Penetration Testing mailing list archives
Re: Dsniff'ng wireless networks
From: Joe Shaw <jshaw () insync net>
Date: Mon, 9 Jul 2001 16:51:19 -0500 (CDT)
On Mon, 9 Jul 2001 ed.rolison () power alstom com wrote:
Correct me if I'm wrong, but IIRC wireless lans are effectively switched. Each access point-NIC uses a separate encryption key (there are weaknesses but...)
Nope, this is not the case. WEP Encryption at the access-point to NIC requires a lot of overhead and effectively limits throughput at less than 2Mbps. Now, one could use a software IPSec client and do IPSec over the link, but most software clients promise no more than 128kbps throughput. An SSID can be utilized, but it's been my experience that it's not hard to find out what the SSID is, since in Win32 platforms it's listed in the clear in the hardware properties. Also, I've found it's generally the case that in a large wireless deployment, you will find at least one 802.11b access point that has been (mis)configured to broadcast SSID.
and thus the NIC only 'sees' traffic being directed at it. It seems also that it's quite hard to get them to enter promiscuous mode for similar reasons - if it's listening to all the traffic, then the encryption breaks down.
I assure you, based on my own experience, this is not the case.
You might have some joy, but the best I can see for collecting the datagrams would be something like a scanner (radio) interfaced to a computer. Of course, you still have to break the encryption, but there was an article posted to one of the securityfocus lists regarding 'weaknesses' in WEP.
Nope. With an IBM Thinkpad, Aironet 4800 PCMCIA NIC, OpenBSD and libpcap I wrote a very simple packet sniffer in C that I used to audit the wireless network at my previous employer. I then used dsniff and had no problems grabbing passwords out of the air for various different services. Althought I knew the SSID, I took the total outsider approach and learned the SSID by catching it via the broadcast. WEP was not used, because at the time, Aironet/Cisco could not get WEP to work properly. Regards, -- Joseph W. Shaw II Network Security Specialist/CCNA Unemployed. Will hack for food. God Bless. Apparently I'm overqualified but undereducated to be employed. -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Dsniff'ng wireless networks sito (Jul 07)
- Re: Dsniff'ng wireless networks jay (Jul 09)
- Re: Dsniff'ng wireless networks Joe Shaw (Jul 09)
- <Possible follow-ups>
- Re: Dsniff'ng wireless networks ed . rolison (Jul 09)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 10)
- RE: Dsniff'ng wireless networks Philip Cox (Jul 10)
- RE: Dsniff'ng wireless networks Jon Larimer (Jul 10)
- RE: Dsniff'ng wireless networks Matthew Jach (Jul 10)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 10)
- Re: Dsniff'ng wireless networks Joe Shaw (Jul 10)
- RE: Dsniff'ng wireless networks Bourque Daniel (Jul 10)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 11)
- Re: Dsniff'ng wireless networks Dragos Ruiu (Jul 12)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 11)
- RE: Dsniff'ng wireless networks Kohlenberg, Toby (Jul 12)
- RE: Dsniff'ng wireless networks R. DuFresne (Jul 12)
- RE: Dsniff'ng wireless networks Kohlenberg, Toby (Jul 12)
- RE: Dsniff'ng wireless networks Mike . Ruscher (Jul 13)
- Replacing WEP was Re: Dsniff'ng wireless networks Simon Waters (Jul 17)
- Re: Replacing WEP was Re: Dsniff'ng wireless networks Crist Clark (Jul 22)
- Replacing WEP was Re: Dsniff'ng wireless networks Simon Waters (Jul 17)