North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Gadi Evron
  • Date: Mon Nov 21 11:15:39 2005

Leaving the politics aside, it's a lot harder than it seems. After an active attack at a security conference a few years ago, a prof had some of his grad students investigate it. Multipath, variable signal attenuation, and the like make it very, very hard. (If it worked, the idea was to embed the localizer in a WiFi-equipped Sony Aibo -- a robot dog to hunt down miscreants...)

Btw -- a lot of hot spots already do ARP-filtering to block ARP-level attacks on the default router's MAC address. This problem is already out there.

--Steven M. Bellovin,
I am always careful when I write "ALL", "EVERY*" or "VERY", however, it is very simple. Point is that like with everything else, the Bad Guys learn and have a fountain of knowledge called recent Internet history to learn from.

Employing different evasion techniques can indeed be a problem and this will turn into a very disturbing war of cop and thief, never ending and always advancing.. yet, it does allow for an active hand in combating these individuals if operational teams will be ready and equipped to answer the call when the time comes, instead of after it's already an epidemic.

Further, just one solution is never enough... strong security, security policy and intrusion detection systems for the real systems and AP's are going to be essential.

Once again I fear these things will not be invested upon until they are useless and a money-drain.

But aside to all that I must once again bow before your wisdom and humble my opinion to "yeah, it's not that simple".

"Google wifi security operations". Yummy! Now my mind is just floating with ideas.. I hope theirs are as well.