[MLB-WIRELESS] another stupid q, about dhcp

Adrian Close adrian at close.wattle.id.au
Wed Apr 3 22:13:45 EST 2002


On Wed, 3 Apr 2002, Tony Langdon, VK3JED wrote:

> This involves a little sniffing, but that never put anyone off, especially
> on a wireless network! :)

It's _trivial_.

1. 'tcpdump -n -i wi0' (or go find a packet sniffer for your OS).
2. Wait a few seconds.
3. Voila!

> >2. Sniffing the network for a valid MAC address, setting your own MAC
> >address to the same value and requesting a DHCP lease.
>
> This would be even easier than #1. :)

The problem is you're far more likely to be noticed, because you'll
probably collide with a legitimate user.

> Yes, there's no true "unique and secure identifier".

Actually, what I meant was that you can't assign tokens to known nodes and
use them as authenticators, because they're there for the sniffing and can
be used/replayed regardless of what secure one-way hash generated them.
Once you've used them once, they're useless.

Of course, another approach would be to use tokens like this in a one-time
pad kind of scenario but I suspect that involves some non-trivial
collusion between node and authenticating server.  Actually, this idea
might even have some merit...  It won't stop the sniffers dead in their
tracks, might it might be better than nothing.  What do others think of
this?

> Yeah, the big problem with IPSec are the Win9x boxes floating around, and
> NT as well.  Win2k supports it out of the box, as does XP.  And yeah, the

*cough*

I haven't played with XP's IPSEC implementation but I sure hope they've
done some work on it since the useless Windows 2000 stuff.

I'm not a huge fan of NAI, but believe it or not the PGPNet part of the
PGP suite is actually really good.  Pity they killed it.  It is just
possible that the freeware version (which already does host-host mode)
might actually get host-subnet capabilities), which would be a huge bonus
for use of IPSEC on public WLANs...

> config side is a pain.  I've looked over the FreeS/WAN docs and hmmmm. :)

Actually, FreeS/WAN isn't that hard to get going, especially if it's
integrated into your distribution (e.g. Mandrake).  The configuration is
confusing, but that's nothing you can't fix with a quick (as in
_short_ so people will read it) HOWTO.

> Well, that's the wireless equivalent to cutting the network cable...
> :-)  However, when that's all running, you should be able to watch the
> pictures if you have an old analogue satellite receiver and a pre-Galaxy
> downconverter (older then the normal Galaxy ones).

Now _that_ is a cool idea, my friend (I assume you mean "watching" the
802.11 packets on TV).  Great at parties (cf. "Cthuga")!  ;)

Adrian Close			email:	adrian at close.wattle.id.au
1 Old Gippsland Rd.		web:	http://www.close.wattle.id.au/~adrian
Lilydale, VIC, 3140, Australia	mobile:	+61 412 385 201

Echelon teaser: MD5 RX-7 SSL Kiwi TRD DEADBEEF Bubba




To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list