On 24 Oct 2005 at 16:56, Troy wrote: > True, but how many people are associated with their AP 24/7? If you're only
Tons, many folks leave their machines on overnight, entertainment pc's and devices in particular. I go to lots of peoples homes and business in my work, so I have some experience with this. It's sad as even the people who ought to know better..... > connected to your AP when you're actively using it, somebody would either have > to get lucky or would need to stake out your AP until you connect. Even if you > are connected when somebody tries to access your AP, I doubt most casual > wardrivers will even bother to sniff for a MAC address. It's no extra effort, I use Wellenreiter on my Sharp Zaurus (linux based) and it shows the mac address of the nic's and ap's. Heck at one customers site, it even picked up some wired machines on the network in addition to the wireless ones even though they have wep enabled. If you are connected, many machines, particularly windows will send out regular packets (beacon packets IIRC), it doesn't take all that long to get them, You can also do things like break any existing associations which forces them to reconnect, giving you more packets to play with. > Most of the time, sniffing will be fruitless, so why bother even trying > when you can just try the next AP on the list to see if you connect > without MAC spoofing? Have you actually done any wardriving? Personally I only do stuff like that to demostrate to clients their lax wireless security. The hackers have other motives.... > > Granted, relying only on MAC restrictions to secure your LAN is not a good > idea, since somebody *could* just happen to sniff while you're connected, With the right sniffing tools like wellenreiter or kismet (unix based tools), ministumbler (windows and pocket pc) et al, it's not much work at all. With things like beacon packets and broadcast ssid's, it's downright simple. > which is why you should use additional security. Still, if somebody wants on, > they'll get on, Agreed. It's all about risk management. Problem is most people have NO IDEA of the risks involved nor the costs, financial, information leakage wise or legally. so the best security is to keep your AP outside of your > firewall. Then, if somebody does manage to connect to it, despite your > security measures, they'd be no more a threat than any other hacker on the > Internet. Nope not true again, if they send enough spam, or porn, or heaven forbid child porn, just whose door do you think the police are going to come knocking on? > In any case, if you've secured your AP the best it can be, most malicious > hackers won't spend the time needed to crack it, unless you're the only AP > around for miles. In that case, you'd want to turn off the AP when you're not > using it and closely monitor it when you are. You make the assumption that hacking an access point is difficult. Here are some articles that say otherwise and give you step by step to do it. With 2 laptops, 128bit wep can be cracked in 5 minutes to 1 hour. This doesn't even take any skill, all you need to do is follow step by step. http://www.tomsnetworking.com/Sections-article111.php http://www.tomsnetworking.com/Sections-article118.php http://www.tomsnetworking.com/Sections-article120.php http://www.tomsnetworking.com/Sections-article124.php -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about anything: [EMAIL PROTECTED] Official Win-Home List Members Profiles Page http://www.besteffort.com/winhome/Profiles.html
