From: Aaron Peterson (aaron@midnightresearch.com)
Date: Tue Jul 10 2007 - 03:37:23 EDT
Hi All:
Does anyone have any experience with pen-testing or general security
setup/issues of any "OpenAir" wireless devices? It appears to be a
pre-802.11 wlan protocol from proxim.
I can't seem to find any *real* information on the protocol, or how it's
used and implemented. I understand that the data is not encryped, but that
there is a shared security ID that needs to be sent to join the network.
Any advice on how to connect/sniff/break/audit/etc this type of traffic?
Here is some of the information that I've found so far:
From: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=OpenAir
An earlier wireless LAN protocol endorsed by the Wireless LAN
Interoperability Forum (WLIF). It used a frequency hopping spread
spectrum (FHSS) air interface in the unlicensed 2.4GHz band and was
based on Proxim's RangeLAN2 architecture.
And from: http://www.istpl.com/80211_std.htm
Pre-802.11 protocol, using Frequency Hopping and 0.8 and 1.6 Mb/s
bit rate. CSMA/CA with MAC retransmissions. OpenAir doesn't
implement any encryption at the MAC layer, but generates Network ID
based on a password (Security ID). OpenAir is the proprietary
protocol from Proxim. All OpenAir products are based on Proxim's
module.
Here is a bit more info:
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.std.html#OpenAir
It appears that the original consortium (WLIF, wlif.org, Wireless LAN
Interoperability Forum) that helped push it is now belly-up as well.
Linux used to have support for this, but I think it has been removed from
this site, and I haven't seen anything for recent kernels:
http://www.komacke.com/archive/rl2-library/
I found what looks like a mirror of the files here, but this is still for
old versions of linux:
http://www.haucks.org/download/
Also, probably the best bug I've seen in a while is from the openBSD
drivers:
http://nixdoc.net/man-pages/OpenBSD/man4/rln.4.html
The very last line in the man page: "Oh, and transmit doesn't seem to work."
Thanks,
Aaron
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT