[ale] Presentation from ALE Central last Thursday now up...

Greg Freemyer greg.freemyer at gmail.com
Tue Aug 15 13:23:35 EDT 2006 

That article is amazing.

If I read it right the author claims full WEP penetration within 60
seconds from recieving a single data packet.

Michael, the author says that part of the speed comes from the fact
that most wireless APs have a x.x.x.1 IP.

He did not say if setting that to another IP would make a small
difference or a large difference in the difficulty of hacking into the
wireless network.

Do you happen to know?

Thanks
Greg

On 8/14/06, Michael H. Warfield <mhw at wittsend.com> wrote:
> Hey all...
>
>         Took me a little longer to get my presentation up on my web site than I
> anticipated, but it's finally there.
>
>         You can get it here:
>
>         http://www.wittsend.com/mhw/2006/Wireless-Security-ALE/
>
>         From that page, you can also download the OpenOffice, PowerPoint, or
> PDF versions of the talk, as you like.
>
>
>         Worthy of note:  Since the talk on Thursday at Emory, a paper has now
> been announced describing a real-time attack against WEP which allows
> the attacker to begin sending (somewhat limited) data after receiving
> only a single WEP encrypted packet.  This, in turn, rapidly leads to
> more extensive breakage and eventual key compromise, even for a
> relatively quiescent network.  It allows for immediate ARP queries of
> others devices and, if you have an Internet server at your command, it
> allows you to independently build up your "known plaintext" keystream
> dictionary.  Reception of a single ARP packet is sufficient.  :-(  This
> involves a combination of IV reuse, data (ARP) leakage, and a layer 2
> fragmentation attack, in a new, more effective, attack.  It's claimed
> it's fast enough to even keep up with dynamic rekeying.  Like I said in
> the live talk, when I mentioned having to revise it since the talk at
> AUUG on the previous Monday, it's a dynamic field.  Guess I have to
> revise that talk AGAIN.
>
>         The Final Nail in WEP's Coffin
>         http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf
>
>         It's an interesting read.  Don't let the level of technical details
> scare you off.  You can skim the groady details and get to the chase
> pretty easily and it's not an overly difficult read for the conclusions.
>
>         Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
>


-- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

More information about the Ale mailing list