Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Spam

Journal jeffy124's Journal: New reasons for securing WLANs 10

Journal by jeffy124

In a talk at the International Security Users Conference in London, Adrian Wright has an interesting theory about future trends in spam: Drive by spamming. Most organizations configure their mail relays to be completely open from within their LAN, and closed to all those outside their subnet. The problem comes from the use of open wireless LANs being used to exploit this for sending spam.

This discussion has been archived. No new comments can be posted.

New reasons for securing WLANs More

New reasons for securing WLANs

Comments Filter:
  • Like P2P, one can not kill spam by outlawing it. It must come from the other end: the demand.

    Someone...some idiot... must be buying the products spammers push, otherwise no one would spam. We must find this person (I believe there is only one), and kill--or permanently ban him/her/it from ever having an email account.

  • It may be open, it doesn't even use WEP (considering I generally only use it to read Slashdot, handle Fantasy Football, and act as a node to my MP3 collection to the nearest set of speakers I can find) -- what it does employ is a MAC Access list. If your MAC isn't on the list, your packets don't get forwarded.

    It's that simple.

    I think it's nigh criminal that there are APs out there that either use cheap instant-WEP solutions (which don't have this feature), or clueless admins (that didn't think to setting it up).

    Would it be that difficult for all APs to be built with this feature? It just seems like common sense to me.

    • I know when Drexel installed a WLAN, they immediately required knowing your MAC, and whether your card was WEP-enabled. They gave users the option of to use or not to use WEP for compatibility with older cards. When WEP was first broken, they began offering the ability to make your laptop a VPN node with a secured connection to makeup for WEPs shortcommings.

      I imagine insecure WAPs are another case of default installs. I've never assembled a WAP, but I'm postulating that out-of-the-box WAP routers/antennas/whatever have white-list and WEP disabled. If WAPs came pre-configured for WEP and/or with an empty ACL, there would probably be a lot less open WLANs out there, as admins would quickly find that their systems couldn't connect and would try and figure out why. Hmm. Yet another good argument favoring secure-by-default.
    • Using MACs isn't secure, you can just grab anyone out of the air with etheral or something like that, and then change/reassign you MAC address on your card to one that will allow you in. Most cards allow you to change the MAC address.

      It would take about 2 minutes at most to circumvent and only stop people who don't know what they are doing anyway. Personally I think WEP would be much better + a firewall or DMZ.

      • Using MACs isn't secure, you can just grab anyone out of the air with etheral or something like that, and then change/reassign you MAC address on your card to one that will allow you in. Most cards allow you to change the MAC address.


        It would take about 2 minutes at most to circumvent and only stop people who don't know what they are doing anyway. Personally I think WEP would be much better + a firewall or DMZ.

        This is assuming that you can somehow social engineer your way into obtaining an allowed MAC address in the first place. This is a chicken-and-egg problem. The ability to change MAC addresses is one thing, but if you don't know the allowed MAC addresses in the first place, you are still left stuck outside the WLAN.

        I have no plans to pass out the MAC addresses associated with my WLAN, so I have yet to see how an attacker can sneak on to my WLAN by spoofing.

        Also, WEP isn't secure either, it just takes a bit longer to break. It's already been proven that you can break WEP by just watching the network traffic for a few hours (until the software has enough samples of the encrypted stream to break the key). To my knowledge, there is are already packages to do this.

        • I have no plans to pass out the MAC addresses associated with my WLAN, so I have yet to see how an attacker can sneak on to my WLAN by spoofing.

          I don't think it matters, I think all the wireless packets you xmit have the MAC in them, so as soon as you connect to the WLAN, someone can grab that packet out of the air. Not 100% sure on this as i have not done it myself, but people on the mailings list i read say don't trust MAC filtering at all.

          As for wep, the below article changed my mind (btw, i recommend WEP+firewall, not just WEP):

          Here are the facts on how "easy" it is to crack WEP.

          First, in order to crack a WEP password, sniffing programs like Airsnort need a certain number of packets with weak keys. Out of the sixteen million keys which can be generated by WEP cards, about nine thousand are weak (for 128 bit encryption.) These packets with weak keys are regarded as "interesting" by the sniffer software. The highly regarded Airsnort sniffing software boast that "most" passwords can be guessed after about two thousand interesting packets. Some as few as 1200-1500, others as many as 3500-4000.

          Now, Airsnort use an example in their FAQ, of a business that has four employees using wireless, all using the same password. If these employees surf the net pretty continuously throughout the day (they're not very good employees), they will generate about a million packets a day in total which equates to approximately a hundred and twenty interesting packets every day. Airsnort boasts that anywhere between 10 and 33 days, the network will almost certainly be cracked!!

          By their logic, you can figure that a company with 40 employees using wireless could take between 24 hours and 80 hours. A company with 100 employees using wireless (that's a lot of wireless cards on the same LAN using the same password!!) could take between 10 hours and 33 hours. It would seem that changing the password regularly should keep sniffing programs at bay.

          You should be aware that WEP means Wired Equivalent Privacy. In other words WEP was never designed to be a security tool. For complete security, users should implement some kind of end-to-end encryption (Protocols like SSL and SSH). Customers should also use some sort of authentication to keep users off the network should sniffers crack the key.

    1. Block outbound and inbound port 25 traffic, or only allow port 25 access to/from your MX.
    2. Route HTTP requests thru a web-proxy. This will cut down on the latest spammer trick of (ab)using open http connect proxies and the like.
    3. Block all other ports, unless needed. This will also cut down on spammers (ab)using proxies.

Slashdot Top Deals

In a five year period we can get one superb programming language. Only we can't control when the five year period will begin.

Close