Re: [PEN-TEST] Penetrating Wireless Networks

[Ichinin <ichinin () swipnet se>]

Hi again.

Phil Cox wrote:
> To be perfectly clear, are you saying that you see the 802.11 traffic on the
> frequency channel you are listening on (on the system running tcpdump), *or*
> that tcpdump is showing you all the packets that the Access Point is sending
> back to it (which is most traffic, as it is a broadcast medium). There is a
> significant difference in my mind, as in the former, you see beaconing
> traffic and other 802.11 stuff, while in the latter you only see the
> Ethernet and IP traffic. If you do mean the former, please describe your
> tool set and system configuration, because I have only seen the latter in
> non-commercial tools (i.e. Linux and tcpdump)

No, i was just refering to that it is an ordinary network with it's
pro's and
cons (known plaintext(headers), traffic analysing etc). I also remember
that
FH isn't done these days, only Direct Sequence which only change
frequency if
a collission is detected.

> You are kidding right?

About WEP beeing a bad design? Nope.

IIRC - Even the groop who developed it knew it had flaws; it was not
ment to
be used for long.

> If not, then what perfect solution do you propose?

Anything with a properly implemented key exchange protocol.
(IPSec, SSL or whatever is better.)

> Remember that in many cases (all?) the hoping information is also in packets
> passing through the air, so a piece of code that could examine those packets
> could be built to "follow the trail".

Are you Sure? (Do you have any doc's i could read about this?)

Anyway - i was thinking about the low number of jumping patterns,
besides,
hooking up hardware to listen in on all ~83 channels at once is not too
expensive for even a small firm or even a private person; it's just a
technological limitation (i.e. some bright person with too much
sparetime
on his/her hands).

Regards,
Glenn

[We're way of the penetration testing trail now... Apollogies to the
moderator]