Scribe Notes for Lecture 8, Wireless and IP

802.11 - Wireless Protocol

Wireless is cheap and ubiquitous
It's a shared medium like ethernet
It's a Data Link Layer. There's a lot of electrical engineering underneath to turn radio waves into signals.

Hidden nodes come from nodes connected to a common node that can't see each other. This leads to the node in the middle possibly getting traffic from both at the same time.
Some nodes are exposed to each other and won't transmit to their neighbors to avoid collision, even when they should be able to.
MACA helps reserve a time slot. Nodes request the ability to transmit. The receiver transmits that sending is OK with a CTS (Clear to Send) message. Every node that sees CTS stops transmitting, thereby avoiding collisions.

A node can roam to different access points (APs) but it has to find them first
Active Scanning - node looks for access points. Broadcast a probe, wait for responses
Passive Scanning (more common) - node looks for beacon frames. Find a beacon from nearby AP, send an association request
Probe/requests can also be used to find other APs, perhaps with a stronger signal. Node is usually chosen manually by the computer user but an OS can also be configured to select certain APs by default or prefer one over another

Packet sniffing is easier. Traffic is broadcast to everyone in vicinity and radio travels far.
Unauthenticated Disassociation Requests means anyone can spoof a computer's MAC and send a "drop me" packet to nearby APs. Although it's easy, it's not profitable so not a popular attack.
- WEP keys are derived from a key (40 or 128 bits) and a 24-bit initialization vector
- RC4 stream cipher uses the XOR operation and, done properly, it is very hard to crack. Given a cipher text of 1, you can never be sure whether it was the plain text or the cipher that contained a 1
- But WEP repeats a part of the cipher - the initialization vector - and it's public. So you can disentangle the plain text if you wait around long enough for the IV to be used twice. Especially since the "plain text" follows a protocol and is bound to be the same very often.
- WEP's 24-bit keyspace isn't very big either. WEP2 uses a larger keyspace for IVs and forces 128 bit keys from the user. Takes longer to crack but still susceptible to same attacks
Replay Attacks - No authentication with AP means packets can be recorded and then played back by an attacker
Integrity Problems - CRC is great for detecting natural errors due to physical problems with transmission but it's easily fooled by a crafty attacker.

Every medium has a protocol for transmission. IP routes traffic across many types of media and many LANs
IP relies on routers. Any computer with 2 or more network adapters can act as a router
IP interconnects everything - computers, phones, cable boxes
Best-effort datagram delivery means there are no guarantees. Other protocols are needed to ensure delivery and accuracy.
IPv4 is most common, with addresses that look like four numbers separated by a dot. IPv6 and IPSec implement larger address space and higher security, respectively

Subnets must be nearby and be connected physically via wires or radio
The more addresses (possible hosts) in a subnet, the less of them you can have before the address space is filled.
Class A networks are the huge backbone of the internet. Class C are smaller networks in a house or an office. Some subnets are "private" and aren't routed to the internet.
Without subnets, many addresses would be wasted when, for example, a business with 12 computers needed a subnet of 255 addresses. Subnets allow for partitioning and a better use of the finite address space provided by IP addresses