Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
N

NetSpinner

@NetSpinner
About
Posts
1
Topics
0
Shares
0
Groups
0
Followers
0
Following
0

Posts

Recent Best Controversial
  • Network security
    N NetSpinner

    Finally a topic I can help out with! I do some wifi auditing at work, but most of my time on CP is spent lurking and learning from you code-masters. Some advice I have: -IMHO MAC filtering, disabling DHCP, and disabling the SSID are completely useless. When auditing wireless, I use kismet which will show me a network regardless of whether its broadcasting or not. If knowing the SSID is crucial, a simple void11 deauth will force the clients to restart the session at which time the SSID is temporarily exposed. Interestingly enough, the same void11 technique is used when spoofing MAC or IP addresses when I want to parade my laptop as an authorized machine. That being said, it doesn't hurt to do all of those things. After all, who's going to spend that kind of time getting into your network when there's a default 'linksys' broadcasting down the block? -As for encryption type...Well, everyone knows WEP can be cracked in under ten minutes (if there's enough authenticated traffic to generate the weak IVs). I've personally spent over 4 hours collecting enough from my home network...with only 2 wireless clients. WPA is the way to go and WPA2 is even better, but please make sure you don't use any dictionary based pass phrase. Compromising WPA requires a more elagant attack, but it can often work very quickly if a poor pass phrase is used. With some of the heuristic/brute crackers, I've successfully cracked pass phrases that are only partial words or even slang. For instance: < 67vette19 > was cracked in under 12 mins using the latest version of John and a 248 MB custom word list. Note my list contained the word "corvette" but not "vette." In a professional setting, no wireless is truly safe. I gotta agree with Lloyd; make yourself a closed network ;-) --Even RADIUS and some external auths can compromised, but at that level of security the easiest way in is most likely poor practices. The most difficult security I've ever been asked to bypass (in terms of wireless auditing, that is) would have to be a commercial firewall that runs the WLAN on a separate subnet as the LAN. The WLAN is WPA2 encrypted, and once authenticated there, the user must auth manually again via WIFIsec to an external RADIUS server. This essentially creates a VPN between the wireless users and the AP. With this technique, even an authenticated user cannot sniff other user's traffic because each user has their own private tunnel to the gateway. My 2 cents, -Jef chown -R us ./base -- modified at 9:19 Tuesday 30th May,

    The Lounge question com sysadmin security
  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups