a freeradious/wireless solution for a school
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Jan 24 10:40:59 CET 2007
Hi,
> Please elaborate on how the system can be circumvented?
FakeAP spring to mind instantly. as does any of the other man-in-middle
attacks. a quick google will bring up many methods of doing such attacks.
basically, I set up an a software AP with same SSID. I have same login
page - even the same signed certificate if you've been so good as to
buy a commercial one - and take the users credentials when they login.
I then pull down by AP and use the credentials to login. Trivial
stuff. if you use WEP I can do a similar thing to get the 3rd party
to send me enough WEP traffic (failures of course) to get the key using
the modern crackers. 5 minutes of fun...and then use that WEP for my gateway.
(same isnt true - yet - for WPA-PSK - but like WEP those passphrases
need to be disemminated. All this falls in the same 'security' bucket
(or bin) as MAC authentication, hiding the SSID etc.
but since most public sites use these systems its goota be okay. yes? ;-)
alan
More information about the Freeradius-Users
mailing list