[vox-tech] [OT] Two questions regardless Wireless 802.11b

ME dugan at passwall.com
Mon Jun 21 14:58:09 PDT 2004


Richard Crawford said:
> ME said:
>
>>> Richard Crawford said:
>>>> I'm trying to fix things up with my wireless setup at home.  I was
>>>> using WEP for awhile, but decided to stop because (a) our computers
>>>> were having a lot of frame errors and dropping the connection
>>>> frequently; and (b) I've heard that WEP is just not all that secure
>>>> anyway.  So now I'm setting it up to do MAC address filtering, and
>>>> allowing only the MAC addresses that I specify.  Seems to be working
>>>> just fine so far.
>>
>> It is better to use both as it adds a level of difficulty for casual
>> users.
>
> I'd actually like to use all three, if possible:  MAC filtering, WEP, and
> SSID hiding.  Unfortunately, as I mentioned, with WEP enabled, the signal
> kept bouncing, and my laptop kept giving me "WEP Frame Errors".  I don't
> know enough about wireless networking to figure out what this means.
>
>
>> Also, cloning of a MAC is possible and it is easy to find the MAC
>> addresses of the client with sniffing.
>
> Oh.   Dang it.  I thought I'd hit on something pretty spiffy.  Ah, well.

"Security is an ongoing process by which the user should consider thinking
of layered model, and not flat model."  :-)

Combinations work well together.

>> If the "Sony Clie TJ37" is not running Linux (I doo not know wha this
>> device is) but has an IP address, then from a machine on the same
>> wireless network try to ping its IP address, and then:
>> # cat /proc/net/arp | grep IPADDRESS_OF_DEVICE
>> while the ping is running
>> You should find the MAC.
>> (This assumes you are on the same layer-2 network without a bridge, or
>> more importantlly a router.
>
> The device runs PalmOS.  But that seems like a good approach.

If your ping passes through a Layer 3 device (or higher) for resending,
you will not get the MAC of the device, but the MAC of the interface of
the device nearest to the linux box that is running th eabove command.

>> Another method is to use Ethereal and start sniffing. You should see 3
>> MAC in the header of the layer2 data on 802.11b:
>> The MAC SRC, MAC DST, and MAC Associated Access Point
>
> Ah, okay.  Cool.

The above assumes you are sniffing with ethereal on an 802.11 interface,
not on the other side of a bridge on a wired 10BaseT/100BaseT (etc)
connection after having passed through a bridge. In such a case, you would
not see the MAC of the associated access point, and if the layer2 protocol
is substantially different (say something like token ring to ethernet) you
may end up seeing a MAC which is not the MAC of the device, but the MAC of
the bridge.

>>>> Second, I would also like to disable SSID broadcast on my wireless
>>>> network, but when I do, our laptop computers can't log in to the
>>>> network when they're turned on.  Is there a way around this?
>>
>> Sure, but it requires that you "hard code" (static config) the SSID in
>> the settings for the devices since they won't be able to learn it on
>> their own through a bcast.
>
> Need to figure out how to do that in Windoze.  Hmmmm...

Check the networking control panels for the device, and you should have a
tab to allow you to enter it. I have seen tis win windows for Linksys card
drivers for windows and Cisco card drivers for windows.

-ME



More information about the vox-tech mailing list