From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 19:48:23 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE13B16A494 for ; Mon, 19 Nov 2007 19:48:23 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from conn-smtp.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.freebsd.org (Postfix) with ESMTP id 86FF613C461 for ; Mon, 19 Nov 2007 19:48:23 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by conn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id 4A88E795D; Mon, 19 Nov 2007 13:21:45 -0600 (CST) Received: from build64.tcbug.org (unknown [208.42.70.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tcbug.org (Postfix) with ESMTP id D2E5510AA88D; Mon, 19 Nov 2007 13:21:43 -0600 (CST) From: Josh Paetzel To: freebsd-security@freebsd.org Date: Mon, 19 Nov 2007 13:21:23 -0600 User-Agent: KMail/1.9.7 References: <200711191643.lAJGh3jb027972@lava.sentex.ca> In-Reply-To: <200711191643.lAJGh3jb027972@lava.sentex.ca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1646672.SW4L4AS4xq"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711191321.44398.josh@tcbug.org> Cc: Subject: Re: testing wireless security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2007 19:48:23 -0000 --nextPart1646672.SW4L4AS4xq Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 19 November 2007 10:43:13 am Mike Tancsa wrote: > I have been playing around with 3 ath based FreeBSD boxes and seem to > have got everything going via WPA and a common PSK for 802.11x > auth. However, I want to have a bit more certainty about things > working properly. > > What tools do people recommend for sniffing and checking a wireless netwo= rk > ? > > In terms of IDS, is there any way to see if people are trying to > bruteforce the network ? I see hostap has nice logging, but anything > beyond that ? > > e.g. with a bad psk on the client > hostapd: ath0: STA 00:0b:6b:2b:bb:69 IEEE 802.1X: unauthorizing port > > is there a way to black list MAC addresses, or just allow certain > ones from even trying ? IPSEC will be running on top, but I still > want a decent level of security on the transport layer. > When I looked in to this it seemed that the current state of affairs is tha= t=20 WPA can only be broken by brute-forcing the key. I don't recall if that=20 could be done 'off-line' or not. My memory is that the needed info to=20 attempt bruteforcing could be done by simply receiving....no need to attemp= t=20 to associate to the AP was needed. I'm not really interested in=20 disseminating links to tools that can be used to break wireless security, b= ut=20 simple google searches will give you the info you need.....and the tools ar= e=20 in the ports tree for the most part. =46ortunately WPA allows keys that put even resource-rich attackers in to t= he=20 decade range to bruteforce. =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart1646672.SW4L4AS4xq Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHQeJIJvkB8SevrssRAoxDAJ0ZoFYLd5Ihi5l+5hacGp6kbAgq2wCdHIZl RNQnG9mWd1F81lNxrp4zfxI= =1vEg -----END PGP SIGNATURE----- --nextPart1646672.SW4L4AS4xq--