Penetration Testing mailing list archives

Wireless Pen Test

From: christopher.riley () r-it at
Date: Thu, 27 Nov 2008 10:27:01 +0100

Recently there has been some research released on attacks against WPA
using TKIP. From my understanding this flaw is in the TKIP implementation
and is also something that needs to be taken into consideration for WPA2.
Joshua Wright have a SANS webcast on it last week I believe. You can view
the presentatio here -->
https://www.sans.org/webcasts/show.php?webcastid=92188. WPA2 is also open
to brute force attacks as well. After all the encryption is only as good
as the encryption key used (unless it's using Radius authentication). If
the WPA2 Key is set to the name of the company, then it's pretty insecure.

Another consideration is the Rainbow tables created by the Church of Wifi
--> http://www.renderlab.net/projects/WPA-tables/ These are limited to a
set list of SSID's, so unless your WPA2 install is using a default SSID
like netgear, then these won't really help. Still worth a look though.

Hope this helps,

Chris John Riley

pen-test-return-1078487520 () securityfocus com
Gesendet von: listbounce () securityfocus com
26.11.2008 21:25

An
pen-test () securityfocus com
Kopie

Thema
Wireless Pen Test

Hi All,

Is there any tool available to break WAP2 encryption (I searched a lot
but was not able to find any). I know using Aircrack (Airodump and
Aireplay), WEP and WPA key can be breaked. But if the encyption is
WPA2 can we give a reasonable assurance to the client that the Wifi
network is secure from outside.

Thanks and Regards
Anshuman

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken.
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for
exchange of legally-binding communications.
----------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

RE: Wireless Pen Test, (continued)
- RE: Wireless Pen Test Harit, Saurabh (IE10) (Nov 28)
- Re: Wireless Pen Test m0rebel (Nov 28)
  - RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
    - RE: Wireless Pen Test Cedric Blancher (Nov 28)
  - Re: Wireless Pen Test Paul Melson (Nov 28)
- Re: Wireless Pen Test Samuel Korpi (Nov 28)
- Re: Wireless Pen Test Joshua Wright (Nov 28)
- Message not available
  - Re: Wireless Pen Test anshuman sharma (Nov 28)
    - Re: Wireless Pen Test Kevin Horvath (Nov 28)
    - Re: Wireless Pen Test Kevin Horvath (Nov 30)
- Wireless Pen Test christopher . riley (Nov 28)