From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 00:06:46 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB5D616A419 for ; Tue, 20 Nov 2007 00:06:46 +0000 (UTC) (envelope-from mark@foster.cc) Received: from QMTA01.emeryville.ca.mail.comcast.net (qmta01.emeryville.ca.mail.comcast.net [76.96.30.16]) by mx1.freebsd.org (Postfix) with ESMTP id 8528C13C459 for ; Tue, 20 Nov 2007 00:06:46 +0000 (UTC) (envelope-from mark@foster.cc) Received: from OMTA01.emeryville.ca.mail.comcast.net ([76.96.30.11]) by QMTA01.emeryville.ca.mail.comcast.net with comcast id EmtE1Y00G0EPcho0A04U00; Mon, 19 Nov 2007 23:55:21 +0000 Received: from fosgate.dyndns.org ([24.17.77.253]) by OMTA01.emeryville.ca.mail.comcast.net with comcast id EnvL1Y0015TuUQw0800000; Mon, 19 Nov 2007 23:55:21 +0000 X-Authority-Analysis: v=1.0 c=1 a=1EcHIz18t7c1Zh8iyhEYvA==:17 a=q56oFxeYAAAA:8 a=81ABGVOTAAAA:8 a=fieXMSc2SEdsGeN0h04A:9 a=C172wRowgqTXtVzGuqThZfstn2MA:4 a=zUBsD6tbDSsA:10 Received: from localhost (localhost [127.0.0.1]) by fosgate.dyndns.org (Postfix) with ESMTP id 219A03982B; Mon, 19 Nov 2007 15:50:56 -0800 (PST) X-Virus-Scanned: amavisd-new at foster.cc Received: from fosgate.dyndns.org ([127.0.0.1]) by localhost (sonar.foster.dmz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jFscm2WWSb0z; Mon, 19 Nov 2007 15:50:48 -0800 (PST) Received: from [10.1.253.50] (fis-gw1.portseattle.org [198.134.96.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by fosgate.dyndns.org (Postfix) with ESMTP id 7126639825; Mon, 19 Nov 2007 15:50:48 -0800 (PST) Message-ID: <4742225B.6020107@foster.cc> Date: Mon, 19 Nov 2007 15:55:07 -0800 From: "Mark D. Foster" User-Agent: Thunderbird 1.5.0.14pre (X11/20071023) MIME-Version: 1.0 To: Josh Paetzel References: <200711191643.lAJGh3jb027972@lava.sentex.ca> <200711191321.44398.josh@tcbug.org> In-Reply-To: <200711191321.44398.josh@tcbug.org> X-Enigmail-Version: 0.94.2.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: testing wireless security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2007 00:06:46 -0000 Josh Paetzel wrote: > When I looked in to this it seemed that the current state of affairs is that > WPA can only be broken by brute-forcing the key. I don't recall if that > could be done 'off-line' or not. My memory is that the needed info to > attempt bruteforcing could be done by simply receiving....no need to attempt > to associate to the AP was needed. I'm not really interested in > disseminating links to tools that can be used to break wireless security, but > simple google searches will give you the info you need.....and the tools are > in the ports tree for the most part. > > Fortunately WPA allows keys that put even resource-rich attackers in to the > decade range to bruteforce. > That would not appear to be a limitation of aircrack-ng http://www.freshports.org/net-mgmt/aircrack-ng/ aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover this keys once enough encrypted packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact aircrack is a set of tools for auditing wireless networks. That said, I haven't (yet) tried it myself ;) -- Said one park ranger, 'There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.' Mark D. Foster, CISSP http://mark.foster.cc/