Penetration Testing mailing list archives
Re: [PEN-TEST] Penetrating Wireless Networks
From: Bourque Daniel <Daniel.Bourque () LOTO-QUEBEC COM>
Date: Tue, 13 Mar 2001 18:16:07 -0500
Cisco is suppose to have a solution where the keys will be change dynamically instead of just having a pair of static keys... -----Message d'origine----- De: Marc Mosko [mailto:marc () COMPUTER ORG] Date: 13 mars, 2001 00:03 À: PEN-TEST () SECURITYFOCUS COM Objet: Re: [PEN-TEST] Penetrating Wireless Networks A group at Berkeley cracked WEP. They found 4 types of attacks that make both the 40-bit and so called 128-bit insecure. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html In regards to some other things posted in this thread, the authors also state:
Although most 802.11 equipment is designed to disregard encrypted content for which it does not have the key, we have been able to successfully intercept WEP-encrypted transmissions by changing the configuration of the drivers. We were able to confuse the firmware enough that the ciphertext (encrypted form) of unrecognized packets was returned to us for further examination and analysis.
Phil Cox wrote: [snip]
A note on WEP: Do not use it. Since static keys are used, the risk of someone mounting a statistical cryptanalytical attack on WEP (as the WEP Faq may have pointed out) are big. Some of the older AP's are still shipped with 40 bit security. Some of the cryptokeys are world readable in the registry on the systems that have RLAN Nics installed, which is a big mistake. So, dont just look at the hardware (Ok, do some SNMP & default password checking) you need to look at the software side as well.You are kidding right? If not, then what perfect solution do you propose?
I
would agree that if anyone thinks WEP is the end all of wireless security, they are sadly mistaken, but "Do not use it" is hardly an appropriate answer. The answer is "use it, and other appropriate security measures".
Current thread:
- Re: [PEN-TEST] Penetrating Wireless Networks, (continued)
- Re: [PEN-TEST] Penetrating Wireless Networks Anton Rager (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks mirza sahib (Mar 11)
- Re: [PEN-TEST] Penetrating Wireless Networks Ichinin (Mar 11)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Marc Mosko (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Ichinin (Mar 13)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Marnix Petrarca (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)