Re: [tlug] WiFi considerations

[David Santinoli <marauder@example.com>]

On Thu, Jul 12, 2007 at 11:44:41PM +0900, Josh Glover wrote:
> On 11/07/07, David Santinoli <marauder@example.com> wrote:
> 
> >However, data encryption - in your case implemented at the
> >application layer - is only one aspect of security here.  Another
> >one, not less important, is authentication: after the
> >wardriver-of-the-day succeeds in associating with your unprotected AP
> >and manages to get an address in your LAN, he might not be able to
> >SSH into your server, but he can abuse your Internet connection,
> >which might be even more harmful.
> 
> Of course, he has to discover my laptop's MAC (which he can probably
> do with an ARP flood),

More simply, by standing by and sniffing for a while.


> spoof it (easy on Linux, dunno on Windows),
> and DOS my 'top (probably hard, unless he has a botnet).

Deauthentication/disassociation DoS attacks can be easily perpetrated
with a single PC.


> So yes, my network is insecure. But then again, so is any network
> connected to the outside world. :)

True, but even insecurity comes in different flavours and degrees.


> But I think my layer of making shite difficult for the bad guys is
> enough to ensure that the wardriver chooses one of these nice networks
> instead:
> 
> : jmglov@example.com; sudo iwlist eth1 scan
> eth1      Scan completed :
>          Cell 01 - Address: 00:16:CF:69:78:6D
>                    ESSID:"YBBUser"
> [...]
>          Cell 02 - Address: 00:A0:B0:4E:98:8B
>                    ESSID:"washima"

The bad guys will soon discover these are actually honeypots and revert
in anger to your cell. ;-)

Cheers,
 David
-- 
 Palantir home page:  http://www.fastpath.it/products/palantir
 Palantir support:    <palantir@example.com>