'WiFi'에 해당되는 글 5건
- 2012.01.04 WiFi Protected Setup PIN brute force vulnerability
- 2011.04.19 윈도우 커멘드라인 명령 패킷 스니퍼 RawCap
- 2010.11.11 Android Packet Sniffer Android-Arts
OverviewThe WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.
I. DescriptionWiFi Protected Setup (WPS) is a computing standard created by the WiFi Alliance to ease the setup and securing of a wireless home network. WPS contains an authentication method called "external registrar" that only requires the router's PIN. By design this method is susceptible to brute force attacks against the PIN.
When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN. This design greatly reduces the number of attempts needed to brute force the PIN. The number of attempts goes from 108 to 104 + 103 which is 11,000 attempts in total.
It has been reported that some wireless routers do not implement any kind of lock out policy for brute force attempts. This greatly reduces the time required to perform a successful brute force attack. It has also been reported that some wireless routers resulted in a denial-of-service condition because of the brute force attempt and required a reboot.
III. SolutionWe are currently unaware of a practical solution to this problem.
Although the following will not mitigate this specific vulnerability, best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network.
|Vendor||Status||Date Notified||Date Updated|
|D-Link Systems, Inc.||Affected||2011-12-05||2011-12-27|
|Linksys (A division of Cisco Systems)||Affected||2011-12-05||2011-12-27|
Thanks to Stefan Viehböck for reporting this vulnerability.
This document was written by Jared Allar.
Properties of RawCap:
- Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
- RawCap.exe is just 17 kB
- No external libraries or DLL's needed other than .NET Framework 2.0
- No installation required, just download RawCap.exe and sniff
- Can sniff most interface types, including WiFi and PPP interfaces
- Minimal memory and CPU load
- Reliable and simple to use
You will need to have administrator privileges to run RawCap.
An alternative to supplying the interface number is to supply the IP address of the prefered interface instead, i.e. like this:
Interactive Console Dialog
You can also start RawCap without any arguments, this will leave you with an interactive dialog:
Raw sockets limitations in Vista and Win7
Due to current limitations in the raw sockets implementations for Windows Vista and Windows 7 we suggest running RawCap on Windows XP. The main problem with raw socket sniffing in Vista and Win7 is that you might not receive either incoming packets (Win7) or outgoing packets (Vista).
You can download RawCap.exe here.
출처 : http://sites.google.com/site/androidarts