Re: Wireless Pent-Test

From: Michael Sierchio (kudzu@tenebras.com)
Date: Mon Oct 06 2003 - 19:53:34 EDT

• Next message: lists: "Re: SMTP Survey"
• Previous message: Alfred Huger: "RE: Wireless Pent-Test - Mostly Dead Thread"
• In reply to: R. DuFresne: "Re: Wireless Pent-Test"
• Next in thread: Christopher Harrington: "RE: Wireless Pent-Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

R. DuFresne wrote:
> there was a FD posting last week that indicated that cisco's LEAP was also
> insecure and borked.
>
> The thing is, a wireless lan should be considered untrustworthy, or at
> least untrusted, all traffic into the wired net has to be tunneled and
> safely wrapped in encryption, and there has to be a better auth mech to
> allow the tunnel access thn what is provided in simple AP/laptop setups.
> Network Mag had some interesting articles lately, one in July mentioneing
> some newer AP gateway systems coming into play, but, they are not cheap,
> and not for small to medium biz folks.
>
> Our impression, and mirroed by lawerence livermore, wireless is not ready
> for prime time play.
>

WPA is probably ready for prime time -- it solved the WEP vulnerabilities
without introducing new ones (as LEAP did). The problem with LEAP
is that the IV space was effectively reduced to the point where
the Inductive Chosen-Plaintext Attack became trivially easy. This
allows complete use of the access without ever recovering the WEP key.
Fluhrer-Mantin-Shamir won't work if the key isn't weak.

The major difference is that the inductive attack is an active
attack which uses the AP as an oracle, but decryption errors aren't ever
reported to the upper layers anyway -- they're just silently dropped.

WPA was a solution with a strict set of constraints -- mostly
the 25-33MHz ARM or 486-equiv processors in the existing APs.

Even in the most grandiose of IEEE schemes, management frames
aren't encrypted, so there's lots of fun to be had.

-- 
"Well," Brahma said, "even after ten thousand explanations, a fool is no
  wiser, but an intelligent man requires only two thousand five hundred."
                 - The Mahabharata
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

• Next message: lists: "Re: SMTP Survey"
• Previous message: Alfred Huger: "RE: Wireless Pent-Test - Mostly Dead Thread"
• In reply to: R. DuFresne: "Re: Wireless Pent-Test"
• Next in thread: Christopher Harrington: "RE: Wireless Pent-Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT