October 9th, 2001, 09:43 PM
bypassing an access list
I have an 802.11b wireless network setup here, with access point and a few clients, that I am using for testing. My objective is to find as many ways to break into it as I can.
with 802.11 there are very few security features, they include closing the system (only allowing access if you know the network name), WEP encryption, and access lists.
Finding out the network name is the easiest, hell most wireless cards have a feature for scanning to find access points, and displays the network name of any it finds. so thats a nobrainer.
WEP encryption is also simple to break. I have a linux box with a prism2 card and airsnort, so I can break any WEP key, its only takes time.
The access list is the tough one. basicly what it is is a list of the MAC addresses of machines that are allowed to pass data through the access point.
You can get a radio link, but cannot pass data through the AP. This creates one security hole, you can't pass data through the AP, but you can connect to other client devices associated to the AP.
Since the AP is a bridge the access list functions on the MAC layer, so simply bouncing your packets off of a device that has access does not work.
I am guessing that what I would have to do is spoof the MAC address of a device that has access.
Is this possible?
I have been looking for any documentation I can on this and have not found anything useful.
I have windows and linux machines at my disposal, and can probably get whatever hard ware I need to do this with.
October 9th, 2001, 10:32 PM
I know it is possible to spoof MAC addresses of NICs, because my friend and I had to do that to get his router to work with his cable modem (bastards thought something that simple would stop us, HA). Anyway, I know you can do it, with certain NICs, but wireless is a ballpark I have never played at. I would think that it is possible (ok, anything is possible, but I don't want to get into the philosophical discussion involving predicates and domains) it is just a matter of figuring out how.
I wouldn't think that you would need to get anything in the way of hardware, unless there is a wireless card that is easier to spoof the MAC on.
but now, I bow out,
October 10th, 2001, 04:24 PM
Well, windows systems recognize wireless cards just like any other NIC. So do linux systems, except that they are started differnetly, and run off of different scripts.
I figure as long as the card will accept it, MAC spoofing tecniques for NICs may work.
Could you share the proccess you used to do this? please?
All I need is something to get me on the right track, I should be able to figure it out from there.