Penetration Testing mailing list archives
Re: Sniffing on WPA
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sun, 06 Nov 2005 11:47:31 +0100
Le samedi 05 novembre 2005 à 12:47 -0600, Eduardo Espina a écrit :
In consecuence i can do MITM for HTTP, sniffing on all wireless clients, and all attacks you can imagine that works on ethernet networks.
So you've been granted access to the WPA network, right ? So why stating WPA has anything to do with it ? You can do exactly the same thing on any kind of ethernet-like network, should it be wired (copper, fibre) or wireless (WEP, WPA, WPA2).
We all know that WPA is good (better than WEP, at least), and this kind of attack is limited to local users, but it's a cool way to show people that no system is 100%, not even the WPA.
WPA point is to protect the layer 2 communication link between client and AP. Period. Goal is to reach a comparable level of security as the one given be an ethernet cable between your station and a hub/switch. Such an ethernet network is vulnerable to ARP cache poisoning. So why a WPA network would not be as well ? Remember to what WEP means ? Wired Equivalent Privacy... That's the only goal of WiFi security. No more. Thus, client isolation is another problem. On wired network, you can deploy PVLAN stuff. On wireless network, you can activate station isolation, feature available on Linksys products as an example. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Sniffing on WPA Eduardo Espina (Nov 05)
- Re: Sniffing on WPA Cedric Blancher (Nov 06)
- Sniffing on WPA Eduardo Espina (Nov 06)
- Re: Sniffing on WPA Cedric Blancher (Nov 07)
- Re: Sniffing on WPA Eduardo Espina (Nov 07)
- Sniffing on WPA Eduardo Espina (Nov 06)
- Re: Sniffing on WPA Cedric Blancher (Nov 06)
- <Possible follow-ups>
- Re: Sniffing on WPA Andy Meyers (Nov 06)
- Re: Sniffing on WPA Eduardo Espina (Nov 06)
- Re: Sniffing on WPA Paul Day (Nov 07)
- Re: Sniffing on WPA Eduardo Espina (Nov 06)