Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Wireless insecurity at NANOG meetings

  • From: Sean Donelan
  • Date: Sat Sep 21 17:48:49 2002

On Sat, 21 Sep 2002, Iljitsch van Beijnum wrote:
> Anyway, in our efforts to see security weaknesses everywhere, we might be
> going too far. For instance, nearly all our current protocols are
> completely vulnerable to a man-in-the-middle attack. If someone digs up a
> fiber, intercepts packets and changes the content before letting them
> continue to their destination, maybe the layer 1 guys will notice, but not
> any of us IP people.

I'm waiting for one of the professional security consulting firms to issue
their weekly press release screaming "Network Operator Meeting Fails
Security Test."

The wireless networks at NANOG meetings never follow what the security
professionals say are mandatory, essential security practices. The NANOG
wireless network doesn't use any authentication, enables broadcast SSID,
has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter
firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400
stations were active on the network.

Are network operators really that clueless about security, or perhaps we
need to step back and re-think.  What are we really trying to protect?

Banks are mostly concerned about people defrauding the bank, not the
bank's customers.  Banks rarely check the signature on a check.  Is
security just perception?

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.