[Dshield] Wireless MAC Authentication options.

Willy, Andrew AWilly at eSMIL.net
Mon Jun 20 18:03:34 GMT 2005


My question seems really silly after reading your reply.  I should have
given it more thought before sending it -- thanks for straightening me out!

One other thing I'm not clear on is how someone listens in on wireless
communication.  This is something that others believe is relatively simple,
however for a ignoramus like me, it certainly isn't as easy to plugging into
a wired network and listening to broadcasts.  Is their some gizmo that
allows you to 'plug in' to wireless?

Andrew


-----Original Message-----
From: Josh Tolley [mailto:josh at raintreeinc.com]
Sent: Monday, June 20, 2005 10:22 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Wireless MAC Authentication options.


Willy, Andrew wrote:
> Forgive the dumb question (someone has to ask one), but, is the MAC
address
> not encrypted, or does encrypted traffic begin post MAC authentication?
> 
> We're implementing small scale wireless in a few of our offices and I'm
> interested in how security is circumvented -- several of our offices are
in
> shared buildings.  We're using MAC auth and keys, however the MAC auth was
> the measure I had the most confidence in.  
> 
> Can you elaborate (more) on how the MAC spoofing takes place?
> 
> Thank you
> 
> Andrew

Sure -- and someone correct me when I go wrong. The purpose of the MAC 
address is to identify the sending station at the data link layer (that 
is, between two stations on the same network). These stations don't 
identify each other by IP address, as you might think, because IP 
addresses are at the network layer, one layer higher than data link. The 
MAC address is encoded into every transceiver on the network, and 
ideally they're unique for every single one. In these respects, wireless 
ethernet MAC addresses work just like those in wired ethernet, although 
the format of the wireless frame is different from that of the wired frame.

The data isn't encrypted -- I can't actually see a way that it could be 
encrypted without breaking everything. The encryption begins later on in 
the frame. If they were, stations on the network wouldn't know the 
source or destination of packets they see, and so they wouldn't know if 
they're supposed to process the packet or not.

Most wireless hardware and the drivers for it include some capability to 
change the built-in MAC address to something else. This is useful in 
case two devices on a network end up with the same MAC address (because 
with the same MAC address, communication would be impossible). But it 
also makes it possible for someone who has snooped a MAC address by 
simply listening to transmissios to change his address to something 
that's valid on the network. Then he can talk to the access point 
without any problem (unless the other station with the matching MAC 
tries to talk on the network or is listening when the attacker sends, in 
which case you'll run into problems of communication because of the 
matching MACs).

--
Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000
-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at esmil.com - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related
regulations.



More information about the list mailing list