[MLB-WIRELESS] another stupid q, about dhcp

Tony Langdon, VK3JED vk3jed at optushome.com.au
Wed Apr 3 22:24:56 EST 2002


At 10:13 PM 3/04/2002 +1000, Adrian Close wrote:

>1. 'tcpdump -n -i wi0' (or go find a packet sniffer for your OS).
>2. Wait a few seconds.
>3. Voila!

Yep. :)


> > >2. Sniffing the network for a valid MAC address, setting your own MAC
> > >address to the same value and requesting a DHCP lease.
> >
> > This would be even easier than #1. :)
>
>The problem is you're far more likely to be noticed, because you'll
>probably collide with a legitimate user.

True...  But the manually configured IP can too (remember, I'm the sort of 
person who might just limit access to the next router to the DHCP reserved 
IPs...  And if a MAC address is gonna collide in that environment, so's 
it's corresponding IP! :)

> > Yes, there's no true "unique and secure identifier".
>
>Actually, what I meant was that you can't assign tokens to known nodes and
>use them as authenticators, because they're there for the sniffing and can
>be used/replayed regardless of what secure one-way hash generated them.
>Once you've used them once, they're useless.

Agreed.

>Of course, another approach would be to use tokens like this in a one-time
>pad kind of scenario but I suspect that involves some non-trivial
>collusion between node and authenticating server.  Actually, this idea
>might even have some merit...  It won't stop the sniffers dead in their
>tracks, might it might be better than nothing.  What do others think of
>this?

Some kind of challenge-response system could be workable...

> > Yeah, the big problem with IPSec are the Win9x boxes floating around, and
> > NT as well.  Win2k supports it out of the box, as does XP.  And yeah, the
>
>*cough*
>
>I haven't played with XP's IPSEC implementation but I sure hope they've
>done some work on it since the useless Windows 2000 stuff.

I haven't looked at either...

>I'm not a huge fan of NAI, but believe it or not the PGPNet part of the
>PGP suite is actually really good.  Pity they killed it.  It is just
>possible that the freeware version (which already does host-host mode)
>might actually get host-subnet capabilities), which would be a huge bonus
>for use of IPSEC on public WLANs...

Hmm, could be interestinf


> > config side is a pain.  I've looked over the FreeS/WAN docs and hmmmm. :)
>
>Actually, FreeS/WAN isn't that hard to get going, especially if it's
>integrated into your distribution (e.g. Mandrake).  The configuration is
>confusing, but that's nothing you can't fix with a quick (as in
>_short_ so people will read it) HOWTO.

Problem is I use Red Hat and that requires some stuffing around...


> > Well, that's the wireless equivalent to cutting the network cable...
> > :-)  However, when that's all running, you should be able to watch the
> > pictures if you have an old analogue satellite receiver and a pre-Galaxy
> > downconverter (older then the normal Galaxy ones).
>
>Now _that_ is a cool idea, my friend (I assume you mean "watching" the
>802.11 packets on TV).  Great at parties (cf. "Cthuga")!  ;)

Hehehe, no, just whatever video I feed the system. ;)

73 de Tony, VK3JED
http://vk3jed.vk.irlp.net


More information about the Melbwireless mailing list