Re: [Aironet] WEP cracked - Updates under way?
Status: Inactive
Brought to you by:
breed
From: <lo...@pe...> - 2001-02-05 19:53:35
|
This is allong the lines of something similar that came to my mind while reading a book about the various types of 802-based networks, and specificaly covered the .11 phy's. It was worth noting that a method which is available (or at least in the spec) is 'distributed coordination' or 'point coordination.' It's reasonable to assume that when a BSS is functioning (regardless if it's part of a larger ESS or not) the class I frames which are used for point/dist cord. can/could be spoofed by anyone within range. Or, so the wite paper specs. Wether or not people are truly using sub-LLC frames to do this I gues is up to the implementation.. anywway, 802.11 has a _long_ass_ way to go yet, in any case. It seems that no one (in corporate America) has even yet BEGUN to see what over-announcing false associations can do, or reannouncing false neighbor data (in the case of wireless repeating), or injecting false STP data as a bridge is coming up, or a plethora of other layer-2 and layer-1 exploitation can/might do to 802.11 equipment. ..this serves as another good reason to restate the general rule I follow: Do not trust the network, and even bad (read: windows) implementations of IPSec and SSH are better than WEP. -Lostxam On Mon, 5 Feb 2001, Toens Bueker wrote: > Hi *, > > I just read this slashdot story: > > http://slashdot.org/articles/01/02/05/1411215.shtml > > Here's the details: > > http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html > > Does anybody know anything about what the > vendors/developpers are going to do about this? > > By > Töns > |