RE: Wireless Security

From: Steve Skoronski (skoronski@ctidata.com)
Date: 08/16/01 

Message-ID: <6D2AC7A08352D411AC5B0000C1104875528CA4@SRVMTL1>
From: Steve Skoronski <skoronski@ctidata.com>
To: pen-test@securityfocus.com
Subject: RE: Wireless Security
Date: Thu, 16 Aug 2001 17:20:54 -0400

Do you mean pretending to be an authorized access point to gain access to
all of the clients? I guess if there is a trust relationship (NetBIOS for
instance) then this would expose the clients as on a wired LAN, but you
still need to authenticate on the network, using l0phtcrack can aid this.

Really though, what is the point when 90% of security architectures mandate
that critical files be stored server side so that when you lose your laptop,
critical info is not on it.

Here's an idea....get the WEP key (if it's even being used) and passively
sniff to gain passwords. Then the fun begins.

However, in a 'coffee-shop' environment your idea is sound. Many people in
public places use these to send e-mail, even log in to the corporate VPN:) I
hope these people are using personal firewalls and strong encryption.

Steve

-----Original Message-----
From: Wyatt Fradenburg [mailto:wy4tt@hotmail.com]
Sent: Thursday, August 16, 2001 6:59 AM
To: pen-test@securityfocus.com
Subject: Wireless Security

Hello Everyone,
     My two cents, what about a attack that is using a access point to grab
the information from the wireless cards. Then using a wireless card to
attack. What are your thoughts about this?
Dr. Wyatt R. Fradenburg
Ph.D. Information Technogoly
CCNA, CCDA, SCA, SCNA

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)