Re: Dean's Wireless Walkabout
HAHAHAHA ROFLMAO Choccie Fish for Joe here. Yes of course I mean 802.11 hahaha - I'm still laughing at that cock up. So how many people were worried that I could see their Vlans from the street? Dean On Wed, Aug 01, 2001 at 10:48:38PM +1200, Joe Lewis wrote:
Hi, umm feel free to shoot me down but don't you mean 802.11(b)?
--- Joe Lewis
On Wed, 1 Aug 2001, Dean Pemberton wrote:
Hi all;
Yes this might be a first, I'm going to drag the topic BACK to something network related.
I happen to be in Auckland today. Flew in for customer chit chat which will happen tommorow. Had a spare afternoon and no one to see so I thought I might do the geek thing and see how little old Auckland was getting along with it's wireless networking.
SO, I slapped the 802.1Q card into the laptop and strapped the GPS onto the outside of my backpack and went for a walk.
I walked down Queen Street from the top to the water, and then back up to Albert St to Wellesley then back up Symonds to my hotel.
Well. Auckland sure is brimming with wireless. But the concern (and I spose the reason that I posted this at all) was that most of it is insecure.
Now I'm a good guy. I don't want to get access to anything, god knows I see enough internet as it is. I just wanted to see how many places had embraced the 802.1Q fad.
So all in all 29 networks jumped out and grabbed me as I was walking past. only 4 of them were using WEP. Now because I didn't actually try to gain access to any of them, I have no idea what the internal security of them is like. But I'm not expecting much.
I don't think I sniffed anything off the sky tower, I was only using the small antenna on the card.
So if you run a wireless network in the center of Auckland and you were using the strategy of "Oh it will never make it down to the street" Then you are wrong and you might like to put some more security on.
I thought about mailing my networklist out as well. But I decided against it. Mainly because it has exact GPS locations and network names. It would make easy pickings for anyone who wanted to gain access. If you want to mail me privatly with your network name and/or card MAC address then I will give you a yes or no answer.
Dont feel alone though. I've done the same in North Sydney and come up with similar numbers.
Next week wellington.
Have fun
Dean --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: So how many people were worried that I could see their Vlans :: from the street? Dean's such a nice guy so... Still, WEP stands for "wire equivalency protocol", doesn't it? Ergo, perhaps it's silly to expect it to be any more secure than Cat5? Is IPsec really the best solution here, considering it has problems in NAT'ed environments? -- Juha --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Aug 02, 2001 at 09:15:41AM +1200, Juha Saarinen wrote: Is IPsec really the best solution here, considering it has problems in NAT'ed environments? IPsec is terrible solution, but for lack of many 'open' choices it may be the best one. There are various hacks to allow IPsec to work to a certain extent even when NAT is involved. --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 2 Aug 2001, Chris Wedgwood wrote:
IPsec is terrible solution, but for lack of many 'open' choices it may be the best one. There are various hacks to allow IPsec to work to a certain extent even when NAT is involved.
I had some ORINOCO-related PDFs sent to me, which mention a few other solutions. Anyone interested, mail me offlist. -- Regards, Juha --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Juha and all, Juha Saarinen wrote:
:: So how many people were worried that I could see their Vlans :: from the street?
Dean's such a nice guy so...
Still, WEP stands for "wire equivalency protocol", doesn't it? Ergo, perhaps it's silly to expect it to be any more secure than Cat5?
Is IPsec really the best solution here, considering it has problems in NAT'ed environments?
I would recommend against IPsec at this time. I have done 4 implementations. It is quite expensive and time consuming not to mention a administration nightmare if you are not very careful...
-- Juha
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 118k members strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail jwkckid1(a)ix.netcom.com Contact Number: 972-447-1800 x1894 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Jeff Williams wrote:
I would recommend against IPsec at this time. I have done 4 implementations. It is quite expensive and time consuming not to mention a administration nightmare if you are not very careful...
