Tricky question...

• Next message: chris@nospam.com: "Re: Tricky question..."
• Previous message: Bryan: "CISSP San Diego Dec. 7th"
• Next in thread: chris@nospam.com: "Re: Tricky question..."
• Reply: chris@nospam.com: "Re: Tricky question..."
• Reply: Alan Schwartz: "Re: Tricky question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: en_hemlig_person@hotmail.com (Gabriel)
Date: 29 Sep 2002 12:58:50 -0700

The setup is as follows: Three access points (AP1, AP2 and AP3) are
connected to a switch and to each of the access points one laptop is
associated (Lap1, Lap2 and Lap3). Each of the three laptops uses a
different WEP key (WEP1, WEP2 and WEP3) when they associate to their
access point.

Question: Is it possible for Lap1 (in this case the attacker and
associated to AP1 using WEP1) to perform a Man-in-the-Middle attack
using ARP cache poisoning (with e.g. Ettercap) against Lap2 and Lap3
(i.e. sniffing the communication between Lap2 and Lap3)? Assuming
that Lap2 is associated to AP2 using WEP2 and Lap3 is associated to
AP3 using WEP3???

I am thinking that WEP only encrypts the data that travels trough the
air between a laptop and the AP, which would mean that it travels in
clear text between the AP and the switch?? If this is the case Lap1
should be successful in carrying out a MITM attack against Lap2 and
Lap3 since it "intercepts" the data trough the switch. Am I right or
am I wrong?

If I am right this scenario would be possible: AP1 is NOT using WEP,
which (basically) means than anyone can associate with it, but AP2 and
AP3 are using WEP. Now Lap1 (the attacker) can perform a MITM attack
against Lap2 (associated to AP2 using WEP2) and Lap3 (associated to
Lap3 using WEP3) without any problems whatsoever since it didn't have
to crack a WEP key…

A big Thank you in advance.

/ Gabriel- A Norwegian WLAN expert wannabe :)

• Next message: chris@nospam.com: "Re: Tricky question..."
• Previous message: Bryan: "CISSP San Diego Dec. 7th"
• Next in thread: chris@nospam.com: "Re: Tricky question..."
• Reply: chris@nospam.com: "Re: Tricky question..."
• Reply: Alan Schwartz: "Re: Tricky question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Tricky question... ... >clear text between the AP and the switch?? ... If this is the case Lap1 ... >If I am right this scenario would be possible: AP1 is NOT using WEP, ... Now Lap1 (the attacker) can perform a MITM attack ... (comp.security.misc) Re: Home office with WiFi: do I need Spotlock? ... Nobody will accidentally crack WEP. ... security. ... attack is that the "man in the middle" attack requires hearing both ... it appears that Spotlock is just a VPN ... (alt.internet.wireless) [TOOL] Aircrack-ptw - WEP Cracking Tool (ARP) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Aircrack-ptw - WEP Cracking Tool ... WEP is a protocol for securing wireless LANs. ... In 2004 a hacker named KoReK improved the attack: ... (Securiteam) RE: WEP attacks based on IV Collisions ... whole inductive WEP attack thing...allow me to regurgitate the WEP encryption ... it appears that we can get our n bytes of key stream ... (Pen-Test) Re: thoughts on kernel security issues ... I'm pretty sure that you only get a 3 second delay on the specific ... as a test, switch to vc/0 and enter 'root', then press enter. ... Switch to vc/1, and enter 'root', then press enter. ... Automating an attack on about 10 different ssh connections shouldn't be ... (Linux-Kernel)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint