Wireless Security
Re: Wireless range limiting Apr 17 2008 03:45PM
Luiz Eduardo (le atelophobia net)
Hash: SHA1

I am curious to take a pick at the screenshot as well, since, apparently,
it's unknown to defcon's networking team.

one thing for sure though, the stats from a centralized X overlay wids don't

- -le

- ----- Original Message -----
From: "Nico Darrow" <ndarrow (at) airdefense (dot) net [email concealed]>
To: "Charles Hardin" <fonestorm (at) gmail (dot) com [email concealed]>
Cc: <wifisec (at) securityfocus (dot) com [email concealed]>; "security-basics"
<security-basics (at) securityfocus (dot) com [email concealed]>
Sent: Wednesday, April 16, 2008 1:29 PM
Subject: RE: Wireless range limiting

I wish I had the screenshot of the Newbury demo at defcon. But I remember
their entire location tracking system was brought down by fake-ap running a
cloned AP MAC address.
It's a good idea, but not practical. They required such a high density of
sensors to make accurate location predictions. And this can be easily
circumvented by a well placed MAC-spoofed AP.

Here's my recommendation. If you want to limit the range of an AP, then just
disable it's lower bitrates.

Take 802.11b/g router.
Enable 802.11G only mode (if you can. Most internal cards are B/G cards at
If you have a high-end AP (Cisco,Symbol,etc), then disable the lower

Not only will you lower your range and increase throughput (by not having to
worry about slower B clients with longer transmit windows), but you also get
out of reach of most script kiddies with their 802.11b prism2 chipset ;-P

Just make sure everything is thoroughly tested before rolling out a change
like this. Home environments are easy to tweak, work environments are
harder. Remember nothing beats a good Wireless IDS/IPS :-P

- -----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Joshua Wright
Sent: Wednesday, April 16, 2008 12:42 PM
To: Charles Hardin
Cc: wifisec (at) securityfocus (dot) com [email concealed]; security-basics
Subject: Re: Wireless range limiting

Hash: SHA1

Hi Charles,

Charles Hardin wrote:
| A co-worker of mine was recently telling me of a tool he had seen
| several years ago. A utility where you could upload a floor plan of
| your building and specify where your access points are located. You
| could then walk around your perimeter with a wireless client with an
| agent on it that would allow you to marcate the physical boundries of
| where you want the wireless signal to reach and it would reject
| clients outside this range based on the signal.

This is the Newbury Networks product
(http://www.newburynetworks.com/products-rf-firewall.htm). I don't know
if I trust such a system, since they do not know the transmit power of
someone inside or outside of your facility (they probably assume
something like 100 mW + 3 dBm antenna). If an attacker has a
higher-gain antenna, they can appear to be inside your facility with a
stronger signal.

I do not claim to know the full detail of the product, but that is my
skeptical 2 cents for today.

- - -Josh

Version: PGP Desktop 9.8.1 (Build 2523)
Charset: iso-8859-1


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus