[unisog] fw: insecure wireless LAN deployment at .edu

José Domínguez jad at network-services.uoregon.edu
Thu Jan 24 00:49:52 GMT 2002


On 01/23/2002 18:51 EST, Ryan J Standish wrote:
 
> > If your MAC address isn't "registered" in the hosts.master file, you can't 
> > even login from a wireless LAN.
> 
> Unfortunately some wireless clients allow you to change your MAC address.
> So all you have to do is sniff the wireless network and find a good MAC
> address and change yours.
> 

Yes, this will be a problem although not a new one. You can do the 
same thing with IP addresses. Basically, anything based in some kind 
of ACL can be fooled. 

You can make it a bit harder by having people configure specific client 
ids for their dhcp requests but this also can be fooled.

I believe that Paul said that you also have to authenticate with some 
sort of username/password for it to work. 

In my view you have to decide between client flexibility and security 
or get some compromise in between. These two are inversely 
proportional. 

I guess the first question you need to ask is what are you trying to 
accomplish by deploying a wireless network. The answer to this will 
help you narrow down your choices.

JosE.



More information about the unisog mailing list