lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <42386D11.5070304@arhont.com>
From: mlists at arhont.com (Konstantin V. Gavrilenko)
Subject: Wi-fi. Approaching customers

What a great possibilities for remote dos.
Just imagine what would happen to a finely tuned network, when attacker starts 
cloning the mac addresses :)


-- 
Respectfully,
Konstantin V. Gavrilenko

Arhont Ltd - Information Security

web:    http://www.arhont.com
	http://www.wi-foo.com
e-mail: k.gavrilenko@...ont.com

tel: +44 (0) 870 44 31337
fax: +44 (0) 117 969 0141

PGP: Key ID - 0x4F3608F7
PGP: Server - keyserver.pgp.com

Ryan Sumida wrote:
> 
> I am no Wi-Fi expert by any means but I will try to convey what they 
> told me in layman terms.  Their product uses passive sensors that 
> basically just listen for any kind of WiFi traffic.  Using the signal 
> strength, attenuation, and some other attributes, their algorithm 
> creates an RF fingerprint for the location of a device.  So as an 
> example, if you are standing at your desk the RF fingerprint would look 
> like this.
> 
> RF fingerprint for Device 1
> Sensor1 #################
> Sensor2 ######
> Sensor3 ##########
> Sensor4 ############################
> 
> As you physically move the device around the RF fingerprint changes. 
>  That's basically what they did to setup the device in our office.  Once 
> the room is calibrated, you can define the actions for each virtual zone 
> through their management software.  
> 
> Hope that helps some,
> 
> Ryan
> 
> 
> "KF (Lists)" <kf_lists@...italmunition.com> wrote on 03/15/2005 04:35:27 PM:
> 
>  >
>  > hrmm... is that based on signal strength or something?
>  > -KF
>  >
>  > Ryan Sumida wrote:
>  > >
>  > > As a side note..
>  > >
>  > > Newbury Networks has a product called WiFi Watchdog that can 
> allow/deny
>  > > access based on physical location.  As an example, it can be 
> configured
>  > > where anyone outside the building walls can not connect to the network
>  > > but once they move inside the building they are allowed access. 
>  Sounds
>  > > like black magic but it works (a rep came down and showed us a demo
>  > > yesterday) and can help manage who gets on an open WiFi network like
>  > > Matthew's.
>  > >
>  > > Ryan Sumida
>  > > Network Services, CSU Long Beach
>  > >
>  > >
>  > > full-disclosure-bounces@...ts.grok.org.uk wrote on 03/15/2005 
> 01:27:43 PM:
>  > >
>  > >  >
>  > >  > Matthew Sabin wrote:
>  > >  >
>  > >  > > My company has made a conscious decision to leave our WiFi open to
>  > >  > visitors, while our internal machines connect via IPSec on the open
>  > > airwaves.
>  > >  > > A drive-by would show the open nature of our WiFi, but wouldn't
>  > >  > immediately tell you that we've secured our business fairly well.
>  > >  >
>  > >  > but what if someone uses your unsecured network to download 
> copyrighted
>  > >  > material (just mp3s are enough :->) or to send porn?
>  > >  >
>  > >  > An unsecured WiFi may have serious legal consequences.
>  > >  >
>  > >  > And to come back on the original topic: These legal consequences 
> may be
>  > >  > good arguments to convince customers that they need to get their 
> network
>  > >  > secured.
>  > >  >
>  > >  > Ciao
>  > >  > Marcus
>  > >  >
>  > >  > --
>  > >  > Hail Eris! Hail Discordia!
>  > >  > _______________________________________________
>  > >  > Full-Disclosure - We believe in it.
>  > >  > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  > >  > Hosted and sponsored by Secunia - http://www.secunia.com/
>  > >
>  > >
>  > > 
> ------------------------------------------------------------------------
>  > >
>  > > _______________________________________________
>  > > Full-Disclosure - We believe in it.
>  > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  > > Hosted and sponsored by Secunia - http://www.secunia.com/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