lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200404150020.i3F0KhvZ028320@ms-smtp-02.rdc-kc.rr.com>
From: techlist at kc.rr.com (Jeff Schreiner)
Subject: Cisco LEAP exploit tool...

7 miles away is stretching it a bit far considering that all 802.11g
wireless transmissions range between 2.4 - 2.4835 Ghz 802.11a/h/j range
between 5.47 - 5.725 Ghz not only are the frequencies prone to scatter...the
radio waves bounce off everything.  All wireless routers are limited by FCC
regulations to a maximum of 1 watt.

http://www.odessaoffice.com/wireless/fcc_ism.html

(1) For frequency hopping systems in the 2400-2483.5 MHz band employing at
least 75 hopping channels, all frequency hopping systems in the 5725-5850
MHz band, and all direct sequence systems: 1 watt. For all other frequency
hopping systems in the 2400-2483.5 MHz band: 0.125 watts.

To get a 2.4 Ghz signal to travel 7 miles you would have to install an
amplifier to boost the output to somewhere between 5 to 10 watts a 5 Ghz
signal would require even more at which point you're in violation of FCC
rules and Uncle Sam might come looking for ya.

Just an FYI.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Williams Jon
Sent: Wednesday, April 14, 2004 2:15 PM
To: Paul Schmehl; Email List: Full Disclosure
Subject: RE: [Full-Disclosure] Cisco LEAP exploit tool...

Well, that depends.  For example, if you aren't using some form of
strong authentication (i.e. smart cards, SecureID tokens, etc.) then its
possible for someone to steal a laptop, use something like Cain (from
the package Cain & Able) to extract their password from the registry.
With that and a known wireless laptop, the attacker can then access your
whole network from the parking lot (or the neighbor's house, or 7 miles
away, etc.)

While the same password vulnerability exists for non-wireless
environments, it does mean that the attacker would have to have physical
access to the building to use the credentials.

Jon 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