CWNA Guide to Wireless LANs, Second Edition - Ch8

Lab Manual for CWNA Guide to Wireless LANs, Second Edition Lab Manual Solutions 8-

Chapter 8 Solutions

Activity Questions, Lab 8-1

2. What is the IP address of your access point? Answer : Varies

3. Record the MAC address of the laptop you are using to browse the accesspoint. Answer : Varies

2.What was the ping response? !oes your "lter appear to be wor#ing? Answer : Ping ill ti!e out or indicate t"at t"e "ost is unreac"able #unsuccessful $ing%& 'o$efull(, (es

3.!oes your bloc#ed client de$ice still appear in the Association table? Answer : Varies

%.What was the ping response? Answer : S"ould be a successful $ing

Review Questions, Lab 8-1

. What is another na&e for "lters? Answer : Access lists

2. What are the two steps re'uired to deploy "lters? Answer : Create t"e filter, t"en a$$l( t"e filter)

3. (ow can MAC address "lters be defeated by hac#ers? Answer : 'ac*ers can sniff legiti!ate MAC addresses, t"en c"ange t"eir on MAC address to t"e

sniffed address and associate it" t"e access $oint #MAC s$oofing%)

). What is a wildcard or in$erse &as# and how is it used with access lists? Answer : +"e !as* is used it" a filtered address in an access list) eroes !ean t"e corres$onding bit

!ust !atc" t"e filtered address and ones !ean t"e corres$onding bit doesnt "a.e to !atc")

*. Client de$ices that are bloc#ed fro& co&&unicating on the networ# &aystill appear in an access point+s Association table. ,rue or -alse? Answer : +rue


/,01 /ccasionally students loc# the&sel$es out of the access point fro&both laptops during this lab. If so gi$e the& a console cable and ha$e the&use (yper,er&inal $ia the console port to access their access point and "the con"guration.

%. What is the proble&? Answer : +"e *e( is not long enoug")

4. (ow &any headeci&al characters does )56bit encryption re'uire? Answer : /0

7. 8ou will lose your connection to the access point. Why? Answer : +"e la$to$ $rofile in use isnt configured for WEP, but t"e access $oint is)

.What channel is your e'uip&ent using? Answer : Varies

9.8ou should see beacons and W0P data but no ,elnet pac#ets. Why not?

/


Answer : 1eacons at la(er 2 can be seen, but +elnet at la(er 3 cannot be seen)

25.Why are you able to see this infor&ation e$en though W0P encryption isin use? :oo# for IP addresses. !o you see any? Why or why not? Answer : SS45s, na!es, and MAC addresses are at la(er 2, "ic" can be seen& no& 4P addresses are at

la(er 6 and cant be seen

27.8our laptops will lose their connections. Why? Answer : +"e la$to$ $rofile in use is still using WEP, but t"e access $oint is not)


. on6W0P clients &ay be able to associate with W0P de$ices. ,rue or-alse? Answer : +rue, but t"e( ont be able to send data

2. ;eacons and MAC addresses can be seen e$en if W0P encryption is inuse. ,rue or -alse? Answer : +rue

3. Which layers of the /<I &odel are encrypted when W0P is in use? Answer : La(er 6 and abo.e

). Why is W0P+s initiali=ation $ector >I@ considered a security wea#ness? Answer : +"e 4Vs re$eat, so a "ac*er "o sniffs long enoug" can collect sufficient infor!ation to "ac*

t"e WEP *e()

*. :ist the two ways you accessed your access point for con"guration in thislab. (ow do you con"gure an access point if you lose networ#connecti$ity? Answer : Web broser and +elnet& use t"e console cable and '($er+er!inal


3. What channel are you using? Answer : Varies

7. Can you see your <<I!? Answer : 7es

.What does guest &ode &ean? Answer : An(one can associate it" t"e access $oint it"out *noing t"e SS45)

4.Can you see your <<I!? Why or why not? Answer : No& +"e SS45 is not being broadcast an(!ore in t"e beacon

7.Can you see the <<I!? What are the clients doing now that they didn+tha$e to do before you disabled guest &ode for your <<I!? Regarding thecurrent con"guration on your access point do clients ha$e to #now the<<I! to associate? Answer : 7es& Clients are acti.el( see*ing an access $oint it" t"e sa!e SS45 configured& 7es

9.Can you see the <<I! in the probe response fra&e? Answer : 7es


. When is it appropriate to use <<I! broadcasting? Answer : W"en (ou ant to offer ireless connecti.it( to t"e $ublic at large

2


2. What type of &anage&ent fra&es are used to associate with an accesspoint when <<I! broadcasting is disabled? Answer : Probe reuest and $robe res$onse

3. Why is disabling <<I!s not considered a security solution? Answer : 1ecause e.en it" SS45 broadcasting disabled, a sniffer can see t"e SS45 in t"e $robereuest and $robe res$onse fra!es of legiti!ate users) 9nce t"e SS45 is *non, it can be configured

on t"e "ac*ers client)

). <<I!s do not appear in a probe response or a probe re'uest. ,rue or-alse? Answer : alse

*. <<I!s do not appear in beacons when <<I! broadcasting is disabled. ,rueor -alse? Answer : +rue


9. !id you lose your wireless connection to the access point? Is laptop stillconnected? Answer : 7es& 7es

5.!oes the MAC address of laptop appear to be the physical address oflaptop 2? Answer : 7es

. Is the MAC address of the wireless adapter on this laptop the sa&e as theone displayed on laptop 2? Why do you thin# you lost your connection tothe access point on laptop 2 but not on laptop ? Answer : 7es& t"e first MAC sta(s connected but t"e du$licate cannot connect


. ,he ;IA and the MAC address are typically the sa&e. ,rue or -alse? Answer : +rue

2. What is the dierence between the ;IA and the MAC address? Answer : +"e 14A is not c"angeable but t"e MAC address is)

3. MAC address "ltering is considered to be a security option on s&allwireless networ#s. What is your opinion regarding this security option? Answer : MAC filtering reall( $ro.ides no securit()

). Will W0P encryption pre$ent MAC spoo"ng? Why or why not? Answer : No& WEP cant $re.ent MAC s$oofing because t"e MAC is at la(er 2 and WEP encr($ts atla(er 6 and abo.e

*. ,wo co&puters using the sa&e MAC address on the sa&e networ# canusually co&&unicate si&ultaneously. ,rue or -alse? Answer : alse

6

Documents

CWNA Guide to Wireless LANs, Second Edition - Ch8