[ale] Presentation from ALE Central last Thursday now up...
Greg Freemyer
greg.freemyer at gmail.com
Tue Aug 15 13:23:35 EDT 2006
That article is amazing.
If I read it right the author claims full WEP penetration within 60
seconds from recieving a single data packet.
Michael, the author says that part of the speed comes from the fact
that most wireless APs have a x.x.x.1 IP.
He did not say if setting that to another IP would make a small
difference or a large difference in the difficulty of hacking into the
wireless network.
Do you happen to know?
Thanks
Greg
On 8/14/06, Michael H. Warfield <mhw at wittsend.com> wrote:
> Hey all...
>
> Took me a little longer to get my presentation up on my web site than I
> anticipated, but it's finally there.
>
> You can get it here:
>
> http://www.wittsend.com/mhw/2006/Wireless-Security-ALE/
>
> From that page, you can also download the OpenOffice, PowerPoint, or
> PDF versions of the talk, as you like.
>
>
> Worthy of note: Since the talk on Thursday at Emory, a paper has now
> been announced describing a real-time attack against WEP which allows
> the attacker to begin sending (somewhat limited) data after receiving
> only a single WEP encrypted packet. This, in turn, rapidly leads to
> more extensive breakage and eventual key compromise, even for a
> relatively quiescent network. It allows for immediate ARP queries of
> others devices and, if you have an Internet server at your command, it
> allows you to independently build up your "known plaintext" keystream
> dictionary. Reception of a single ARP packet is sufficient. :-( This
> involves a combination of IV reuse, data (ARP) leakage, and a layer 2
> fragmentation attack, in a new, more effective, attack. It's claimed
> it's fast enough to even keep up with dynamic rekeying. Like I said in
> the live talk, when I mentioned having to revise it since the talk at
> AUUG on the previous Monday, it's a dynamic field. Guess I have to
> revise that talk AGAIN.
>
> The Final Nail in WEP's Coffin
> http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf
>
> It's an interesting read. Don't let the level of technical details
> scare you off. You can skim the groady details and get to the chase
> pretty easily and it's not an overly difficult read for the conclusions.
>
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
>
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century
More information about the Ale
mailing list