From: Andy Meyers (andy.meyers@hushmail.com)
Date: Sat Nov 05 2005 - 22:52:01 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
i dont understand. if you dont have to break the encrypted channel,
whats the point of sniffing packets if they are encrypted?
Andy
- ------------
from now on, everyday is September 10th in America... - Dan Verton
On Sat, 05 Nov 2005 10:47:08 -0800 Eduardo Espina
<eduardomx@gmail.com> wrote:
>Hi,
>
>I don't know if this has been already discussed here (but i don't
>recall it).
>I was doing a pen-test on a wireless network with WPA (TKIP) i
>found that ARP
>Cache Poisoning works as well as on ethernet networks.
>
>In consecuence i can do MITM for HTTP, sniffing on all wireless
>clients, and
>all attacks you can imagine that works on ethernet networks.
>
>Unless you're infrastructure provides a way of isolate every
>wireless client
>on your network they could be in risk. (in some architectures
>isolation may
>not be desirable because of resources sharing, windows domains,
>etc.)
>
>In the case you can't isolate clients you should let the users
>know that WPA
>can't assure confidentiality as most people think. You don't need
>to break the
>encrypted channel, just sit there and fool every client with ARP
>cache poisoning
>and sniff'em all.
>
>We all know that WPA is good (better than WEP, at least), and this
>kind of
>attack is limited to local users, but it's a cool way to show
>people that no
>system is 100%, not even the WPA. Of course you need a valid
>account on the
>network, but, is that a problem?
>
>Tested on a variety of Linksys APs and 2wire.
>
>Greets,
>Eduardo.
>
>--
>Eduardo Espina Garcia <eespina@seguridad.unam.mx>
>Departamento de Seguridad en Computo - UNAM-CERT DGSCA, UNAM
>http://www.seguridad.unam.mx Tel.: 5622-8169 Fax: 5622-8043
>GPG Key Fingerprint: "8E86 932F C364 03BE 39B8 3F9D D27E 438A
>3C6A 750F"
>"No matter how hard you try to keep your secret, it's a universal
>law that sooner or later it will be discovered."
>
>
>
>
>-------------------------------------------------------------------
>-----------
>Audit your website security with Acunetix Web Vulnerability
>Scanner:
>
>Hackers are concentrating their efforts on attacking applications
>on your
>website. Up to 75% of cyber attacks are launched on shopping
>carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down
>servers are
>futile against web application hacking. Check your website for
>vulnerabilities
>to SQL injection, Cross site scripting and other web attacks
>before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------
>------------
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkNtfeYACgkQnZu7yPmLRpCOZACfWfB+EHPzfR/IpLNZiS/gano7iM8A
niq39f6dLg+TpyPOar/WO/KXN7fN
=S7K3
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT