A new version of coWPAtty was released that includes support for OSX, FreeBSD and Linux systems. Also introduced is the ability to perform WPA/WPA2-PSK cracking on networks using IEEE 802.11e QoS data frames. You can grab coWPAtty, check the README and get more information from the coWPAtty page on this site. (kudos to Josh Wright)
Josh has given an interview to Networkworld.com and answers a lot of questions of the users. Here are some of the interesting ones:
Read the Full article for the rest.Ed: Are standards in the works to address control level security (to prevent DoS and MIM attacks)?
Josh_Wright: There is an IEEE working group developing techniques to mitigate spoofing management frames in wireless networks (IEEE 802.11w), which will mitigate, de-authenticate and disassociate flood attacks. However, this WILL NOT STOP DoS ATTACKS (sorry, I get a little excited about this topic ;). 802.11w will address two popular DoS attacks, but will not address other DoS attacks such as beacon DS Set spoofing where I tell the victims their AP is on channel 255, or triggering Michael Countermeasures, a vulnerability in TKIP, or by performing A-MSDU Block Ack DoS attacks, a vulnerability in 802.11n networks. For more information on wireless attacks, check out www.wve.org.
Alanm: Is WPA2 now considered very secure and we should feel fine using it? Or are there still attacks/vulnerabilities that it's susceptible to?
Josh_Wright: WPA2 provides strong encryption, and specifies strong authentication mechanisms such as PEAP, TTLS and EAP/TLS as well, so it is a strong strategy for organizations. The common problem with these implementations is when people misconfigure client settings for PEAP and TTLS, like I discussed with Brad Antoniewicz from Foundstone at Shmoocon a few weeks ago (slides at www.willhackforsushi.com, the video will be up at shmoocon.org shortly). If PEAP and TTLS aren't configured properly, an attacker can impersonate your RADIUS server and get access to the victim's inner authentication credentials, possibly disclosing the user's password, or giving the attacker access to the user's MS-CHAP challenge response, which is almost as good.
PatrickT: How (if at all) is 802.11n going to change the security picture?
Josh_Wright: 802.11n exposes us in a few new ways: 1. Greater distance in range for wireless AP's, conservatively at 1.5 times the range of 802.11a, liberally at four times the range of 802.11a. 2. Harder for WIDS to monitor. With 802.11n we have 20 MHz and 40 MHz channels, which makes WIDS systems spend less and less time on channel and more time channel hopping, which reduces the chances they'll be able to pick up an attack. 3. Hidden rogues. 802.11n introduces a technology for 802.11n-only devices called Greenfield mode, which makes it impossible for legacy 802.11a/b/g WIDS devices to detect the rogue AP or the user's traffic. 4. New DoS vulnerabilities. The 802.11n specification has two mechanisms for aggregating frames, which has prompted changes in how devices acknowledge transmitted frames. This has opened up DoS vulnerabilities, where an attacker can stop 802.11n devices from accepting any more frames. 5. New drivers, the complexity of 802.11n is largely felt by client devices, and new device drivers have to be written to support the specification and new hardware. With the complexity of 802.11n, this has lead to new driver vulnerabilities, which can be exploited by an attacker.
PS: If you need some wifi cards or antennas, here is an excellent ebay store.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment