Wireless Pen Test

Recently there has been some research released on attacks against WPA
using TKIP. From my understanding this flaw is in the TKIP implementation
and is also something that needs to be taken into consideration for WPA2.
Joshua Wright have a SANS webcast on it last week I believe. You can view
the presentatio here -->
https://www.sans.org/webcasts/show.php?webcastid=92188. WPA2 is also open
to brute force attacks as well. After all the encryption is only as good
as the encryption key used (unless it's using Radius authentication). If
the WPA2 Key is set to the name of the company, then it's pretty insecure.

Another consideration is the Rainbow tables created by the Church of Wifi
--> http://www.renderlab.net/projects/WPA-tables/ These are limited to a
set list of SSID's, so unless your WPA2 install is using a default SSID
like netgear, then these won't really help. Still worth a look though.

Hope this helps,

Chris John Riley



pen-test-return-1078487520@xxxxxxxxxxxxxxxxx
Gesendet von: listbounce@xxxxxxxxxxxxxxxxx
26.11.2008 21:25

An
pen-test@xxxxxxxxxxxxxxxxx
Kopie

Thema
Wireless Pen Test






Hi All,

Is there any tool available to break WAP2 encryption (I searched a lot
but was not able to find any). I know using Aircrack (Airodump and
Aireplay), WEP and WPA key can be breaked. But if the encyption is
WPA2 can we give a reasonable assurance to the client that the Wifi
network is secure from outside.

Thanks and Regards
Anshuman

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications.
----------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Relevant Pages

  • Re: Wireless Pen Test
    ... WPA and WPA2 both can be cracked with aircrack-ng. ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • RE: Wireless Pen Test
    ... Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program. ... BUT if you are using WPA ... WPA and WPA2 both can be cracked with aircrack-ng. ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • RE: Wireless Pen Test
    ... WEP and WPA key can be breaked. ... WPA2 can we give a reasonable assurance to the client that the Wifi ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
    ... WPA2). ... WPA - Wi-Fi Protected Access ... Looking at the various home router certifications at: ... and WPA2 with an assortment of authentication protocols. ...
    (alt.internet.wireless)
  • Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
    ... WPA2). ... WPA - Wi-Fi Protected Access ... Looking at the various home router certifications at: ... and WPA2 with an assortment of authentication protocols. ...
    (alt.internet.wireless)