3
Lab Manua l f or CWNA Gui de to Wire less LANs, Secon d Edi ti on Lab Man ua l Sol utio ns 8- Chapter 8 Solutions Activity Questions, Lab 8-1 2. What is th e IP ad dr ess o f you r access poin t?  Answer : Varies 3. Reco rd the MA C addr ess of th e laptop yo u are using to brows e the acc ess point.  Answer : Varies 2. What was the ping respon se? !oes your "lter appear to be wor#ing?  Answer : Ping ill ti!e out or indicate t"at t"e "ost is unreac"able #unsuccessful $ing%& 'o$efull(, ( es 3. !oes your bloc#ed client de$ice still appear in the Association table?  Answer : Varies %. What was the ping respon se?  Answer : S"ould be a successful $ing Review Questions, Lab 8-1 . What is another na&e for "lters?  Answer : Access lists 2. What a re the two s teps r e'ui red t o deploy "l ters ?  Answer : Create t"e filter, t"en a$$l( t"e filter) 3. (ow ca n MAC a ddr ess "l ters b e defe ated b y hac #er s?  Answer : 'ac*ers can sniff legiti!ate MAC addresses, t"en c"ange t"eir on MAC address to t"e sniffed address and associate it" t"e access $oint #MAC s$oofing%) ). What is a wildcard or in$erse &as# and how is it used with access lists?  Answer : +"e !as* is used it" a filtered address in an access list) eroes !ean t"e corres$onding bit !ust !atc" t"e filtered address and ones !ean t"e corres$onding bit doesnt "a.e to !atc") *. Client de$ices that ar e bloc#ed fro& co&&unicating on the networ# &ay still appear in an access point+s Association table. ,rue or -alse?  Answer : +rue Activity Questions, Lab 8-2 /,01 /ccasionally students loc# the&sel$es out of the access point fro& both laptops during this lab. If so gi$e the& a console cable and ha$e the& use (yper,er&inal $ia the console port to access their access point and " the con"guration. %. What is the pr ob le&?  Answer : +"e *e( is not long enoug") 4. (ow &any he adeci&al characters does )56 bit encr yptio n re'u ire?  Answer : /0 7. 8 ou will lo se your c onne ctio n to the acce ss point. Why?  Answer : +"e la$to$ $rofile in use isnt configured for WEP, but t"e access $oint is) .What channel is your e'uip&ent using?  Answer : Varies 9. 8 ou should see be acons and W0P data but no , elnet pac#ets. Why not? /

CWNA Guide to Wireless LANs, Second Edition - Ch8

Embed Size (px)

Citation preview

 

Lab Manual for CWNA Guide to Wireless LANs, Second Edition Lab Manual Solutions 8-

Chapter 8 Solutions

Activity Questions, Lab 8-1

2. What is the IP address of your access point? Answer : Varies

3. Record the MAC address of the laptop you are using to browse the accesspoint. Answer : Varies

2.What was the ping response? !oes your "lter appear to be wor#ing? Answer : Ping ill ti!e out or indicate t"at t"e "ost is unreac"able #unsuccessful $ing%& 'o$efull(, (es

3.!oes your bloc#ed client de$ice still appear in the Association table? Answer : Varies

%.What was the ping response? Answer : S"ould be a successful $ing

Review Questions, Lab 8-1

. What is another na&e for "lters? Answer : Access lists

2. What are the two steps re'uired to deploy "lters? Answer : Create t"e filter, t"en a$$l( t"e filter)

3. (ow can MAC address "lters be defeated by hac#ers? Answer : 'ac*ers can sniff legiti!ate MAC addresses, t"en c"ange t"eir on MAC address to t"e

sniffed address and associate it" t"e access $oint #MAC s$oofing%)

). What is a wildcard or in$erse &as# and how is it used with access lists? Answer : +"e !as* is used it" a filtered address in an access list) eroes !ean t"e corres$onding bit

!ust !atc" t"e filtered address and ones !ean t"e corres$onding bit doesnt "a.e to !atc")

*. Client de$ices that are bloc#ed fro& co&&unicating on the networ# &aystill appear in an access point+s Association table. ,rue or -alse? Answer : +rue

Activity Questions, Lab 8-2

/,01 /ccasionally students loc# the&sel$es out of the access point fro&both laptops during this lab. If so gi$e the& a console cable and ha$e the&use (yper,er&inal $ia the console port to access their access point and "the con"guration.

%. What is the proble&? Answer : +"e *e( is not long enoug")

4. (ow &any headeci&al characters does )56bit encryption re'uire? Answer : /0

7. 8ou will lose your connection to the access point. Why? Answer : +"e la$to$ $rofile in use isnt configured for WEP, but t"e access $oint is)

.What channel is your e'uip&ent using? Answer : Varies

9.8ou should see beacons and W0P data but no ,elnet pac#ets. Why not?

