Tuesday, June 27, 2006

A Quick Trivia Question

A super-paranoid company offers a wireless network to its employees within its building. Of course, they implement all the latest security measures: WPA, VPN, MAC filtering, and disabling SSID broadcast. They also have all computers patched with the latest versions of all software.

Assuming that you can get into the building, what would be the easiest way to disable their wireless network?


Jake said...

1. Physically disconnect power from the WAP that they left sitting out.
2. Physically disconnect the network cable on the WAP that they left sitting out.
3. Physically disconnect the antenna from the WAP that they left sitting out.
4. Log in to the device from the wired network using the default admin password (that they didn't change) and disable to your little heart's content.
5. (Harder) Get AirSnort and run it for a while to find an authorized MAC, get three to ten PCs with wireless cards, have all of them spoof the authorized MAC and constantly send requests to the WAP, causing it to crash in an effective DDOS.

I'm pretty sure you're talking about a default admin password or easy physical access. I look forward to seeing which it is.

Eric said...

A truly paranoid company would limit physical access to the network hardware (switches, routers, APs, etc.), and would change the admin passwords, so that even if you could jack into the network, you'd be hard pressed to get in that way.

The DDOS approach may work, but would really just make the network sluggish, and would be rather difficult to implement.

My question is a bit of a trick question. And it's based on a similar situation that I recently witnessed.

Eric said...

What would happen if you found some nice, inconspicuous place to plug in an access point that is set up to broadcast its SSID? For that matter, any wireless device that was set up to be part of an ad-hoc network broadcasting its SSID would likely blind the WZC in XP from seeing the official network.