From: Paul Day (paul+pen-test@bur.st)
Date: Mon Nov 07 2005 - 19:03:46 EST
On Sat, 5 Nov 2005, Eduardo Espina wrote:
> As you can see, it doesn't matter that every client has a different
> TKIP key for encryption you can sniff every user associated to the AP.
> At this point WPA looks like WEP, because if you have the WPA-PSK key
> you can sniff all users.
>
> But it isn't limited to WPA-PSK, this attack works even with 802.1x
> authentication. I did this on EAP-TLS and got *plain text traffic*
> from all the poisoned users.
Yes, because you're _on_ the LAN. You're talking about (known) issues with
Ethernet, nothing to do with the L2 WiFi encryption/protection which
you've stated you're past (by sitting on the WiFi LAN as an
authenticated user).
If you see it as a problem, you should isolate the WiFi VLAN with a
firewall and require all users to bring up a VPN connection not
susceptible to a MITM attack... Or give every user on the WiFi their own
/30 VLAN.
PD
-- Paul Day - http://www.bur.st/~paul/ ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT