Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For 802.11 and bluetooth security people alike. Latest trends, attack surface issues, and prevention. How wireless security is becoming the new vector to hacking corporate websites and applications. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: Evil Twin
Posted by: jacknson
Date: April 08, 2007 06:08PM

thrill,


Great job, apprec

All the clients need to be configured for VPN, could be a hazzle when there are many and for visitors as well!

jackN

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 08, 2007 06:37PM

jacknson Wrote:
-------------------------------------------------------
> All the clients need to be configured for VPN,
> could be a hazzle when there are many and for
> visitors as well!

True, but when you weight the benefit against the risk, I think most people would agree that it's worth it.

And if you pre-configure the client and put the install files on a USB stick, that would help speed things up greatly.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 09, 2007 03:59AM

so thrill, all users have to go through the VPN server first before connecting to the internet? If so, how are you going to tell your users that you are using this sort of setup? Are all users going to install the OpenVPN client software?

To me i think the best way is to setup a proxy in the AP and by using certificates and the radius server for authentication, it will reduce the work of telling the client to use a VPN client? correct me if i am wrong?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 09, 2007 11:50AM

@hackathology

Yes, that is a good solution, but it again relies on user education. If the user connects to the wireless network and tries to go surfing, he's not going to think about how the login screen he normally sees did not come up, and he'll do his browsing as if he's on the 'secure' network, while he is actually on someone else's AP.

But if he can't get his VPN session verified, he might actually realize that he is not on the correct network and who knows, maybe actually let someone know. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 09, 2007 12:22PM

ok thrill, i do agree with you that your solution is more secure. But you have to weight the level of easiness of the connection against security. If something is too hard to connect or requires too many steps, most people will be lazy and don't care about it. But then again, it all depends on the organization on how they want their system to be super secure etc..Just my opinion.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 09, 2007 12:48PM

@hackathology

Yes, I agree with you 100%. It is a hard pill to swallow, especially when people are used to just booting up their system and being on their way. However, I have found that users usually will adhere by any rule set up by the company, so in reality, the only person that needs to sign off on this would be the network manager or someone else who can "lay down the law".

It would be of great help having the ability to automatically launch the OpenVPN client once the machine is connected to your preferred network. I just checked on windows XP and it does not have this capability, and neither do FireFox nor IE. But I am sure a smarter person than I could write a simple program that checks what wireless connection the system is on, and based on this information launches the OpenVPN client. This would make it more seamless to the user.

But as I said, if it comes from high enough up, people will do just about anything you tell them they have to do, even if it's annoying. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 09, 2007 11:06PM

ok, nuff said. I am going to blog about this and use your diagram for illustration purposes. Do check it out...

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: jacknson
Date: April 09, 2007 11:27PM

hackathology Wrote:
-------------------------------------------------------
> To me i think the best way is to setup a proxy in
> the AP and by using certificates and the radius
> server for authentication

just want to point that you still need to give each user the proxy address of the AP, isnt. and i think an Evil Twin could also impersonate the proxy as well.
corect me if am wrong

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 10, 2007 12:42AM

@jackson: not really, if you allow SSID to be broadcast, if the user is automatically connected to your AP, they will be presented with a user and password. Instead of using a username and password, you present a page and ask them to enter their email address and from there you either allow them to connect without a password or force them to use a password. But my point is, you don't need to give the user your proxy, you can set a proxy in the AP itself.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 10, 2007 07:43PM

hackathology Wrote:
-------------------------------------------------------
> ok, nuff said. I am going to blog about this and
> use your diagram for illustration purposes. Do
> check it out...

Forgot to mention, I did make a mistake on the diagram. If the router is in bridge mode, it wouldn't have an IP address.. but the only place this would be true would be a home/dsl type connection, not on a T1 or higher.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 10, 2007 11:19PM

Its all good thrill. Its published last night. Check it out. Thanks for the update.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 11, 2007 12:43AM

Nice article. Dude.. that's a lot of certifications.. I guess you are certifiable.. :)

And actually, the comment from security4all on setting up your own CA is completely correct. A self signed certificate from your own root certificate authority pretty much ensures that what you are seeing is actually your machine, and not someone else's. I set up the CA at my last employer, but not for that particular reason, I did it to save us money.. used a Windows machine and set up the CA on that, modified the .asp pages to automatically process and grant the new certificates to whoever requested them, since we were going to be rolling out radius servers all around the world and I didn't want to do it manually.. yes, I'm lazy.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 11, 2007 01:48AM

thanks thrill, yup i do agree with security4all on setuping my own CA. Cool, but till now i had not implement a wireless solution or stuff. But well, the ideas you have are really great. I will take note of it if i have to setup a wireless, left a comment back to you.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: jacknson
Date: April 11, 2007 05:59PM

thrill& hackathology

great job, just found out that WEP could be secure again
http://www.networkworld.com/news/2007/032907-air-defense-wep-wireless-devices.html?page=1 check url
jackN

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 11, 2007 07:13PM

I am trying as hard as I can the name of this piece of software that actually did this. I used it back about 1 1/2 years ago. It ran on your laptop of course, and it would send out bogus broadcasts of different SSID's.. which back then I thought it was clever.. and while it wasn't inserting fake packets, I thought it was a better solution than what these guys are doing.. you have to remember, since there is no 'true' randomization in computers, there's a pretty good chance someone's going to figure out the random sequence and just go from there.

If man made it, man can break it. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 11, 2007 10:51PM

let us know what software is this once you figure out.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 12, 2007 12:49AM

Man.. it really sucks getting old. I looked on my laptop and actually managed to blue screen it running some old stuff I have no idea where I got it. I've tried doing searches on google for SSID flood and WEP spoofing but can't find it. Now I'm wondering if this was a feature of the APs at this place where we were doing the work. Hey id, do you remember such a feature over at that nice place we worked at in Hills Plaza?

Anyway, the point being that someone who is "serious" about breaking in, will take the time to sit there and analyze all the data. Even those who are only serious about the 'challenge' aspect of it will figure things out eventually.

I give AirDefense about 8 months before someone cracks their cloaking mechanism.

Now, as long as it will take a script kiddie hours, rather than minutes to crack it, it will be a good interim solution.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 12, 2007 06:52AM

thrill, take your time. Easy....

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: jacknson
Date: April 12, 2007 08:01AM

guys,

Wireless POS (Point of sale) that you type your pin in a remote pad. this pad is link wirelessly to the cachier machine where they can charge you credit card. it uses WEP as encrytpion, is that for real?
Is it just UK wise?

it makes me really paranoidn now because i have been using my card in many bars where they have wireless credit reader, though it was cool

sorry edited now, my mistake



Edited 2 time(s). Last edit at 04/12/2007 07:19PM by jacknson.

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 12, 2007 11:58AM

I have no idea here at my end. This is the first time i heard that there is wireless credit card. Here in dubai, they dun even have 3G, the technology here is hell bad. Thrill, how is it at your end?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Evil Twin
Posted by: thrill
Date: April 12, 2007 01:01PM

I've never had the desire to walk around the mall with my laptop and airstumbler turned on, but I'm pretty sure it's just the same here. The racetrack that article spoke of is just north of where I live, about 45 minutes or so.

I did find it funny where they spoke about changing their WEP key often, I guess no one has told them that WEP can be broken in a matter of minutes. :)

But I do remember a few years back having my laptop open when I drove home from work, and did 'stumble' upon a wireless network with the company name as the SSID. The company is a pharmaceutical company here in Pleasanton, and I do believe they were using WEP.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Evil Twin
Posted by: hackathology
Date: April 12, 2007 11:27PM

damn, everything is closed here. No tor, many sites are blocked, no skype. Damn

http://hackathology.blogspot.com

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.