manufacturer provided. Most APs will only let you allow/deny wireless access based on MAC address (and of course compatible encryption settings) A few will block by hostname, although technically speaking they actually do have to allow the wireless connection first, then once the hostname is known, decide whether to route packets or not. If you control the software on your AP then your ability to code will be your only imagination and coding skills.
From: Aaron Leonard on 30 Jul 2010 19:40 >Can access points be configured such that they are undetectable by the typical >hobbiest wifi radio scan assuming that they are in range of the transceiver? >With Windows? With Linux? Other than hostname and Mac address, can particular >computers be denied replies to a scan, based on what other paramters? Can >netstumbler or some other software discover these "shielded" aps? > >(at work, hence anonymous usenet access) Sure, turn off the AP's radio, and it'll be hard to detect it. What's your goal here, exactly?
From: bod43 on 30 Jul 2010 20:55 On 31 July, 00:40, Aaron Leonard <Aa...(a)Cisco.COM> wrote: > >Can access points be configured such that they are undetectable by > the typical > >hobbiest wifi radio scan assuming that they are in range of the > transceiver? > >With Windows? With Linux? Other than hostname and Mac address, can > particular > >computers be denied replies to a scan, based on what other paramters? > Can > >netstumbler or some other software discover these "shielded" aps? > > >(at work, hence anonymous usenet access) > > Sure, turn off the AP's radio, and it'll be hard to detect it. > :-)) Remember that many devices (PCs) allow mac addresses to be changed too. The wireless drivers on my Vista PC though only allow correctly formated LAAs. I could imagine someone finding an Access Point, sniffing the traffic, changing the MAC address of their PC to match that of a permitted client and then gaining access. Of course long random keys and WPA or even better WPA2 seem to still be secure. WEP is useless against all but the clueless. It looks to me that MAC address filtering must be similarly hopeless although I have not tried it in practise.
From: John Navas on 30 Jul 2010 21:52 On Fri, 30 Jul 2010 15:57:07 -0700, in <ipl656pres2kcclftlsbq1sdpq8bsdan9a(a)4ax.com>, DevilsPGD <Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote: >If you use manufacturer supplied software on your AP then your ability >to set limitations are based on the feature set the manufacturer >provided. Most APs will only let you allow/deny wireless access based >on MAC address (and of course compatible encryption settings) > >A few will block by hostname, although technically speaking they >actually do have to allow the wireless connection first, then once the >hostname is known, decide whether to route packets or not. > >If you control the software on your AP then your ability to code will be >your only imagination and coding skills. The radio has to be on for the AP to do anything useful, which is easily detectable no matter what your imagination and coding skills. -- John FAQ for Wireless Internet: <http://wireless.navas.us> FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: John Navas on 30 Jul 2010 21:54 On Fri, 30 Jul 2010 17:55:58 -0700 (PDT), in <370697a9-820c-47a4-a80f-19320a4dc1b2(a)d37g2000yqm.googlegroups.com>, bod43 <Bod43(a)hotmail.co.uk> wrote: >I could imagine someone finding an Access Point, >sniffing the traffic, changing the MAC address of their PC >to match that of a permitted client and then gaining access. > >Of course long random keys and WPA or even better WPA2 >seem to still be secure. Not true, unfortunately. See my post "NEWS: Security shortcomings in WPA2 that threaten security of wireless networks". PSK also has weaknesses. -- John FAQ for Wireless Internet: <http://wireless.navas.us> FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
|
Next
|
Last
Pages: 1 2 3 Prev: Article: iPad wins the jerk demographic Next: NEWS: Boffins authenticate Apple 'Antennagate' |