Penetration Testing mailing list archives
Re: [PEN-TEST] Penetrating Wireless Networks
From: Phil Cox <Phil.Cox () SystemExperts com>
Date: Sun, 11 Mar 2001 21:40:58 -0800
For example, one is able to run tcpdump and other goodies on the wireless card just like on regular NIC's.Yes, it's just as a normal network.
To be perfectly clear, are you saying that you see the 802.11 traffic on the frequency channel you are listening on (on the system running tcpdump), *or* that tcpdump is showing you all the packets that the Access Point is sending back to it (which is most traffic, as it is a broadcast medium). There is a significant difference in my mind, as in the former, you see beaconing traffic and other 802.11 stuff, while in the latter you only see the Ethernet and IP traffic. If you do mean the former, please describe your tool set and system configuration, because I have only seen the latter in non-commercial tools (i.e. Linux and tcpdump)
A note on WEP: Do not use it. Since static keys are used, the risk of someone mounting a statistical cryptanalytical attack on WEP (as the WEP Faq may have pointed out) are big. Some of the older AP's are still shipped with 40 bit security. Some of the cryptokeys are world readable in the registry on the systems that have RLAN Nics installed, which is a big mistake. So, dont just look at the hardware (Ok, do some SNMP & default password checking) you need to look at the software side as well.
You are kidding right? If not, then what perfect solution do you propose? I would agree that if anyone thinks WEP is the end all of wireless security, they are sadly mistaken, but "Do not use it" is hardly an appropriate answer. The answer is "use it, and other appropriate security measures".
Frequency hopping is security through obscurity, the hopping sets are too predicable, i.e. the next frequency MUST be at least 3 frequencys up or down the list (subtract 7 frequencys out of 83). There are also only 3 Main sets of frequencys and IIRC 25 subsets of those, totalling ~75 frequency sequences.
Remember that in many cases (all?) the hoping information is also in packets passing through the air, so a piece of code that could examine those packets could be built to "follow the trail". Phil
Current thread:
- Re: [PEN-TEST] Penetrating Wireless Networks, (continued)
- Re: [PEN-TEST] Penetrating Wireless Networks Mark Seiden (Mar 07)
- Re: [PEN-TEST] Penetrating Wireless Networks Max Gribov (Mar 07)
- Re: [PEN-TEST] Penetrating Wireless Networks Robert Stonehouse (Mar 08)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks van der Kooij, Hugo (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Weiss, Bill (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Anton Rager (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks mirza sahib (Mar 11)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Marc Mosko (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Ichinin (Mar 13)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)
- Re: [PEN-TEST] Penetrating Wireless Networks Marnix Petrarca (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)