[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <407DFBBE.1080206@secnetops.com>
From: kf_lists at secnetops.com (KF (lists))
Subject: Cisco LEAP exploit tool...
http://classes.weber.edu/wireless/
-KF
Jeff Schreiner wrote:
>7 miles away is stretching it a bit far considering that all 802.11g
>wireless transmissions range between 2.4 - 2.4835 Ghz 802.11a/h/j range
>between 5.47 - 5.725 Ghz not only are the frequencies prone to scatter...the
>radio waves bounce off everything. All wireless routers are limited by FCC
>regulations to a maximum of 1 watt.
>
>http://www.odessaoffice.com/wireless/fcc_ism.html
>
>(1) For frequency hopping systems in the 2400-2483.5 MHz band employing at
>least 75 hopping channels, all frequency hopping systems in the 5725-5850
>MHz band, and all direct sequence systems: 1 watt. For all other frequency
>hopping systems in the 2400-2483.5 MHz band: 0.125 watts.
>
>To get a 2.4 Ghz signal to travel 7 miles you would have to install an
>amplifier to boost the output to somewhere between 5 to 10 watts a 5 Ghz
>signal would require even more at which point you're in violation of FCC
>rules and Uncle Sam might come looking for ya.
>
>Just an FYI.
>
>-----Original Message-----
>From: full-disclosure-admin@...ts.netsys.com
>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Williams Jon
>Sent: Wednesday, April 14, 2004 2:15 PM
>To: Paul Schmehl; Email List: Full Disclosure
>Subject: RE: [Full-Disclosure] Cisco LEAP exploit tool...
>
>Well, that depends. For example, if you aren't using some form of
>strong authentication (i.e. smart cards, SecureID tokens, etc.) then its
>possible for someone to steal a laptop, use something like Cain (from
>the package Cain & Able) to extract their password from the registry.
>With that and a known wireless laptop, the attacker can then access your
>whole network from the parking lot (or the neighbor's house, or 7 miles
>away, etc.)
>
>While the same password vulnerability exists for non-wireless
>environments, it does mean that the attacker would have to have physical
>access to the building to use the credentials.
>
>Jon
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
Powered by blists - more mailing lists