Security Basics mailing list archives

Re: Wireless blocking

From: Dragos Ruiu <dr () kyx net>
Date: Tue, 11 Oct 2005 11:28:10 -0700

Re: tracking down rogue APs by wire.

Please keep in mind that in a true malicious application,
it doesn't need a wire. There is no substitute for a directional
antenna sometimes :-).

Many machines allow dual wireless interfaces, allowing 
some nifty MITM style attacks. At CanSecWest this year,
Dino and K2 showed how they can even do it using a 
single NIC and special firmware.

Chapter N of this saga will show up at PacSec next month
as Cedric Blancher will show even more sophistication in these
802.11 MITM attack vectors in his WiFi talk in Tokyo.

Here is an abstract of Cedric's presentation:

        Abstract:

                        We know for a couple of years serious
                vulnerabilities against WiFi networks. However, some of
                them seemed to have been ignored for they required
                traffic injection and most chipset/drivers were not
                supporting this. That's why we can still find many
                handhelds (Zaurus, PSP, Smartphones, etc.), ISP
                all-in-one DSL boxes (Freebox or Livebox for FR ISP) and
                many other devices that only support WEP as security
                mechanism. That's also why commercial hotspots are still
                relying on open WiFi networks.
                        But wireless traffic injection is now possible
                very conveniently on some chipsets, allowing very
                efficient attacks against open and WEP WiFi networks.
                This presentation aims at showing theses attacks and
                demonstrate that open and WEP WiFi networks are
                vulnerable by design and should not be used.
                        Latest WiFi security schemes, namely WPA and
                802.11i/WPA2 will be discussed as a solution to WiFi
                insecurity.

Cedric has been refining this stuff for a long time, and some of his
demonstrations will be uh... eye-opening caveats, to say the least :-).

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan    November 14-16 2005  http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

Current thread:

RE: Wireless blocking, (continued)
- RE: Wireless blocking Bryan McAninch (Oct 05)
- Re: Wireless blocking lists (Oct 05)
- RE: Wireless blocking Joshua Berry (Oct 06)
- FW: Wireless blocking Charles Hammett (Oct 06)
- RE: Wireless blocking Beauford, Jason (Oct 06)
- Re: Wireless blocking Steve.Cummings (Oct 06)
- RE: Wireless blocking Steve McLaughlin (Oct 11)
  - RE: Wireless blocking Dean De Beer (Oct 11)
- RE: Wireless blocking Gross Barry D. (Oct 11)
  - Re: Wireless blocking Alex S. Harasic (Oct 11)
  - Re: Wireless blocking Dragos Ruiu (Oct 12)
- Wireless Blocking Daryl Davis (Oct 14)
  - RE: Wireless Blocking Alex S. Harasic (Oct 17)
- Wireless blocking Daryl Davis (Oct 24)