From: hwertz@avalon.net
Date: Thu Jul 12 2007 - 03:19:42 EDT
> Does anyone have any experience with pen-testing or general security
> setup/issues of any "OpenAir" wireless devices? It appears to be a
> pre-802.11 wlan protocol from proxim.
>
> I can't seem to find any *real* information on the protocol, or how it's
> used and implemented. I understand that the data is not encryped, but that
> there is a shared security ID that needs to be sent to join the network.
>
> Any advice on how to connect/sniff/break/audit/etc this type of traffic?
*cut*
>
> I found what looks like a mirror of the files here, but this is still for
> old versions of linux:
> http://www.haucks.org/download/
>
Well, even if you don't succeed in any sort of sniff, I'd certainly
advise the client that the data is sent in the clear. The
security ID is just like a modern SSID, just there so there wouldn't be
confusion if multiple wireless LANs were operating.. it doesn't provide
true security. Now, "security through obscurity" is no good, but
802.11-FHSS is already obscure, and this is even more obscure, so it will
at least stop your average wardriver, since it'll just show up as noise at
best.
As for actually sniffing it. It might be a pain, but any chance of
this would probably involve sucking it up, building a really old kernel
and building this driver you've found for it. Make sure you set this old
kernel non-default, so if it turns out not to actually work you haven't
made your system non-bootable 8-). The main concern regarding bootability
is newer distro's tendency to use udev.. this requires a 2.6 kernel. I
know several years ago, a non-udev system I had with earlier 2.6 kernel
could boot up under 2.2 and even 2.0 kernels however. If your distro of
choice won't deal with an older kernel, I'd get a temporary hard drive and
just put something contemporary with the drivers you've found; my choice
would be either Slackware, Debian, or lastly Redhat (but use it if you
prefer.) If you can't find your tools of choice for the old distro, put
on tcpdump, log what you need and copy the logs over for dissection by
modern tool of choice... tcpdump dates back to the 1980's so any distro
should have it no matter how old.
That said, the RangeLan2 driver very well may not have sniffing
capabilities.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT