Ok, I do not know about eapol for wireless products, just hardline. when you plug in your device, you won't be able to see any broadcasts until you go through the eapol process with the MAC of the NIC, so if they have access to a PC, they can look at the pc MAC, then spoof it on the switch with their own device.
BUT if they already have access to a network PC, why don't they just boot from CD and load whatever CD os with there tools on it ! that way they don't have to worry about spoofing. I kinda thought this is what WEP was for? How about depending on os, the client side of wireless, had a cert file, that creates a VPN that all traffic gets sent through, Not impossible to sniff, but just would take them a while, depending how strong crypto you use. --- Sebastian Schneider <[EMAIL PROTECTED]> wrote: > no problem ;-) > > > > > I am sorry I got on this late... Some switches support > > eapol > > that works with a radius server to auth mac address at > port > > level before the switch will enable that port... I have > > done limited testing. If you unplug a live connect, > not > > only will someone be calling saying that something > doesn't > > work, but when they plug in there NIC the switch will > see a > > new MAC and disable the port. > > > > > > Some one can give some ideas about MAC spoofing, But > > doesn't the NIC give its real MAC to the switch while > you > > are trying to spoof someone elses MAC? > > if someone is setting the card into listening mode, > nobody > will get any address (i haven't checked this one out > yet)... > and by analyzing broadcast traffic you might be able to > get existing MACs on the network and spoof hosts easily. > this is a big deal for wireless based communications > On Saturday 09 August 2003 17:18, White-Tiger wrote: > > I am sorry I got on this late... Some switches support > > eapol > > that works with a radius server to auth mac address at > port > > level before the switch will enable that port... I have > > done limited testing. If you unplug a live connect, > not > > only will someone be calling saying that something > doesn't > > work, but when they plug in there NIC the switch will > see a > > new MAC and disable the port. > > > > > > Some one can give some ideas about MAC spoofing, But > > doesn't the NIC give its real MAC to the switch while > you > > are trying to spoof someone elses MAC? > > > > if this is the case, then you can disable and port that > is > > not a known MAC. > > > > I have a baystack450, and I can setup the MAC in each > of > > the switchs, but that will be kinda hard to maintain. > So > > I am looking at free radius for OpenBSD that supports > > eapol, so I can just setup a file with all allowed > MACs. > > > > Hope this helps, sorry if someone already said this, I > am > > a little late on the thread. > > > > > > WT > > > > --- Sebastian Schneider <[EMAIL PROTECTED]> wrote: > > > On Friday 08 August 2003 14:19, CHRIS GRABENSTEIN > wrote: > > > > As far as the hard wires, I think the best solution > is > > > > > > to search out those > > > > > > > unused ports and unplug them from the switch. They > can > > > > > > be quickly > > > > > > > reconnected if needed, and you'll know about it. > > > > > > I guess you're actually aware, that not everyone is > > > locking up rooms > > > containing switches. > > > And just plugging out unused cables won't be > sufficient, > > > since usually > > > I just can plug out any computer and plug in my own. > > > > > > > |-----Original Message----- > > > > |From: netsec novice [mailto:[EMAIL PROTECTED] > > > > |Sent: Thursday, August 07, 2003 4:51 PM > > > > |To: [EMAIL PROTECTED] > > > > |Subject: Network scanning > > > > | > > > > | > > > > |Are there tools out there that would allow system > > > > > > administrators to be > > > > > > > |notified when a new workstation attaches to a > network? > > > > > > I'm > > > > > > > |thinking both > > > > |wireless and ethernet in this case. SNMP maybe? > I am > > > > > > in a > > > > > > > |credit union > > > > |environment and my concern is that someone would > be > > > > > > able to steal an > > > > > > > |existing jack or a jack that is not physically > > > > > > protected but > > > > > > > |live and be > > > > |able to capture traffic or do reconaissance. We > don't > > > > > > have > > > > > > > |Wireless access > > > > |at this point but may look to it in the future. > My > > > > > > only > > > > > > > |thought in that > > > > |case would be to encrypt all traffic since > wireless > > > > > > security > > > > > > > |is a bit scary > > > > |at this point. Any ideas? > > > > > --------------------------------------------------------------------------- > > > > > > > --------------------------------------------------------------------------- > > > > > >- > > > > > > -- > > > > > > ----------------------------- > > > straightLiners IT Consulting & Services > > > Sebastian Schneider > > > Metzer Str. 12 > > > 13595 Berlin > > > Germany > > > > > > Phone: +49-30-3510-6168 > > > Fax: +49-30-3510-6169 > > > Mail: [EMAIL PROTECTED] > > > > > > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich > > > geschützte Informationen. > > > Wenn Sie nicht der richtige Adressat sind oder diese > > > E-Mail irrtümlich > > > erhalten haben, > > > informieren Sie bitte sofort den Absender und > vernichten > > > Sie diese Mail. > > > Das unerlaubte Kopieren sowie die unbefugte > Weitergabe > > > dieser Mail ist nicht > > > gestattet. > > > > > > This e-mail may contain confidential and/or > privileged > > > information. > > > If you are not the intended recipient (or have > received > > > this e-mail in error) > > > please notify the sender immediately and destroy this > > > e-mail. Any unauthorized > > > copying, > > > disclosure or distribution of the material in this > e-mail > > > is strictly > > > forbidden. > > > > > --------------------------------------------------------------------------- > > > > > --------------------------------------------------------------------------- > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
