Wifi Security
Gadi Evron
ge at linuxbox.org
Mon Nov 21 16:10:46 UTC 2005
> Leaving the politics aside, it's a lot harder than it seems. After an
> active attack at a security conference a few years ago, a prof had some
> of his grad students investigate it. Multipath, variable signal
> attenuation, and the like make it very, very hard. (If it worked, the
> idea was to embed the localizer in a WiFi-equipped Sony Aibo -- a robot
> dog to hunt down miscreants...)
>
> Btw -- a lot of hot spots already do ARP-filtering to block ARP-level
> attacks on the default router's MAC address. This problem is already
> out there.
>
> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
I am always careful when I write "ALL", "EVERY*" or "VERY", however, it
is very simple. Point is that like with everything else, the Bad Guys
learn and have a fountain of knowledge called recent Internet history to
learn from.
Employing different evasion techniques can indeed be a problem and this
will turn into a very disturbing war of cop and thief, never ending and
always advancing.. yet, it does allow for an active hand in combating
these individuals if operational teams will be ready and equipped to
answer the call when the time comes, instead of after it's already an
epidemic.
Further, just one solution is never enough... strong security, security
policy and intrusion detection systems for the real systems and AP's are
going to be essential.
Once again I fear these things will not be invested upon until they are
useless and a money-drain.
But aside to all that I must once again bow before your wisdom and
humble my opinion to "yeah, it's not that simple".
:)
"Google wifi security operations". Yummy! Now my mind is just floating
with ideas.. I hope theirs are as well.
Gadi.
More information about the NANOG
mailing list