Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wireless insecurity at NANOG meetings

  • From: Steven M. Bellovin
  • Date: Mon Sep 23 04:59:27 2002

In message <Pine.GSO.4.40.0209211957580.21971-100000@clifden.donelan.com>, Sean
 Donelan writes:
>
>On Sat, 21 Sep 2002, Martin J. Levy wrote:
>> >I agre security is sadly lacking, but it is probably impossible to
>> >implement in a conference environment.
>>
>> Look this is a very simple issue.  Sean's first post really pointed out
>> that it's "bad form" for a set of operators to run an insecure network.
>> I would believe that it's "good form" to at least try.  It was stated
>> that the network was not run by the "operators".  OK, I accept that, but
>> it's run by people with great (actually fantastic) connections to real
>> operators (ie: us).
>
>I feel like a Rorschach Test.
>
>Is the Nanog confernce network really insecure for its purpose?
>

This is the real question -- what are you trying to protect?  

Apart from its (many) other problems, WEP is useful for protecting 
a single hop at layer 2.  It does not protect against attacks at higher 
layers.  (That's true of virtually all security mechanisms, I might add 
-- and I say "virtually" because I don't really trust my reasoning at 
at an hour when I really should be asleep, but I think that "all" is 
correct.)  Apart from the problem of attacks from the Internet -- 
surely we don't want NANOG to run a firewall for us -- there are easy 
attacks that can bypass WEP.  For example, someone could use 
ARP-spoofing to launch an active attack on even non-sensitive Web 
traffic.  Btw -- that has happened on the wireless network at at least 
two conferences I've been to in the last few years.  And no, these 
weren't black hat or grey hat conferences.

If it weren't for the cryptanalytic attack on RC4 -- the one attack on 
WEP that wasn't foreseeable -- and if it had been done properly in 
other respects (i.e, if it had per-user keying, key management, and no
"IV" collisions), WEP could provide access control.  We could even 
imagine an AES-based WEP with key management, etc. -- and *all* it 
would buy us is access control.

Is that worth it for NANOG?  Again, what are you trying to protect?  Is 
access to the conference net a resource that needs to be protected?  
Maybe it is, if you're concerned about drive-by spammers.  

But there's another resource, and that's the reputation of NANOG, or at 
least of its members, as folk who know how to run a network.  Wide-open 
802.11 networks are often a bad idea, precisely because access is a 
resource that needs to be protected.  Beyond that, there's sometimes a 
"good neighbor" issue -- you don't want to accidentally attract 
folks who want to be on some local net of their own.  Maybe a closed 
net is reasonable for that purpose -- but that's about it.

If you want to protect yourself, make sure that your software is fully 
patched, you expose as few services as possible to the outside, and 
that you don't send anything unencrypted if it's at all sensitive if 
intercepted or modified.  Beyond that, make sure that you're lucky, 
because new holes can be found at any time.

Note, btw, that I didn't say "do that at conferences", or "do that for 
802.11 hosts"....

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.