[dundee] WPA Cracked

Arron Finnon afinnon at googlemail.com
Sat Nov 8 11:53:58 UTC 2008


Well WPA2 uses a different set of encryption algorithms, and its more
purpose built.Its worth remebering that there is a difference between
the two.  However they are vulnerable to the brute-force attacks, and
the likes.  Make sure you use a pass phrase that is long and not a
password, easy to remember but not likely to have parts of it in a
dictionary or easy guessable.  We discussed pass phrases at the
rainbow table meeting, but i'm sure there is plenty of people on here
that can give advice.  Also changing your ESSID to something
completely and utterly unique will also help against rainbow table
based attacks against it too.

If you are going to use an open wireless network, then accept that you
could well have free lodgers on your network, who are able to get to
the post man before you and see your messages before you. tunnelling
web browsers over SSH, and ensure you run firewalls on each system
would be a good idea.  Turning the wireless network off when not in
use would be also a wise thing to do.  A separate wireless network to
your actual network would be a good idea (Kris Davidson's idea, but
right in the fact if they do get on to your network, they are separate
try to think of it as a DMZ).  You could consider running ettercap to
make sure that no one is ARP poisoning your network and sniffing your
traffic, lock down to MAC address filter (this is no defence but it is
another hurdle, a very, very small one, turn off DHCP and assign
static IP's, and view your logs regularly.  Failing tha uses WPA2 and
replace the older wireless devices that doesn't support it, i say this
time and time agani but i keep on saying STOP USING WEP (it takes
three minutes to crack - GAME OVER), if your device only supports it
buy a cheap wireless card/dongle that supports WPA2 the peace of mind
will be priceless

Finux

now here's a challenge for all you ethical hackers out there -
if wep & wpa are  about as much use as a chocolate tea pot, what do we
need to do to protect PC's and network traffic with an unsecured / open
wireless router attached ?

Answers preferably on a postcard as my PC is turned off until further
notice :)

Paul



More information about the dundee mailing list