G'day, Not trying to rain on anyone's parade, but do either of you guys have any references for those two scenarios, out of interest?
I'm interested in the possible TEMPEST [1] style attacks, because they really shouldn't be possible except for up extremely close, and certainly shouldn't leak as transmitted data, with any reasonable design of the AP. It should absolutely be possible to get some radiant EM signals from very nearby (inches), with very sensitive equipment, as with any device that receives data, but I see no reason why the AP would "shout" RF as loudly as, say, a CRT monitor. Of course it's always possible for someone to be stupid, and I'm certainly not an electronic engineer... In any case, if the signal is effectively encrypted (ie not by WEP) signal leakage is hardly a problem. Best practice dictates that only data which is already "safe" at an IP level (IPSec, for example) be sent over wireless in any fashion. Given that, I'm having trouble visualising an effective EMSEC attack on the AP. Signal (D)DOS for a 802.11b network, which uses DSSS (direct sequence spread spectrum), should be hard [2]. Spread spectrum is specifically designed to be interference resistant, since they spread a low signal power over a wide band. 802.11b also sends 10 copies of the data, needing only one to reconstruct the signal. This is why DSSS has traditionally been used by our friends in the military. Noting my lack of electronic engineering qualifications, as above, I can't see an easy way to jam a DSSS device other than pushing out a massive jamming signal over the whole 2.4Ghz band, which would, as far as I can see, need some decidedly not off-the-shelf equipment. But in terms of trying to do this at range, to an operational navy vessel in an infowar scenario... (Not to mention the fact that a navy vessel is possibly the worst thing ever to try an network via wireless - a large solid lump of metal packed full of thick metal walls. I can't see them using it except maybe for some noncritical ship-to-ship, ship-to-shore apps). Looking forward to being proved wrong (I don't much like 802.11b either...). Cheers, [1] http://www.eskimo.com/~joelm/tempest.html (fantastic page - you _must_ check out the new paper on "Optical TEMPEST") [2] http://www.wavewireless.com/classroom/whitepapers/FHSSvDSSS.pdf (Just one of many refs, best to search oneself) -- Ben Nagy Network Security Specialist Mb: TBA PGP Key ID: 0x1A86E304 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Ron DuFresne > Sent: Thursday, May 30, 2002 2:26 AM > To: Brett Lymn > Cc: Richard Ginski; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: Opinions? Wireless access point, firewall, eth., DSL box > > > On Thu, 30 May 2002, Brett Lymn wrote: > > > On Fri, May 24, 2002 at 11:10:38AM -0500, Ron DuFresne wrote: > > > > > > Hopefully the > > > navy has smarts and have worked out something stronger the WEP to > > > secure their transmissions, course, knowing our government and > > > seeing the GAO audits as they are, I'm betting they probably have > > > not... > > > > > > > Even if they have they will still be vulnerable to a > tempest attack, > > all sorts of information can leak out over the transmitter > as "noise". > > Agreed, and there is always signal DDOS, pretty, over-ride > and eliminate the ships networking ability. > > Thanks, > > Ron DuFresne [...] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
