lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: kf_lists at (KF (lists))
Subject: Cisco LEAP exploit tool...


Jeff Schreiner wrote:

>7 miles away is stretching it a bit far considering that all 802.11g
>wireless transmissions range between 2.4 - 2.4835 Ghz 802.11a/h/j range
>between 5.47 - 5.725 Ghz not only are the frequencies prone to scatter...the
>radio waves bounce off everything.  All wireless routers are limited by FCC
>regulations to a maximum of 1 watt.
>(1) For frequency hopping systems in the 2400-2483.5 MHz band employing at
>least 75 hopping channels, all frequency hopping systems in the 5725-5850
>MHz band, and all direct sequence systems: 1 watt. For all other frequency
>hopping systems in the 2400-2483.5 MHz band: 0.125 watts.
>To get a 2.4 Ghz signal to travel 7 miles you would have to install an
>amplifier to boost the output to somewhere between 5 to 10 watts a 5 Ghz
>signal would require even more at which point you're in violation of FCC
>rules and Uncle Sam might come looking for ya.
>Just an FYI.
>-----Original Message-----
>[] On Behalf Of Williams Jon
>Sent: Wednesday, April 14, 2004 2:15 PM
>To: Paul Schmehl; Email List: Full Disclosure
>Subject: RE: [Full-Disclosure] Cisco LEAP exploit tool...
>Well, that depends.  For example, if you aren't using some form of
>strong authentication (i.e. smart cards, SecureID tokens, etc.) then its
>possible for someone to steal a laptop, use something like Cain (from
>the package Cain & Able) to extract their password from the registry.
>With that and a known wireless laptop, the attacker can then access your
>whole network from the parking lot (or the neighbor's house, or 7 miles
>away, etc.)
>While the same password vulnerability exists for non-wireless
>environments, it does mean that the attacker would have to have physical
>access to the building to use the credentials.
>Full-Disclosure - We believe in it.

Powered by blists - more mailing lists