Re: Sniffing on WPA

From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Sun Nov 06 2005 - 05:47:31 EST

• Next message: Rui Pereira (WCG): "RE: Spi's products worth a try? Or any suggestions for developers' tool?"
• Previous message: Arun Vishwanathan: "RE: Intrusion Prevention requirements document"
• In reply to: Eduardo Espina: "Sniffing on WPA"
• Next in thread: Eduardo Espina: "Sniffing on WPA"
• Reply: Eduardo Espina: "Sniffing on WPA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Le samedi 05 novembre 2005 à 12:47 -0600, Eduardo Espina a écrit :
> In consecuence i can do MITM for HTTP, sniffing on all wireless clients, and
> all attacks you can imagine that works on ethernet networks.

So you've been granted access to the WPA network, right ? So why stating
WPA has anything to do with it ? You can do exactly the same thing on
any kind of ethernet-like network, should it be wired (copper, fibre) or
wireless (WEP, WPA, WPA2).

> We all know that WPA is good (better than WEP, at least), and this kind of
> attack is limited to local users, but it's a cool way to show people that no
> system is 100%, not even the WPA.

WPA point is to protect the layer 2 communication link between client
and AP. Period.
Goal is to reach a comparable level of security as the one given be an
ethernet cable between your station and a hub/switch. Such an ethernet
network is vulnerable to ARP cache poisoning. So why a WPA network would
not be as well ?
Remember to what WEP means ? Wired Equivalent Privacy... That's the only
goal of WiFi security. No more.

Thus, client isolation is another problem. On wired network, you can
deploy PVLAN stuff. On wireless network, you can activate station
isolation, feature available on Linksys products as an example.

-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Rui Pereira (WCG): "RE: Spi's products worth a try? Or any suggestions for developers' tool?"
• Previous message: Arun Vishwanathan: "RE: Intrusion Prevention requirements document"
• In reply to: Eduardo Espina: "Sniffing on WPA"
• Next in thread: Eduardo Espina: "Sniffing on WPA"
• Reply: Eduardo Espina: "Sniffing on WPA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT