Re: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter

From: Ollie Whitehouse (ollie_at_atstake.com)
Date: 11/07/03

  • Next message: Alfred Huger: "The course thread" 
    To: <pen-test@securityfocus.com>
Date: Fri, 7 Nov 2003 17:55:08 -0000

    All,

    Also just read the 1.2 specification, the planned 'anonymity mode' to protect
    against this attack did not make it and was dropped. Word from the grape vine
    is politics within the SIG (which neither @stake nor I are members of) are
    running rife and it would of broken more than it fixed... So the attack which
    RedFang performs *should* work against all 1.0 -> 1.2 devices...

    Rgds

    Ollie

    ----- Original Message -----
    From: "David J. Jackson" <djackson@netdmz.com>
    To: "Ollie Whitehouse" <ollie@atstake.com>; <pen-test@securityfocus.com>
    Sent: Sunday, November 02, 2003 3:25 AM
    Subject: RE: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter

    Does anyone know how to add a Belkin USB Bluetooth adapter (F8T003) to the
    list of known adapters with Red fang? Are there any other Bluetooth detection
    programs out there yet besides this one and Bluesniff? Has anyone used Red
    fang or Bluesniff at all?

    Thanks!
    David Jackson, GSEC

    -----Original Message-----
    From: Ollie Whitehouse [mailto:ollie@atstake.com]
    Sent: Monday, October 20, 2003 8:53 AM
    To: pen-test@securityfocus.com
    Subject: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter

    All,

    Tool: Redfang - The Bluetooth Hunter
    Version: 2.5 (15 oct 2003)
    Platforms: Linux (tested on Redhat 9 / Mandrake 9.1)
    Author: Ollie Whitehouse, Simon Halsall (of QinetiQ), Stephen Kapp

    Redfang v2.5 is an enhanced version of the original application that finds
    non-discoverable Bluetooth devices by brute-forcing the last six bytes of the
    device's Bluetooth address and doing a read_remote_name(). This new version
    has streamlined code, enumerates service information, and supports multiple
    threads for substantial speed gains using multiple devices (maximum
    theoretical limit of 127 USB devices). This release of Redfang was developed
    in collaboration with QinetiQ as part of their work in the DTI Next Wave
    Technologies project FORWARD. (For more information about the underlying
    concepts of Bluetooth discovery, read our research report War Nibbling:
    Bluetooth Insecurity.)

    http://www.atstake.com/research/tools/info_gathering/

    Rgds

    Ollie 

    ---
Ollie Whitehouse
Director of Security Architecture
@stake Inc / Atstake Ltd
http://www.atstake.com/
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
  • Next message: Alfred Huger: "The course thread"

    Relevant Pages

    • RE: Cisco CTR
      ... hacker's program is, the state of the network, etc. I'd like to see the ... If this type of attack can succeed as I think it could, ... > Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • Re: Cisco CTR
      ... >> the network and allow those patch levels to be updated only ... >> hacker's program is, the state of the network, etc. I'd like to ... >> security, ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • RE: Administrivia: Are you seeing portscans from source 127.0.0.1 source port 80?
      ... the DoS routine grabs the Class B network off the machine ... > Security Business Unit ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • RE: Network Box Appliances - IDS
      ... Network Box Appliances - IDS ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • Re: Large increase in port 27347
      ... As Mark pointed out, this activity is on TCP 27347, not TCP 27374. ... Verizon Global Security Operations Center ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)