Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Wireless Scanning

from [Wozny, Scott (US - New York)] Network Security [Permanent Link]
Subject: RE: Wireless Scanning
Date: Tue, 28 Sep 2004 16:49:51 -0400 
I think you're right in that most vendors recognized the mathematical
problem and fixed it in a (usually) proprietary way shortly thereafter.
As far as cracking in the wild is concerned, I'm sure there are more
than a few APs out there that had WEP thrown on for the heck of it (or
because there was no choice) and never upgraded to anything more secure.
802.11i has only been ratified for a few months so the vendors are in
the process of issuing firmware revs to support it that are bound to be
buggy at first which is going to delay the market doing these upgrades
but when the security conscientious organizations out there have a way
to move to something more secure, they will.  

That being said one only has to look at the number of Code Red infected
web servers, unsecured spam relays and 'owned' end stations on the
Internet to see that there are a number of people and organizations out
there that are LESS than security conscientious.

So you're right.  To do WEP cracking in the wild, in a lot of cases,
will involve fairly old firmware.  However, that should not imply that
there are a shortage of APs to crack that fit that description.

My 2 drachmas,

Scott

-----Original Message-----
From: Jason T [mailto:security@jason.id.au] 
Sent: Monday, September 27, 2004 6:10 PM
To: 'Lodin, Steven {D106~Indianapolis}'; 'Carney, Mark'; 'Pen-Test'
Subject: RE: Wireless Scanning


Just a comment on using a WEP cracking programs.  I heard from Keith
Parsons
who is an expert wireless teacher saying that WEP cracking in the wild
today
doesn't exist in most cases.  

In early 2002 all vendors saw the weak IV as an attack.  So they changed
the
firmware to no longer support those weak IV's.  If you want to crack WEP
it
will most likely be on an AP that has a firmware version prior to 2002.

Any comments on this?

Jason  


-----Original Message-----
From: Lodin, Steven {D106~Indianapolis} 
[mailto:steven.lodin@ROCHE.COM] 
Sent: Tuesday, 28 September 2004 12:38 AM
To: Carney, Mark; Pen-Test
Subject: RE: Wireless Scanning

(Trying not to steal the thunder, just to whet your appetite. 
 You can send me a zinger if I messed up :-)


Look for a new Auditor version (looks like it will be labeled 
Auditor 3) to come out in the next few of weeks.  There will 
be a couple of new tools.


From the author of Auditor:


"Aircrack is a better WEP cracker like Airsnort."
"The second one is named chopchop and is an active WEP 
decrypting attack."
"P.S. A WPA preshared password cracker is also on the way."

http://www.remote-exploit.org/?page=auditor

For those of you using Auditor, did you donate?  We did.

Steve



-----Original Message-----
From: Carney, Mark [mailto:Mark.Carney@fishnetsecurity.com]
Sent: Friday, September 24, 2004 11:56 AM
To: Chuck Fullerton; RoF@yahoo; Pen-Test
Subject: RE: Wireless Scanning


Chuck,

I would suggest the following toolsets/tools for 802.11 and 

bluetooth 

discovery.

Toolsets:
1) Auditor Security Collection
2) Knoppix STD Distro

Tools:

802.11 --
1) Kismet
2) NetStumbler
3) Wellenreiter
4) asleap (if client is running Cisco LEAP)
5) AirSnort, Webattack, or dwepcrack (if client is running WEP)
6) Macchanger (to spoof mac address)
7) AirTraf

BlueTooth --
1) sdptool
2) pand
3) l2ping
4) btscanner
5) Redfang
6) BlueSniff



--------------------------------------------------------------
----------------
Ethical Hacking at the InfoSec Institute. All of our class 
sizes are guaranteed to be 12 students or less to facilitate 
one-on-one interaction with one of our expert instructors. 
Check out our Advanced Hacking course, learn to write 
exploits and attack security infrastructure. Attend a course 
taught by an expert instructor with years of in-the-field pen 
testing experience in our state of the art hacking lab. 
Master the skills of an Ethical Hacker to better assess the 
security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
-----------------





This message (including any attachments) contains confidential information 
intended for a specific individual and purpose, and is protected by law.  If 
you are not the intended recipient, you should delete this message.  Any 
disclosure, copying, or distribution of this message, or the taking of any 
action based on it, is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Wireless Pentest using an iPaq, wireless newbie
Next by Date:  RE: Wireless Scanning, Jerry Shenk
Previous by Thread:  Re: Wireless Scanning, Konstantin V. Gavrilenko
Next by Thread:  RES: snmp, Bernardo Santos Wernesback
Indexes:  [Date] [Thread] [Top] [All Lists]