testing wireless security

[Josh Paetzel]

On Monday 19 November 2007 10:43:13 am Mike Tancsa wrote:
> I have been playing around with 3 ath based FreeBSD boxes and seem to
> have got everything going via WPA and a common PSK for 802.11x
> auth.  However, I want to have a bit more certainty about things
> working properly.
>
> What tools do people recommend for sniffing and checking a wireless network
> ?
>
> In terms of IDS, is there any way to see if people are trying to
> bruteforce the network ?  I see hostap has nice logging, but anything
> beyond that ?
>
> e.g. with a bad psk on the client
>   hostapd: ath0: STA 00:0b:6b:2b:bb:69 IEEE 802.1X: unauthorizing port
>
> is there a way to black list MAC addresses, or just allow certain
> ones from even trying ?  IPSEC will be running on top, but I still
> want a decent level of security on the transport layer.
>

When I looked in to this it seemed that the current state of affairs is that 
WPA can only be broken by brute-forcing the key.  I don't recall if that 
could be done 'off-line' or not.  My memory is that the needed info to 
attempt bruteforcing could be done by simply receiving....no need to attempt 
to associate to the AP was needed.   I'm not really interested in 
disseminating links to tools that can be used to break wireless security, but 
simple google searches will give you the info you need.....and the tools are 
in the ports tree for the most part.

Fortunately WPA allows keys that put even resource-rich attackers in to the 
decade range to bruteforce.

-- 
Thanks,

Josh Paetzel

PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20071119/e6a55197/attachment.pgp