From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 17:47:14 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C086A16A417 for ; Mon, 19 Nov 2007 17:47:14 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.freebsd.org (Postfix) with ESMTP id 7939613C47E for ; Mon, 19 Nov 2007 17:47:14 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost2.sentex.ca (8.14.1/8.13.8) with ESMTP id lAJGh4Vd004224 for ; Mon, 19 Nov 2007 11:43:04 -0500 (EST) (envelope-from mike@sentex.net) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.8/8.13.3) with ESMTP id lAJGh3jb027972 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 19 Nov 2007 11:43:03 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <200711191643.lAJGh3jb027972@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 19 Nov 2007 11:43:13 -0500 To: freebsd-security@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: testing wireless security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2007 17:47:14 -0000 I have been playing around with 3 ath based FreeBSD boxes and seem to have got everything going via WPA and a common PSK for 802.11x auth. However, I want to have a bit more certainty about things working properly. What tools do people recommend for sniffing and checking a wireless network ? In terms of IDS, is there any way to see if people are trying to bruteforce the network ? I see hostap has nice logging, but anything beyond that ? e.g. with a bad psk on the client hostapd: ath0: STA 00:0b:6b:2b:bb:69 IEEE 802.1X: unauthorizing port is there a way to black list MAC addresses, or just allow certain ones from even trying ? IPSEC will be running on top, but I still want a decent level of security on the transport layer. On the client I have % cat /etc/wpa_supplicant.conf network={ ssid="testnet1" # psk="xxx" } % ifconfig ath0 ath0: flags=8843 mtu 1500 inet 2.2.2.9 netmask 0xffffff00 broadcast 2.2.2.255 ether 00:0b:6b:2b:bb:69 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/48Mbps) status: associated ssid mike1 channel 1 bssid 00:0b:6b:84:3e:76 authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit TKIP 3:128-bit txpowmax 49 bmiss 7 protmode CTS burst roaming MANUAL bintval 100 and the host % ifconfig ath0 ath0: flags=8843 mtu 2290 inet 2.2.2.1 netmask 0xffffff00 broadcast 2.2.2.255 ether 00:0b:6b:84:3e:76 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated ssid mike1 channel 1 bssid 00:0b:6b:84:3e:76 authmode WPA privacy MIXED deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit txpowmax 39 bmiss 7 protmode CTS burst dtimperiod 1 bintval 100 % cat /etc/hostapd.conf interface=ath0 driver=bsd logger_syslog=-1 logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 debug=3 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=testnet1 macaddr_acl=0 auth_algs=1 #### IEEE 802.1X related config #### ieee8021x=0 #### WPA/IEEE 802.11i config ##### wpa=1 wpa_passphrase=xxx wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike