Thread: Vulnerabilities on microwave point-to-point broadcasts
View Single Post
  #5 (permalink)  
Old 08-15-2005, 06:35 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: Vulnerabilities on microwave point-to-point broadcasts
On 15 Aug 2005 08:19:37 -0700, paul_silverman@mail.com wrote:

>I'm trying to assess what are the security risks of transmitting data
>using a point-to-point microwave broadcast. Since the beam is a narrow
>one, it limits of course the possibility of intercepting the signal
>from accross the street.

Assuming 2.4GHz, a 24dBi dish has a -3dB beamwidth of about 5 degrees.
However, there is enough leakage and side lobes around the antenna
that it can be heard from all angles but up close.. There isn't much
signal but it usually can be effectively sniffed. In order to hear
both sides of the link, either a location in between the antennas, or
two seperate sniffers are required.

>1. Assuming an attacker inserts a fake receiver dish between the
>transmitting and receiving antenna, could eavesdropping be performed
>without disrupting the broadcasting between the 2 legit antennas ?

Yes. The beam is not that narrow. It is not necessary to block the
signal in order to hear it. For example, at a distance of 1000ft, the
5 degree beamwidth dish antenna can be heard across a beam diameter of
88ft.

>2. Are there any encryption standards when it comes specifically to
>point-to-point microwave broadcast such as PPTP?

PPTP is point to point tunnelling protocol which is a form of VPN
(virtual private network). This is usually sufficient to provide the
necessary security. The wireless data itself can be encrypted with
WEP, which is terribly insecure and easily sniffed. Much better is
WPA, which has not been cracked except for badly chosen pass phrases.
WPA-TKIP, which does regular key exchanges, is even better.
WPA-AES2-TKIP is probably the most secure.

See "man in the middle attack" section:
http://csrc.nist.gov/publications/ni..._SP_800-48.pdf

References:
http://www.drizzle.com/~aboba/IEEE/

If you really want decent security from sniffing, I suggest you
investigate FSO (free-space optical) links. For example:
http://www.plaintree.com
You won't like the price.

So, what problem are you trying to solve and what do you have to work
with?

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558

Reply With Quote