Full Disclosure mailing list archives
RE: Cisco LEAP exploit tool...
From: "Williams Jon" <WilliamsJonathan () JohnDeere com>
Date: Wed, 14 Apr 2004 14:15:23 -0500
Well, that depends. For example, if you aren't using some form of strong authentication (i.e. smart cards, SecureID tokens, etc.) then its possible for someone to steal a laptop, use something like Cain (from the package Cain & Able) to extract their password from the registry. With that and a known wireless laptop, the attacker can then access your whole network from the parking lot (or the neighbor's house, or 7 miles away, etc.) While the same password vulnerability exists for non-wireless environments, it does mean that the attacker would have to have physical access to the building to use the credentials. Jon -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Paul Schmehl Sent: Wednesday, April 14, 2004 12:42 PM To: Email List: Full Disclosure Subject: Re: [Full-disclosure] Cisco LEAP exploit tool... --On Wednesday, April 14, 2004 09:17:56 AM -0500 Ron DuFresne <dufresne () winternet com> wrote:
All wireless traffic should be treated as unsecured, and pushed through a DMZ/encryption tunneled setup. Puttiing wireless AP's directly on the LAN is a major blunder.
Well, that really depends, doesn't it. We're doing IPSEC using AES for wireless on a test network. It's a good deal more secure than our wired network, which is still plain text. Or did you just assume that everyone is using WEP? Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Cisco LEAP exploit tool..., (continued)
- Re: Cisco LEAP exploit tool... mmo (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Aditya, ALD [Aditya Lalit Deshmukh] (Apr 14)
- Re: Cisco LEAP exploit tool... Chris Adams (Apr 15)
- Re: Cisco LEAP exploit tool... mmo (Apr 11)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 14)
- RE: Cisco LEAP exploit tool... Dave Horsfall (Apr 14)
- RE: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 14)
- RE: Cisco LEAP exploit tool... Frank Knobbe (Apr 14)
- RE: Cisco LEAP exploit tool... Byron Copeland (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 15)
- RE: Cisco LEAP exploit tool... Dave Horsfall (Apr 15)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 15)
- RE: [inbox] RE: Cisco LEAP exploit tool... Curt Purdy (Apr 16)