/

 

Lab Manual for CWNA Guide to Wireless LANs, Second Edition Lab Manual Solutions 8-

 Answer : 1eacons at la(er 2 can be seen, but +elnet at la(er 3 cannot be seen)

25.Why are you able to see this infor&ation e$en though W0P encryption isin use? :oo# for IP addresses. !o you see any? Why or why not? Answer : SS45s, na!es, and MAC addresses are at la(er 2, "ic" can be seen& no& 4P addresses are at

la(er 6 and cant be seen

27.8our laptops will lose their connections. Why? Answer : +"e la$to$ $rofile in use is still using WEP, but t"e access $oint is not)

Review Questions, Lab 8-2

. on6W0P clients &ay be able to associate with W0P de$ices. ,rue or-alse? Answer : +rue, but t"e( ont be able to send data

2. ;eacons and MAC addresses can be seen e$en if W0P encryption is inuse. ,rue or -alse? Answer : +rue

3. Which layers of the /<I &odel are encrypted when W0P is in use? Answer : La(er 6 and abo.e

). Why is W0P+s initiali=ation $ector >I@ considered a security wea#ness? Answer : +"e 4Vs re$eat, so a "ac*er "o sniffs long enoug" can collect sufficient infor!ation to "ac* 

t"e WEP *e()

*. :ist the two ways you accessed your access point for con"guration in thislab. (ow do you con"gure an access point if you lose networ#connecti$ity? Answer : Web broser and +elnet& use t"e console cable and '($er+er!inal

Activity Questions, Lab 8-3

3. What channel are you using? Answer : Varies

7. Can you see your <<I!? Answer : 7es

.What does guest &ode &ean? Answer : An(one can associate it" t"e access $oint it"out *noing t"e SS45)

4.Can you see your <<I!? Why or why not? Answer : No& +"e SS45 is not being broadcast an(!ore in t"e beacon

7.Can you see the <<I!? What are the clients doing now that they didn+tha$e to do before you disabled guest &ode for your <<I!? Regarding thecurrent con"guration on your access point do clients ha$e to #now the<<I! to associate? Answer : 7es& Clients are acti.el( see*ing an access $oint it" t"e sa!e SS45 configured& 7es

9.Can you see the <<I! in the probe response fra&e? Answer : 7es

Review Questions, Lab 8-3

. When is it appropriate to use <<I! broadcasting? Answer : W"en (ou ant to offer ireless connecti.it( to t"e $ublic at large

2

 

Lab Manual for CWNA Guide to Wireless LANs, Second Edition Lab Manual Solutions 8-

2. What type of &anage&ent fra&es are used to associate with an accesspoint when <<I! broadcasting is disabled? Answer : Probe reuest and $robe res$onse

3. Why is disabling <<I!s not considered a security solution? Answer : 1ecause e.en it" SS45 broadcasting disabled, a sniffer can see t"e SS45 in t"e $robereuest and $robe res$onse fra!es of legiti!ate users) 9nce t"e SS45 is *non, it can be configured

on t"e "ac*ers client)

). <<I!s do not appear in a probe response or a probe re'uest. ,rue or-alse? Answer : alse

*. <<I!s do not appear in beacons when <<I! broadcasting is disabled. ,rueor -alse? Answer : +rue

Activity Questions, Lab 8-4

9. !id you lose your wireless connection to the access point? Is laptop stillconnected? Answer : 7es& 7es

5.!oes the MAC address of laptop appear to be the physical address oflaptop 2? Answer : 7es

. Is the MAC address of the wireless adapter on this laptop the sa&e as theone displayed on laptop 2? Why do you thin# you lost your connection tothe access point on laptop 2 but not on laptop ? Answer : 7es& t"e first MAC sta(s connected but t"e du$licate cannot connect

Review Questions, Lab 8-4

. ,he ;IA and the MAC address are typically the sa&e. ,rue or -alse? Answer : +rue

2. What is the dierence between the ;IA and the MAC address? Answer : +"e 14A is not c"angeable but t"e MAC address is)

3. MAC address "ltering is considered to be a security option on s&allwireless networ#s. What is your opinion regarding this security option? Answer : MAC filtering reall( $ro.ides no securit()

). Will W0P encryption pre$ent MAC spoo"ng? Why or why not? Answer : No& WEP cant $re.ent MAC s$oofing because t"e MAC is at la(er 2 and WEP encr($ts atla(er 6 and abo.e

*. ,wo co&puters using the sa&e MAC address on the sa&e networ# canusually co&&unicate si&ultaneously. ,rue or -alse? Answer : alse

6