Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Link level security with static arp tables

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 15 Oct 2003 10:38:52 -0400 (EDT)

        [SNIP]



I am not aware of how PEAP is "known broken" for this kind of application
(assuming one takes just a little care), and I'm not sure it will go away.
If anyone has any good stuff to point me at I'd be interested in discussing
this aspect further. I am, of course, familiar with the IETF draft. [1] I
agree that I much prefer EAP-TTLS [2], since it's a cleaner design, but
"word on the street" has it that PEAP is looking more likely to emerge as
market victor.



I think the reference was that 'LEAP' is  borked, known dictionary attack
issues.  I don't recall directly that PEAP was included in the mix on
that.  I have a brain tickle that hints that PEAP might not have been and
was cisco's <Sharad Ahlawat> response to Joshua Wright's latest paper on
LEAP dictionary attacks mentioned something about the other EAP protocols
perhaps being off the target vector.  I have that reply in storage here,
if folks want to see it, or if Paul wishes me to repost it here.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: