Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Wireless Security

From: Steve Skoronski <skoronski () ctidata com>
Date: Thu, 16 Aug 2001 17:20:54 -0400

Do you mean pretending to be an authorized access point to gain access to
all of the clients? I guess if there is a trust relationship (NetBIOS for
instance) then this would expose the clients as on a wired LAN, but you
still need to authenticate on the network, using l0phtcrack can aid this. 

Really though, what is the point when 90% of security architectures mandate
that critical files be stored server side so that when you lose your laptop,
critical info is not on it. 

Here's an idea....get the WEP key (if it's even being used) and passively
sniff to gain passwords. Then the fun begins.

However, in a 'coffee-shop' environment your idea is sound. Many people in
public places use these to send e-mail, even log in to the corporate VPN:) I
hope these people are using personal firewalls and strong encryption. 

Steve




-----Original Message-----
From: Wyatt Fradenburg [mailto:wy4tt () hotmail com]
Sent: Thursday, August 16, 2001 6:59 AM
To: pen-test () securityfocus com
Subject: Wireless Security


Hello Everyone,
     My two cents, what about a attack that is using a access point to grab 
the information from the wireless cards.  Then using a wireless card to 
attack.  What are your thoughts about this?
Dr. Wyatt R. Fradenburg
Ph.D. Information Technogoly
CCNA, CCDA, SCA, SCNA


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: