[ale] kimset

Jonathan Rickman jonathan at xcorps.net
Wed Feb 12 09:27:15 EST 2003


On 12 Feb 2003, cfowler wrote:

> For one thing your getting my motives all wrong.  I'm not wanting to go
> around and find non-public networks an play on them.  I'll find those
> that are public like at Starbucks.  But network insecurity comes from
> ignorance.  My quest to learn by using kismet is a quest so that I will
> learn the proper ways to tie down mine and any other 802.11b network
> that I come across.   There are 2 types of peple that hack into others
> systems.  Those who do it for spite and those who do it to tie the
> network down.  I want to tie the network down.  Of course by
> experimenting with kismet I can learn the various ways that war drivers
> tap into peoples networks.  I have neither the time nor inclination to
> drive around town browsing the internet on other peoples wireless
> segments.  I do have the time and inclination to secure those insecure
> segments for a fee.

Thanks for making your motives clear. However, it's generally a better
practice to break into your own stuff while learning. You'd be surprised
how many vendors will let you borrow their products to test them.

> My personal opinion on 802.11b is that not all should have access to
> it.  Look at it this way.  On my WCP11 card, I found 1 AP on Windward
> parkway.  This could have been at Starbucks but I would not know.  It
> just popped up in my software.  In an "exclusive" sub-division in
> Windward, I found 3.

Much like any other new technology, the manufacturers have failed
miserably to educate their customers. I blame them, not the end user. Have
you seen the new ads for the MS wlan gear? "It's almost too easy."
Exactly.

> Many people focus on business that have Louie and I call "Copenhagen"
> Administrators.  That may have a AP that is fully open.  But nobody
> focuses on houses that do.  Especially those with fast internet access.

Copenhagen administrators!!! HAHAHAHAHAHAHA!!!!

> Its one thing to read a book on 802.11b security but it is another thing
> to implement the ideas.  I think there is a good market for those that
> truly know 802.11b.  That is my motivation for this endeavor.

My personal opinion is that 802.11b can never be secured. The design is
flawed. The newer standards will improve on this. 802.11b networks should
be treated just like the public Internet, totally untrusted.

> Back to security.
>
> My conclusion on securing my own house is that some dumb ap's are not
> the way to go unless you have a firewall.  Maybe some people can confirm
> my ideas.  I have the idea that the only thing I can truly do is to
> create a seperate ethernet segment at home.  I have 2 know.  One is for
> DSL and the other is for 192.168.1.0.  This new segment would be
> 192.168.5.0 and have an 568B -> 568A cable attached directly to the DSL
> Router or Access Point.  Then I'll use iptables to treat 5.0 as a
> untrusted segment.  I then can block by ip and other parameters. This
> would still require a security policy at the wireless part but is very
> secure.  But you can never truly lock 802.11b down.  Just make it
> undesireable

That's generally the preferred approach. I personally feel that 802.11b is
only suitable for bridging short distances. That's the only way I've ever
felt comfortable using it, and only if the data flowing across it was
not sensitive.



--
Jonathan Rickman
X Corps Security
http://www.xcorps.net

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list