Re: testing wireless security

On Monday 19 November 2007 10:43:13 am Mike Tancsa wrote:
I have been playing around with 3 ath based FreeBSD boxes and seem to
have got everything going via WPA and a common PSK for 802.11x
auth. However, I want to have a bit more certainty about things
working properly.

What tools do people recommend for sniffing and checking a wireless network
?

In terms of IDS, is there any way to see if people are trying to
bruteforce the network ? I see hostap has nice logging, but anything
beyond that ?

e.g. with a bad psk on the client
hostapd: ath0: STA 00:0b:6b:2b:bb:69 IEEE 802.1X: unauthorizing port

is there a way to black list MAC addresses, or just allow certain
ones from even trying ? IPSEC will be running on top, but I still
want a decent level of security on the transport layer.


When I looked in to this it seemed that the current state of affairs is that
WPA can only be broken by brute-forcing the key. I don't recall if that
could be done 'off-line' or not. My memory is that the needed info to
attempt bruteforcing could be done by simply receiving....no need to attempt
to associate to the AP was needed. I'm not really interested in
disseminating links to tools that can be used to break wireless security, but
simple google searches will give you the info you need.....and the tools are
in the ports tree for the most part.

Fortunately WPA allows keys that put even resource-rich attackers in to the
decade range to bruteforce.

--
Thanks,

Josh Paetzel

PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB

Attachment: signature.asc
Description: This is a digitally signed message part.