If you want better security then nothing is expensive. But saying that, there are quite a number of Free IPSEC software programs such as FreeSwan which work very well and not that hard to implement. Thanks Craig Whitmore Orcon Internet http://www.orcon.net.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Craig and all, Craig Whitmore wrote:
Jeff Williams wrote:
I would recommend against IPsec at this time. I have done 4 implementations. It is quite expensive and time consuming not to mention a administration nightmare if you are not very careful...
If you want better security then nothing is expensive.
How true. But there are limits. As you may know, in the US and the UK many IT companies as well as ISP's and Telecoms are laying off the security guys at the moment to trim their budgets. I personally believe this practice to trim budgets is a huge mistake form a management point of view. But that seems to be a trend presently, none the less. In fact CNN did a report on this just a couple of days ago.
But saying that, there are quite a number of Free IPSEC software programs such as FreeSwan which work very well and not that hard to implement.
Yeah Freeswan works ok, but I wouldn't say well. It is too easy to hack. We use elliptical curve Encapsulation Encryption as many western Govmts. require that level of encryption on IP's. As I was one of the original developers (Several years ago now) on ECEE it is a snap for me or my guys to implement it. But we just don't have enough trained staff to do the demand presently.
Thanks Craig Whitmore Orcon Internet http://www.orcon.net.nz
Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 118k members strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail jwkckid1(a)ix.netcom.com Contact Number: 972-447-1800 x1894 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
We use elliptical curve Encapsulation Encryption as many western Govmts. require that level of encryption on IP's. As I was one of the original developers (Several years ago now) on ECEE it is a snap for me or my guys to implement it. But we just don't have enough trained staff to do the demand presently.
Where can I find information on this? what makes it better than Industry standard IPSEC? An RFC? Who exactly is using it? --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Craig and all, Craig Whitmore wrote:
We use elliptical curve Encapsulation Encryption as many western Govmts. require that level of encryption on IP's. As I was one of the original developers (Several years ago now) on ECEE it is a snap for me or my guys to implement it. But we just don't have enough trained staff to do the demand presently.
Where can I find information on this?
Check the IETF archives.
what makes it better than Industry standard IPSEC?
Well EC can be used with IPsec as it is an algorithm if you choose to do that.
An RFC? Who exactly is using it?
I don't have the RFC book marked evidently on this system. But I have it somewhere on my main system. I see if I can find it and post the URL's to you when I return to the US. A number of large banks, the SEC, the NASD, the US Federal reserve bank, and I believe the US Treasury Dept. NSA uses Elliptical Curve as well for certs for E-Mail and special file transfers. Also a number of Investment houses use it as well that I know of. The list is rather long. Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 118k members strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail jwkckid1(a)ix.netcom.com Contact Number: 972-447-1800 x1894 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Aug 02, 2001 at 01:40:11AM -0700, Jeff Williams wrote: We use elliptical curve Encapsulation Encryption as many western Govmts. require that level of encryption on IP's. As I was one of the original developers (Several years ago now) on ECEE it is a snap for me or my guys to implement it. But we just don't have enough trained staff to do the demand presently. I'm probably going to regret asking... Eh? Please explain this... what you've said was completely meaningless. It could be your using IPsec with ISAKMP for the EC stuff, ot it could be something completely different. And which governments require this? Where does it state that? --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Word has it .. and im about to go and find out for sure that 802.11a will no longer have WEP as we know it. Even Lucent & Ciscos newer implementation of exchanged keys for WEP are still basicly useless with MAC address Spoofing . There are some scary stories to be told in the US of Wireless Network sniffing. Regards -- | Matthew G Brown | Tasman Solutions LTD | Wireless Network Specialist | http://www.tasman.net ?
Is IPsec really the best solution here, considering it has problems in NAT'ed environments?
I would recommend against IPsec at this time. I have done 4 implementations. It is quite expensive and time consuming not to mention a administration nightmare if you are not very careful...
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (6)
-
Chris Wedgwood -
Craig Whitmore -
Dean Pemberton -
Jeff Williams -
Juha Saarinen -
Matthew G Brown