resent because this list currently bounces gpg email signing content types.
-----Forwarded Message----- From: vortex <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [nycwireless] [Another App Idea] Wireless Port Knocking Date: Wed, 18 Aug 2004 09:30:54 +0100 hi jon, On Mon, 2004-08-16 at 08:29, Jon Baer wrote: > Im including a short readme from something Ive been tearing apart from > different projects and trying to glue together. Feedback always good :-) I've been watching at the sidelines over the recent port knocking groundswell, and I *really* have to admit - I don't get it. I want to, but I don't. Why do this? And doubly so for "hiding" wireless beacon frames. Even if the port knocking sequence is cryptographically strong, how will it help? And how will it help with wifi? Once one or more clients have associated, wifi frames are broadcast, and thus receivable by a third party. It seems to be an unnecessary (obscure) but interesting (obscure) facility (non-standard hack). Yes, I've read Krzywinski's protestations over obscurity, but they just don't cut the mustard. He fails to address exactly what risk port knocking mitigates. Wait a minute ... unless ... of course! ... send your second public key over the IP packet TOS bits while you knock ... ;-) shine, .vortex > -snip- > WKNOCK 0.1 alpha "Knock, knock" "Who's there?" > Wireless Port Knocking > + Proof of Concept > + Jon Baer ([EMAIL PROTECTED]) > > What is wknock? > > Wknock is a port knocking scheme for wireless networks. A daemon listens > for a sequence in monitor mode and when the right sequence is established > it will place itself into master mode and act as the AP. Once the > disassociation occurs or the session (DHCP) has timed out, the link is > closed and must be established with a new knock sequence. > > This is a proof of concept and is not intended to be used in a production > environment or even deployed. It is just an idea I had when reading about > portknocking for TCP/UDP sequences and thought it could be also used for > 802.11 management. > > It allows you to "hide" an AP which broadcasts no beacons or probe > responses until the correct packet sequence is heard by the AP. > > Usage: > > On the AP: > > wknockd -c wknockd.conf > > On the client STA: > > wknock -essid [essid] (or -bssid [mac]) (-f binary file) (-s hex sequence) > > This currently only works with HostAP drivers on Linux. > > For more info on port knocking in general see http://www.portknocking.org > > This primary testbed for this project was a Thinkpad T20 running RedHat 9 > with HostAP drivers and a WRT54G access point. > -snip- > -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
