[MLB-WIRELESS] Security problems with Netgear 802.11g kit and WEP??

Fenn Bailey fenn_b at smktech.com.au
Tue Jul 8 12:51:59 EST 2003 

Hey All,

My knowledge of WEP is not very great (in fact, it's fairly limited), but it
is possible that some traffic is 'allowed' pre-WEP auth (for a variety of
reasons).

However, if it is implemented as suspected below, this is a Bad Thing(tm).
Coming up with your MAC address via ARP doesn't necessarily mean that the AP
is doing anything horrendously bad. What would be quite terrible though, is
if it is truly passing packets unencrypted from the wired side of the AP to
the wireless.

If possible, it would be great if you could manually set an IP on one of
your wireless clients and attempt to ping something on the far side of the
wireless/wired bridge, whilst running tcpdump on an internal machine.

If the ICMP packets come up, then this is truly bad. Interesting though.

	Fenn.

> -----Original Message-----
> From: owner-melbwireless at wireless.org.au 
> [mailto:owner-melbwireless at wireless.org.au] On Behalf Of 
> Andrew Harcourt
> Sent: Tuesday, 8 July 2003 12:31 PM
> To: melbwireless at wireless.org.au
> Subject: [MLB-WIRELESS] Security problems with Netgear 
> 802.11g kit and WEP??
> 
> 
> 
> G'day everyone,
> 
> I recently had an interesting experience with WEP and a new Netgear
> 802.11g wireless access point.
> 
> The network it was on had a separate DHCP server on the wired side of
> the access point. When I connected my notebook to the network, it
> couldn't get a DHCP lease - which is good, as I hadn't given 
> it the WEP
> key yet. However, the DHCP server's ARP tables could see me!! 
> It had an
> entry for my MAC address and the 169.254.x.x address my machine chose
> for itself.
> 
> It looks like the access point is accepting unencrypted 
> traffic but only
> transmitting encrypted traffic - in other words, I can put 
> packets onto
> the wired network, but can't get them off it again. This doesn't look
> good.
> 
> Does anyone know if this is specific to Netgear kit? I'd have trouble
> believing it was a flaw in the WEP standard, but I've never tested for
> it before.
> 
> 
> 
> 
> Regards,
> Andrew
> 
> 
> 
> 
> 
> 
> 
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
> 


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list