[MLB-WIRELESS] RMIT City Campus Wireless Trials
Michael Craig
mcraig at craigy.dynu.com
Thu Dec 11 09:53:19 EST 2003
Um yes it is...its ipsec
-----Original Message-----
From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au]On Behalf Of Craig Sanders
Sent: Thursday, 11 December 2003 8:53 AM
To: melbwireless at wireless.org.au
Subject: Re: [MLB-WIRELESS] RMIT City Campus Wireless Trials
On Wed, Dec 10, 2003 at 02:58:51PM +1100, Gabrielle Harrison & Paul van den
Bergen wrote:
> Swinburnes (Hawthorn) access is not encrypted... and they have no
> hassles... :-) because they use a secure network regime [1] for their
> whole network that requires all users to authenticate prior to having
> access. Just like anyone running any corporate network should do.
i hope the authentication process is securely encrypted. unencrypted (or
weakly encrypted) login means that anyone with a wireless sniffer (i.e.
anyone
with a laptop and a wireless card and some free software) can easily gather
dozens or hundreds of passwords in an hour.
even if there's some reverse-engineering of the login protocol required, an
attacker can just capture the packets in real-time, then take it home and
analyse the protocol at their leisure. at worst, a few hours or possibly
even
a few days work.
craig
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list