[ale] Access Point honey pots - Now WPA

Hogg, Russell E ctcrreho at opm.gov
Tue Sep 30 13:08:26 EDT 2003



Fake AP isn't really a honeypot, at least not as I understand honey pots.
Am sure the Security experts on list can specify.  The APs it "creates"
don't actually exist.  It's just a way to try and hide your AP in the flood
of packets.  I think it's interesting and maybe even cool, but doesn't count
much for security.  Unless maybe it's in addition to a lot of other good
measures.

As far as security concerns and wireless the little reading I've done of
late suggests that this 802.11i stuff is the real deal.  Some of the
manufacturers are already selling proprietary stuff that's near the i
standard and calling it WPA.  

WPA I think is Wi-Fi protected Access.

Anyone know any more or heard anything about WPA being breakable too?

-Russ








____________________________________________
ctcrreho at opm.gov



-----Original Message-----
From: Stephen Touset [mailto:stephen at touset.org] 
Sent: Tuesday, September 30, 2003 1:30 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Access Point honey pots

synco gibraldter wrote:

> On 29 Sep 2003 at 22:05, Christopher Fowler wrote:
> 
> 
>>I think I remeber a software package that created multiple access
>>points on a wireless card to foil would be hackers. Is there such a
>>beast?
> 
> 
> what kind of foiling are we talkin bout?  i assume you're talking about
wep?  the best 
> way to avoid your wlan being hacked is to not trust wep at ALL... it's a
serious piece, 
> man.  do a vpn-ish setup or something... even if they find it, it's 'safe'
by reasonable 
> standards (where as wep as a joke).  of course masking it in with a lot of
ap's 
> couldn't hurt, but even if i had a million fake wep-secured wlans, i
wouldn't trust my 
> real one in the midst of them all.
> 
> --    synco gibraldter
> --    atlanta, ga
> --    synco at xodarap.net
> --    key id: 0xC5117E0A
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

Not to mention, what could a honeypot do in this case? At the most, it's 
simply security through obscurity. Think about it--you can't even block 
them from trying again. You could easily autoblock MAC addresses, but 
those are easy to spoof. It would be trivial to write a script that 
scans for APs, telnets to port 80 on a known webserver, and if it fails, 
change the MAC address and try again.

-----
Stephen Touset <stephen at touset.org>


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale


-------------------------------
--  Even though this E-Mail has been scanned and found clean of  
--  known viruses, OPM can not guarantee this message is virus free.
-------------------------------
--  This message was automatically generated.
-------------------------------mi
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list