[unisog] fw: insecure wireless LAN deployment at .edu
jad at network-services.uoregon.edu
Thu Jan 24 00:49:52 GMT 2002
On 01/23/2002 18:51 EST, Ryan J Standish wrote:
> > If your MAC address isn't "registered" in the hosts.master file, you can't
> > even login from a wireless LAN.
> Unfortunately some wireless clients allow you to change your MAC address.
> So all you have to do is sniff the wireless network and find a good MAC
> address and change yours.
Yes, this will be a problem although not a new one. You can do the
same thing with IP addresses. Basically, anything based in some kind
of ACL can be fooled.
You can make it a bit harder by having people configure specific client
ids for their dhcp requests but this also can be fooled.
I believe that Paul said that you also have to authenticate with some
sort of username/password for it to work.
In my view you have to decide between client flexibility and security
or get some compromise in between. These two are inversely
I guess the first question you need to ask is what are you trying to
accomplish by deploying a wireless network. The answer to this will
help you narrow down your choices.
More information about the unisog