Penetration Testing mailing list archives
Re: Sniffing on WPA
From: Paul Day <paul+pen-test () bur st>
Date: Tue, 8 Nov 2005 11:03:46 +1100 (EST)
On Sat, 5 Nov 2005, Eduardo Espina wrote:
As you can see, it doesn't matter that every client has a different TKIP key for encryption you can sniff every user associated to the AP. At this point WPA looks like WEP, because if you have the WPA-PSK key you can sniff all users. But it isn't limited to WPA-PSK, this attack works even with 802.1x authentication. I did this on EAP-TLS and got *plain text traffic* from all the poisoned users.
Yes, because you're _on_ the LAN. You're talking about (known) issues with Ethernet, nothing to do with the L2 WiFi encryption/protection which you've stated you're past (by sitting on the WiFi LAN as an authenticated user).
If you see it as a problem, you should isolate the WiFi VLAN with a firewall and require all users to bring up a VPN connection not susceptible to a MITM attack... Or give every user on the WiFi their own /30 VLAN.
PD -- Paul Day - http://www.bur.st/~paul/ ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Sniffing on WPA Eduardo Espina (Nov 05)
- Re: Sniffing on WPA Cedric Blancher (Nov 06)
- Sniffing on WPA Eduardo Espina (Nov 06)
- Re: Sniffing on WPA Cedric Blancher (Nov 07)
- Re: Sniffing on WPA Eduardo Espina (Nov 07)
- Sniffing on WPA Eduardo Espina (Nov 06)
- Re: Sniffing on WPA Cedric Blancher (Nov 06)
- <Possible follow-ups>
- Re: Sniffing on WPA Andy Meyers (Nov 06)
- Re: Sniffing on WPA Eduardo Espina (Nov 06)
- Re: Sniffing on WPA Paul Day (Nov 07)
- Re: Sniffing on WPA Eduardo Espina (Nov 06)