Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Wifi MAC address-based authentication

  1. #11
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    i would suggest looking into (P)EAP if your Cisco based
    Yes, this would be the cheapest thing to do since all you will need additionally is a shittly little linux box running free RADIUS. I have this in use now and I haven't had a single issue....yet.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #12
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Cisco's implementation is LEAP, which is very similar to PEAP but unless you are using a Cisco card (Which comes with the ACU) you will need third party software to such as Odyssey Client to make use of LEAP. PEAP however is supported by Microsoft as of Win2K_SP4 and WinXP_SP1 and can also be used to auth against a Radius server, I too would reccomend looking at FreeRadius as TH13 suggested.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #13
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: Maestr0

    I don't follow your comments Maestr0...are you stating that Cisco doesn't support (P)EAP...or that they had nothing to do w/ it?

    I respectively disagee- Cisco co-authored the PEAP specifications w/ MS and RSA to compensate for the dictionary attack vs. EAP/LEAP.

    Here's one of the best documents I've ever read re: Wireless Security and clearly supports the above statements:

    http://www.cisco.com/en/US/products/...8009c8b3.shtml

    FYI-I'm not a Cisco employee I just really enjoy their products.

    Cheers,
    <0
    Ego is the great Logic killer

  4. #14
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I'm not saying Cisco doesnt support PEAP, I'm saying Microsoft does not support LEAP (not counting the miserable excuse for LEAP/PEAP in the new WinMobile 2003) LEAP is Cisco's EAP protocol, where as PEAP is based on EAP but co-authored by Cisco, Microsoft, RSA and some other chaps and is an open RFC protocol. So you can use LEAP if you have a cisco card and the ACU (Aeronet Client Utility) or you can purchase a 3rd party client(Odyssesy) to allow other wireless cards to negotiate LEAP authentication with Cisco AP's. If you do not intend to use Cisco cards exclusively I would use PEAP which is supported natively now by MS so you dont have to purchase any third party clients.

    -Maestr0

    Also, you mentioned PEAP was developed in response to the LEAP dictionary attack, this may be true I havent researched that, but I'm fairly certain PEAP was under way long before that vulnerability was disclosed.
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #15
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    thanks for the clarification Maestr0

    Thanks for taking the time to explain your position- your comments are clear to me now. I hope I didn't come across as abrasive as I was simply attempting to interpret your comments.

    I agree with your summary. Furthermore, and for clarification on my side, I was under the impression that PEAP was developed to answer possible attack vectors such as the what was eventually proven in the dictionary attack. I didn't intend to potray PEAP as a direct answer to the specific vulnerability announcement.


    Cheers,
    <0
    Ego is the great Logic killer

  6. #16
    hey,

    " Dont go so deep in forest that you loose ur way back " ;-) , Its only abt home security.

    -- A Basic 128 bit WEP with TKIP (Cisco) / CKIP (Wi-Fi) is what is common to all devices and
    best for home networking.
    -- Another Step that can be added is MAC authentication, with the above options is another
    outstanding way to defend ur home network.
    -- It would be really tough for any one to break into this.

    Well nothing is computers is 100% secure no matter whatever u do, but this shud be more than enough to save you from newbies and mid level hackers etc. ( why wud they run after u at the first place ... its ur fear that will kill u no one else.. lol)

    That Said there are further standards for Corporate Deployment

    -- XEAP , Cisco EAP - TLS, Cisco LEAP , Cisco PEAP, Microsoft Host Based EAP ( same crap as Cisco PEAP) ..... he he he.. not this alone, add this also , if still discontented , then go for certifiacte authentication , use Token RSA Servers (OTP) with Funk Radius, Microsoft IAS, or Cisco ACS. ( just getin senti :-)) etc.

    Finally with least cost and normal residential config choose the top options.

    To crack them choose the following - Airospeek , Airsnort, Net Stumbler.

    Let me know if you need any thing else...

    Smile , u never know when someone falls in love with your smile.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •