VS: MORE: Tools for Detecting Wireless APs - from the wire side.

From: Toni Heinonen (Toni.Heinonen@teleware.fi)
Date: Sat Jun 15 2002 - 00:43:40 EDT

• Next message: Shaun Bligh-Wall: "UMTS Network security"
• Previous message: R. DuFresne: "Re: VS: MORE: Tools for Detecting Wireless APs - from the wire side."
• Next in thread: Larry Youngquist: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
• Reply: Larry Youngquist: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> > Ahh, but indeed. It's of course smarter to block access
> from the APs
> > instead of just trying to detect them. AFAIK no Wireless APs can do
> > 802.1x authentication to connect to the LAN, even though most can
> > accept wireless 802.1x clients.
>
>
> The fact that leap is only available on the newest of cisco's
> wireless equipment is one part of the issue. The other part
> of the wireless issue is how it expands ones perimiter. You
> still with encryption or not have opened up an external
> 'ethernet segment' to snooping. The management packets,
> which contain alot of information in and of themselfs on the
> wireless topology at the least, help intruders to map the
> segment, if not more, depending upon how the wireless toys
> are terminated and where.

Good morning,

No, actually I didn't mean quite that. I am not talkin about wireless
client authentication with 802.1x, I mean locking the LAN switches up
with 802.1x so all LAN clients have to authenticate (wired LAN). Thus
all the wired workstations have to "log in" to the switch in order for
them to be able to transmit and receive through the port they are
connected to. APs won't be able to do this.

You don't need Cisco's proprietary LEAP anyhow for 802.1x, be the
clients wireless or wired. EAP-TLS is well supported with Windows XP, as
is (or soon will be, anyone have any more knowledge?) EAP-MD5. That,
also, is the only downside of 802.1x in LANs: bad support. WinXP has
support, but that's all I've heard of.

Someone sent me a private e-mail explaining even WLAN APs can
authenticate to the LAN using 802.1x, but could someone point me to a
link of a product overview where it's specifically stated so? Of course,
you could make your own AP with Linux and some 802.1x client code, but
I'm looking for ready off-the-shelf products.

-- 
Toni Heinonen, Teleware Oy
  Wireless +358 (40) 836 1815
  Telephone +358 (9) 3434 9123
  toni.heinonen@teleware.fi
  www.teleware.fi
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Shaun Bligh-Wall: "UMTS Network security"
• Previous message: R. DuFresne: "Re: VS: MORE: Tools for Detecting Wireless APs - from the wire side."
• Next in thread: Larry Youngquist: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
• Reply: Larry Youngquist: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT