Hi, I've been lurking for a while and playing around with BT3, I signed up to the forums a while back but for some reason did not have the permission to post until today...
Anyway, I was at the library doing some research when I got bored and decided to see what the security was like of the wifi network. The wifi system is a trapeze webaaa authentication network that requires submission of login name and password to gain access to http and ssl traffic - basic net surfing. I'm not sure if SSH would work. I figured that I could use the simple airport wifi hack which would be to connect to the authentication page, autoscan and then spoof some other client's MAC address. No cigar. Autoscan yielded 0 hosts on the network. The library is literally FULL of people online writing their dissertations.
I then decided to read up a little on how Trapeze operate and they mentioned something about every connection being isolated after authentication by being allocated a VLAN. I also noted that this network runs on a cisco system alongside a private webserver.
Firing up Kismac and airodump-ng I noted that there was not 1 BSSID but 6 locked WPA networks termed "Library Wifi" versus 6 unlocked "Library Wifi Authentication" AP's.
I had to leave fairly quickly and did not try to crack the wpa of the locked networks but I wondered if anyone could help me with a few questions -
1) if the WPA protected AP was cracked - would I be able to have access to the system?
2) supposing I could access the system, would I be isolated inside the channel with the other host or would i be able to view all hosts on the network?
3) how noisy would penetration into the system be noting that it might/might not have AirDefense set up?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
I have been reading but a lot of it is quite difficult to understand without it being explained in layman's terms. And I do not plan on exploiting my library network, I'm simply curious as to how to get around the problem of VLAN connections. If there are posts that I have missed on the topic I'd appreciate being pointed towards them!
Apologies, I didn't want a flaming...