OpenAir pen-testing

From: Aaron Peterson (aaron@midnightresearch.com)
Date: Tue Jul 10 2007 - 03:37:23 EDT

• Next message: Ron Johnson - Adhost: "Recommend a suite of tools..."
• Previous message: StaticRez: "Re: John the Ripper - Patch issue with Ubuntu?"
• Next in thread: Paul Melson: "Re: OpenAir pen-testing"
• Reply: Paul Melson: "Re: OpenAir pen-testing"
• Maybe reply: hwertz@avalon.net: "Re: OpenAir pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All:

Does anyone have any experience with pen-testing or general security
setup/issues of any "OpenAir" wireless devices? It appears to be a
pre-802.11 wlan protocol from proxim.

I can't seem to find any *real* information on the protocol, or how it's
used and implemented. I understand that the data is not encryped, but that
there is a shared security ID that needs to be sent to join the network.

Any advice on how to connect/sniff/break/audit/etc this type of traffic?

Here is some of the information that I've found so far:

From: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=OpenAir
        An earlier wireless LAN protocol endorsed by the Wireless LAN
        Interoperability Forum (WLIF). It used a frequency hopping spread
        spectrum (FHSS) air interface in the unlicensed 2.4GHz band and was
        based on Proxim's RangeLAN2 architecture.

And from: http://www.istpl.com/80211_std.htm
        Pre-802.11 protocol, using Frequency Hopping and 0.8 and 1.6 Mb/s
        bit rate. CSMA/CA with MAC retransmissions. OpenAir doesn't
        implement any encryption at the MAC layer, but generates Network ID
        based on a password (Security ID). OpenAir is the proprietary
        protocol from Proxim. All OpenAir products are based on Proxim's
        module.

Here is a bit more info:
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.std.html#OpenAir

It appears that the original consortium (WLIF, wlif.org, Wireless LAN
Interoperability Forum) that helped push it is now belly-up as well.

Linux used to have support for this, but I think it has been removed from
this site, and I haven't seen anything for recent kernels:
http://www.komacke.com/archive/rl2-library/

I found what looks like a mirror of the files here, but this is still for
old versions of linux:
http://www.haucks.org/download/

Also, probably the best bug I've seen in a while is from the openBSD
drivers:
http://nixdoc.net/man-pages/OpenBSD/man4/rln.4.html
The very last line in the man page: "Oh, and transmit doesn't seem to work."

Thanks,

Aaron

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

• Next message: Ron Johnson - Adhost: "Recommend a suite of tools..."
• Previous message: StaticRez: "Re: John the Ripper - Patch issue with Ubuntu?"
• Next in thread: Paul Melson: "Re: OpenAir pen-testing"
• Reply: Paul Melson: "Re: OpenAir pen-testing"
• Maybe reply: hwertz@avalon.net: "Re: OpenAir pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT