Penetration Testing mailing list archives
Re: Wireless Pen Test
From: Joshua Wright <jwright () hasborg com>
Date: Thu, 27 Nov 2008 20:02:39 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Is there any tool available to break WAP2 encryption (I searched a lot but was not able to find any). I know using Aircrack (Airodump and Aireplay), WEP and WPA key can be breaked. But if the encyption is WPA2 can we give a reasonable assurance to the client that the Wifi network is secure from outside.
WPA2 can be TKIP or CCMP encryption. Recently, TKIP encryption has shown to be weak: http://dl.aircrack-ng.org/breakingwepandwpa.pdf http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf If the customer is using CCMP encryption, then we believe this crypto is sound. However, that does not qualify as a secure wireless network alone. Are there rogue AP threats? What monitoring mechanisms are in place to detect new rogue APs? Is the EAP type strong, and is it implemented well on clients (http://www.willhackforsushi.com/presentations/PEAP_Shmoocon2008_Wright_Antoniewicz.pdf)? Wireless penetration tests aren't just about identifying the use of WPA2 and getting a big gold star for effort. There are many additional factors to evaluate for exploit avenues. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkkvQy8ACgkQapC4Te3oxYynQACdG+k7dKqjoHlpCl+rpN8GjpXs kZgAnRhNotusKdO047uPLESyuE+jK0Hl =0QZZ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Wireless Pen Test anshuman sharma (Nov 26)
- Re: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Leandro Machado (Nov 28)
- RE: Wireless Pen Test Harit, Saurabh (IE10) (Nov 28)
- Re: Wireless Pen Test m0rebel (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- RE: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Paul Melson (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- Re: Wireless Pen Test Samuel Korpi (Nov 28)
- Re: Wireless Pen Test Joshua Wright (Nov 28)
- Message not available
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 30)
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- <Possible follow-ups>
- Wireless Pen Test christopher . riley (Nov 28)