Re: Wireless PCMCIA - which one

[Marvin Renich <mrvn@renich.org>]

On Sat, Jan 25, 2003 at 12:08:03PM +0100, yoda2 wrote:
> Dear all,
> 
> I've been gathering information about Wireless LAN's. This this is 
> totally new for me, i have some "experience"-questions for the lucky 
> ones owning a wireless pcmcia & acces point:
> 1) In the Netherlands "sitecom" is a very popular brand. These wireless 
> PC-cards support IEEE 802.11b. However, has anyone experience with these 
> cards under GNU/Linux?
> 2) Furthermore, I wonder, if I use ssh over the wireless LAN to connect 
> to my server to login in as root; is it possible to "snif" the wireless 
> communication-line and extract the root password in any manner? Thus is 
> the wireless communication-line "ssh-encrypted"?
> 
> grtz Asim
> 

I don't know anything about "sitecom", but I can answer the ssh
question.  When using ssh, your root (or other user) password is
transmitted securely; it is not possible (or at least mathematically
extremely difficult :-) ) to sniff your password.

However, the network itself is open, and even with WEP it is a matter of
a few hours or days (depending on the amount of wireless traffic on your
net) before someone with intent to hack is able to place his machine on
your net.  This does NOT give him login access to linux machines, but
might enable him to see Windoze networking passwords that are being
passed about (e.g. if you use a combination of linux machines with samba
and MS machines, all using Windows networking).  If you use any unsecure
services, like telnet or rsh, you would be exposing passwords.

Also, once your WEP password is hacked, if you have NAT/masq services,
the hacker can use your ISP connection.

...Marvin