Re: [Aironet] LEAP security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Forgive me for interjecting, but I'd like to ask a few other questions
about your needs with regards to wireless networks.

Is your goal to simply limit who can associate to the ESS/BSS? 

Is your goal to, once a association is completed successfully, provide
link-level security? 

----

Also, on an unrelated note, I would like to ask this list what they think
about the following theory.

If a 802.11 client device is authenticating via LEAP or EAP (rather, being
allowed an association because of..), what are the chances of another user
taking on the 'identity' (read: MAC address, IP address (if IP is being
used), and Radio ID) of a user who just authenticated? Lets say they were
opperating in Adhoc mode, and could opperate allongside transparently, or,
continue opperating after the 'real' client's computer was turned off. Any
thoughts on what would happen?

It would seem to me that durring the course of normal use, client devices
may roam into an area which has such poor coverage they associate &
deassociate due to excessive CRC errors or failed attempts at
retransmissions. Clients can't be expected to continualy re-authenticate
just to reassociate all the time. 

So, in the case of LEAP or EAP I would presume that there is some sort of
'cached' user/password data which can be re-sent by some means (driver,
script?) whenever the card de/re-associates.. Or at least some sort of
CHAP-style reoccuring password hash exchange going on after the initial
granting of an association. 

If that's the case, could not our rouge client device capture (assuming
the station could hear the transmission) that hash-exchange and replay it
on demand if the station were to 'impersonate' the real station after the
initial association? 

TIA for any replies/thoughts!

-Lostxam

On Fri, 6 Jul 2001, Doug Wilson wrote:

> you might be right; I can't find anything that says LEAP works with
> Microsoft RADIUS.
> 
> We would like to make a call on whether LEAP is secure enough. I have not
> been able to find third party reviews evaluating LEAP from a security
> perspective. If you have any information on LEAP security , pls send it to
> me.
> 
> Someone on this mailing list mentioned that LEAP is MSCHAP. Is it MSCHAPv1
> or MSCHAPv2?. Any protocol details?
> 
> Thanks,
> 
> Doug Wilson
> 
> 
> ----- Original Message -----
> From: "Mark Wilson" <ma...@st...>
> To: "Doug Wilson" <dou...@ho...>
> Cc: <ai...@en...>
> Sent: Wednesday, July 04, 2001 10:13 AM
> Subject: Re: [Aironet] LEAP security
> 
> 
> > On Wed, 4 Jul 2001, Doug Wilson wrote:
> >
> > > Hi everyone,
> > >
> > > I am planning to test Cisco Aironet Wireless 802.1x solution with LEAP.
> > > We are using Microsoft's Windows 2000 RADIUS server for VPN and it
> > > supports EAP-MD5 & EAP-TLS. Will LEAP work with Microsoft's RADIUS
> server?
> > >
> > > Thank you
> > >
> > > Doug Wilson
> > >
> >
> > I don't believe so.  So far, I have only got it to work with the Cisco
> > ACS.  But, if you do we would be interested.
> >
> >
> > Mark Wilson
> > Sr. Network Analyst
> > Communications and Technology Services (CATS)
> > UC Santa Cruz - Santa Cruz, Ca. 95064
> > 831.459.3675
> > Just a Cruzin......
> >
> >
> _______________________________________________
> Aironet mailing list  -  Ai...@cs...
> http://csl.cse.ucsc.edu/mailman/listinfo/aironet
> 