Hi all; Yes this might be a first, I'm going to drag the topic BACK to something network related. I happen to be in Auckland today. Flew in for customer chit chat which will happen tommorow. Had a spare afternoon and no one to see so I thought I might do the geek thing and see how little old Auckland was getting along with it's wireless networking. SO, I slapped the 802.1Q card into the laptop and strapped the GPS onto the outside of my backpack and went for a walk. I walked down Queen Street from the top to the water, and then back up to Albert St to Wellesley then back up Symonds to my hotel. Well. Auckland sure is brimming with wireless. But the concern (and I spose the reason that I posted this at all) was that most of it is insecure. Now I'm a good guy. I don't want to get access to anything, god knows I see enough internet as it is. I just wanted to see how many places had embraced the 802.1Q fad. So all in all 29 networks jumped out and grabbed me as I was walking past. only 4 of them were using WEP. Now because I didn't actually try to gain access to any of them, I have no idea what the internal security of them is like. But I'm not expecting much. I don't think I sniffed anything off the sky tower, I was only using the small antenna on the card. So if you run a wireless network in the center of Auckland and you were using the strategy of "Oh it will never make it down to the street" Then you are wrong and you might like to put some more security on. I thought about mailing my networklist out as well. But I decided against it. Mainly because it has exact GPS locations and network names. It would make easy pickings for anyone who wanted to gain access. If you want to mail me privatly with your network name and/or card MAC address then I will give you a yes or no answer. Dont feel alone though. I've done the same in North Sydney and come up with similar numbers. Next week wellington. Have fun Dean --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Oh and those of you who ARE using WEP. the world is not a happy place either Have a look at this post by Adi Shamir to the Risks list http://catless.ncl.ac.uk/Risks/21.55.html#subj5 You all know who Adi Shamir is don't ya? (the S in RSA for those who don't) Dean On Wed, Aug 01, 2001 at 09:22:17PM +1200, Dean Pemberton wrote: [some stuff] --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Dean Pemberton wrote:
[...] You all know who Adi Shamir is don't ya? (the S in RSA for those who don't)
yeah, he's the guy who built that opto-mechanical factoring device: http://www.interesting-people.org/199905/0019.html ...with regard to securing wireless LANs... I think the best description of the consequences of the IEEE's WEP would be: "expecting the average consumer to configure wireless security is living in a state of sin in a red-light district (not only acceptable, but expected). Of course by simple membership to this list, you exclude yourself from set "average consumer". The counter point is that any business hiring the "average consumer" to configure their IT resources won't be in business very long. Expecting any encryption algorithm to stay secure over time is pretty much wishfull thinking... most wireless access points are hardware devices that will be lucky to see one upgrade over their entire lifetime. In which case, wireless LANs are best left unsecured, instead relying on strong, adaptable client-end security... that, and treat the wireless segment as an untrusted DMZ through which only properly authenticated and covered access (independant of the wireless device) is allowed. Anyone up for a research project on geographically localized DDoS attack client that uses bandwidth available via unsecured wireless LANs? Anyone up for a reserach project that does triangulation (assume sectored antennas, but you could also use tcp/ip finger printing), across multiple independant access points, on unauthorized network joiners? I believe it *is* the same god that created both cat and mouse. (appologies to william blake) --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, Aug 01, 2001 at 09:23:38PM +1000, cfb wrote: Anyone up for a reserach project that does triangulation (assume sectored antennas, but you could also use tcp/ip finger printing), across multiple independant access points, on unauthorized network joiners? As usual, I'm going to be as the Usenix security symposium (http://www.usenix.org/events/sec01/) this year, if anyone is going to be there and wants to have a chat or hang out for a bit then let me know. There will be more than a few people there with freaky knowledge of WEP some of which will be toting iPaq based toys with wireless cards :) Since the conference has a largely technical audience, it's not hard to hang out with various interesting people and discuss interesting stuff (like the average height of Europeans) over sushi or whatever. --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Evening all On Wed, Aug 01, 2001 at 09:22:17PM +1200, Dean Pemberton said:
So all in all 29 networks jumped out and grabbed me as I was walking past. only 4 of them were using WEP.
I'll point yawl to todays post in the risks digest: http://catless.ncl.ac.uk/Risks/21.55.html#subj5 Adi Shamir chatting on about how WEP is totally insecure. Get thee to thy IPSEC - at least, that's what I'm working on this week :-).
Dont feel alone though. I've done the same in North Sydney and come up with similar numbers.
Next week wellington.
Warming to a theme, RJN was out playing with the 'stumbler a few days ago, and picked up an aerial that we're using across town (in Newtown) and which should be good for maybe 500-1000m from a hill in Newlands. By my reckoning, that's probably 12-15Km away. He also picked up networks in use at the airport, even further afield. So secure your wireless nets, people, because everybody can listen in... Cheers Si --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (4)
-
cfb -
Chris Wedgwood -
Dean Pemberton -
Simon Blake