Hams Report 85-mile 802.11b File Transfers @ Oregon

Wed Apr 14 14:37:58 PDT 2004

Quoting richard childers / kg6hac (fscked at pacbell.net):
> Those of you inclined towards worrying about eavesdroppers will find the 
> following interesting ... QST Magazine (or was it NASA Tech Briefs?) 

Yeah, references are a good idea when you make assertions.

> recently reported that two people successfully achieved connectivity and 
> exchanged files across a span of 85 miles, using COTS technology and 
> antennas optimized for operation in the 2.4 gHz frequency.

Two people working together with a PAIR on antennae optimized
for this.

Whereas my little AP does NOT have a 6' parabolic antenna and high
gain radio in it.
Whereas my little AP is hard to hear in the guest room.

> People operating 802.11b networks in corporate environments, take note - 
> your networks can probably be monitored from anywhere within a few 
> [dozen?] miles of the antenna, depending upon obstructions, and perhaps 
> from over the horizon, as well.

Well, depending on radio, antenna, power and several things...

But I'll take the surface intent of your note and offer that
it's clearly been a Best Practice, from the start to:
- assume that someone hostile is standing 3 feet from the AP and
  can gather all your packets.
- and *know* that WEP (and now LEAP) are deeply broken and shouldn't
  be used for auth or encryption anyway.

And act accordingly.  IPSec works fine on my laptops.  And Windows, too.
Even PPTP beats WEP.

85 miles or 50 feet, it doesn't matter.
It's SIMPLE to leave a PDA near your office and gather enough
traffic to snap your WEP in two.
And easier with some radio trickery, to crack your LEAP connection.

And send 50,000,000 emails from your site.
And attack sites from your systems.
And browse your networks.
And change files (that's a bit scarier than copying or erasing - unnoticed
changes.  Your CEO will be delighted in this quarter's financials are
off by a million or so, esp with the new regulations).
-a friend, before a meeting about a client's security, sat in a
 restaurant parking lot and mapped out the client's network for
 them, printed it on his portable printer, walked in an did his
 presentation on their network and several vulnerabilities.
 "But how did you get onto our wireless?  It's over 4 floors up!?"
-Another friend rollerskated around his office with a PDA and sniffs
 out folks who've setup their own little APs (and taught them how
 to PROPERLY get on and use the new corporate one.  Second violation
 and you get to pack).

I'd also add the 10 year old: Assume that someone hostile is on
your LAN and act accordingly.  But then, I was using machines with
the root password posted on the wall (root/MrRoot) and it didn't
take away from the security of the systems at all.

With the lone exception of ssh:   How far we've fallen...