Prev: Article: iPad wins the jerk demographic
Next: NEWS: Boffins authenticate Apple 'Antennagate'
From: DevilsPGD on 30 Jul 2010 18:57
In message <i2vgp2$lts$1(a)speranza.aioe.org> Dobie <DobieG(a)gmail.com> was
claimed to have wrote:

>DevilsPGD <Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote in
>news:1gd4565s83iq8hhaajpcvvvijmccvl8jo7(a)4ax.com:
>
>> You can deny a computer on any basis your AP allows. In
>general this
>> means MAC addresses, occasionally hostnames or similar, in
>rare cases
>> other parameters are probably going to be possible too.
>
>Rare cases?

Depends on your hardware and software, yes. Most people buy the
cheapest thing at Best Buy, this severely limits your options vs what
higher end choices might allow.

>Paramaters? Such as?

Well, one example would be to allow 802.11b or g clients. Another might
be only allow WPA2-PSK but not WPA-PSK.

>Do you even know what your talking about?

If you use manufacturer supplied software on your AP then your ability
to set limitations are based on the feature set the manufacturer
provided. Most APs will only let you allow/deny wireless access based
on MAC address (and of course compatible encryption settings)

A few will block by hostname, although technically speaking they
actually do have to allow the wireless connection first, then once the
hostname is known, decide whether to route packets or not.

If you control the software on your AP then your ability to code will be
your only imagination and coding skills.
From: Aaron Leonard on 30 Jul 2010 19:40
>Can access points be configured such that they are undetectable by
the typical
>hobbiest wifi radio scan assuming that they are in range of the
transceiver?
>With Windows? With Linux? Other than hostname and Mac address, can
particular
>computers be denied replies to a scan, based on what other paramters?
Can
>netstumbler or some other software discover these "shielded" aps?
>
>(at work, hence anonymous usenet access)

Sure, turn off the AP's radio, and it'll be hard to detect it.

What's your goal here, exactly?
From: bod43 on 30 Jul 2010 20:55
On 31 July, 00:40, Aaron Leonard <Aa...(a)Cisco.COM> wrote:
> >Can access points be configured such that they are undetectable by
> the typical
> >hobbiest wifi radio scan assuming that they are in range of the
> transceiver?
> >With Windows? With Linux? Other than hostname and Mac address, can
> particular
> >computers be denied replies to a scan, based on what other paramters?
> Can
> >netstumbler or some other software discover these "shielded" aps?
>
> >(at work, hence anonymous usenet access)
>
> Sure, turn off the AP's radio, and it'll be hard to detect it.
>
:-))

Remember that many devices (PCs) allow mac addresses
to be changed too. The wireless drivers on my
Vista PC though only allow correctly formated
LAAs.

I could imagine someone finding an Access Point,
sniffing the traffic, changing the MAC address of their PC
to match that of a permitted client and then gaining access.

Of course long random keys and WPA or even better WPA2
seem to still be secure.

WEP is useless against all but the clueless. It looks to me
that MAC address filtering must be similarly hopeless although
I have not tried it in practise.


From: John Navas on 30 Jul 2010 21:52
On Fri, 30 Jul 2010 15:57:07 -0700, in
<ipl656pres2kcclftlsbq1sdpq8bsdan9a(a)4ax.com>, DevilsPGD
<Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote:

>If you use manufacturer supplied software on your AP then your ability
>to set limitations are based on the feature set the manufacturer
>provided. Most APs will only let you allow/deny wireless access based
>on MAC address (and of course compatible encryption settings)
>
>A few will block by hostname, although technically speaking they
>actually do have to allow the wireless connection first, then once the
>hostname is known, decide whether to route packets or not.
>
>If you control the software on your AP then your ability to code will be
>your only imagination and coding skills.

The radio has to be on for the AP to do anything useful, which is easily
detectable no matter what your imagination and coding skills.

--
John FAQ for Wireless Internet: <http://wireless.navas.us>
FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: John Navas on 30 Jul 2010 21:54
On Fri, 30 Jul 2010 17:55:58 -0700 (PDT), in
<370697a9-820c-47a4-a80f-19320a4dc1b2(a)d37g2000yqm.googlegroups.com>,
bod43 <Bod43(a)hotmail.co.uk> wrote:

>I could imagine someone finding an Access Point,
>sniffing the traffic, changing the MAC address of their PC
>to match that of a permitted client and then gaining access.
>
>Of course long random keys and WPA or even better WPA2
>seem to still be secure.

Not true, unfortunately. See my post
"NEWS: Security shortcomings in WPA2 that threaten security of wireless
networks". PSK also has weaknesses.

--
John FAQ for Wireless Internet: <http://wireless.navas.us>
FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
 |  Next  |  Last
Pages: 1 2 3
Prev: Article: iPad wins the jerk demographic
Next: NEWS: Boffins authenticate Apple 'Antennagate'