[MLB-WIRELESS] RMIT City Campus Wireless Trials

Michael Craig mcraig at craigy.dynu.com
Thu Dec 11 09:53:19 EST 2003


Um yes it is...its ipsec

-----Original Message-----
From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au]On Behalf Of Craig Sanders
Sent: Thursday, 11 December 2003 8:53 AM
To: melbwireless at wireless.org.au
Subject: Re: [MLB-WIRELESS] RMIT City Campus Wireless Trials


On Wed, Dec 10, 2003 at 02:58:51PM +1100, Gabrielle Harrison & Paul van den
Bergen wrote:
> Swinburnes (Hawthorn) access is not encrypted... and they have no
> hassles... :-)  because they use a secure network regime [1] for their
> whole network that requires all users to authenticate prior to having
> access.  Just like anyone running any corporate network should do.

i hope the authentication process is securely encrypted.  unencrypted (or
weakly encrypted) login means that anyone with a wireless sniffer (i.e.
anyone
with a laptop and a wireless card and some free software) can easily gather
dozens or hundreds of passwords in an hour.

even if there's some reverse-engineering of the login protocol required, an
attacker can just capture the packets in real-time, then take it home and
analyse the protocol at their leisure.  at worst, a few hours or possibly
even
a few days work.

craig

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list