testing wireless security
josh at tcbug.org
Mon Nov 19 11:48:23 PST 2007
On Monday 19 November 2007 10:43:13 am Mike Tancsa wrote:
> I have been playing around with 3 ath based FreeBSD boxes and seem to
> have got everything going via WPA and a common PSK for 802.11x
> auth. However, I want to have a bit more certainty about things
> working properly.
> What tools do people recommend for sniffing and checking a wireless network
> In terms of IDS, is there any way to see if people are trying to
> bruteforce the network ? I see hostap has nice logging, but anything
> beyond that ?
> e.g. with a bad psk on the client
> hostapd: ath0: STA 00:0b:6b:2b:bb:69 IEEE 802.1X: unauthorizing port
> is there a way to black list MAC addresses, or just allow certain
> ones from even trying ? IPSEC will be running on top, but I still
> want a decent level of security on the transport layer.
When I looked in to this it seemed that the current state of affairs is that
WPA can only be broken by brute-forcing the key. I don't recall if that
could be done 'off-line' or not. My memory is that the needed info to
attempt bruteforcing could be done by simply receiving....no need to attempt
to associate to the AP was needed. I'm not really interested in
disseminating links to tools that can be used to break wireless security, but
simple google searches will give you the info you need.....and the tools are
in the ports tree for the most part.
Fortunately WPA allows keys that put even resource-rich attackers in to the
decade range to bruteforce.
PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20071119/e6a55197/attachment.pgp
More information about the freebsd-security