[MLB-WIRELESS] Security problems with Netgear 802.11g kit and WEP??

[Andrew Harcourt]

G'day everyone,

I recently had an interesting experience with WEP and a new Netgear
802.11g wireless access point.

The network it was on had a separate DHCP server on the wired side of
the access point. When I connected my notebook to the network, it
couldn't get a DHCP lease - which is good, as I hadn't given it the WEP
key yet. However, the DHCP server's ARP tables could see me!! It had an
entry for my MAC address and the 169.254.x.x address my machine chose
for itself.

It looks like the access point is accepting unencrypted traffic but only
transmitting encrypted traffic - in other words, I can put packets onto
the wired network, but can't get them off it again. This doesn't look
good.

Does anyone know if this is specific to Netgear kit? I'd have trouble
believing it was a flaw in the WEP standard, but I've never tested for
it before.




Regards,
Andrew







To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message