Information Security News: Conference Wireless LAN is Hacker Heaven

[InfoSec News <isn () c4i org>]

http://wifi.weblogsinc.com/entry/5607251948314673/

Mike Outmesguine
May 18, 2004

AirDefense is one of the more respected companies producing wireless
LAN security software. AirDefense performed a research experiment at
the recent Networld+Interop conference in Las Vegas. Their monitoring
software scanned for vulnerabilities and network attacks during the
conference producing some astonishing results:

AirDefense noted an increase in unsecured connections to Hotspots, up
three percent from 18 percent yesterday. The majority of connections
continued to be created for email, file transfer protocol, instant
messaging and Telnet.

"The increase in malicious activity was likely due to more free time
by the attendees and the frustration of attendees not being able to
get out to the Internet," said [chief security officer of AirDefense
Richard] Rushing.

Additional AirDefense research discovered the following wireless LAN
and Bluetooth risks and threats on day two:

- 189 separate attacks on different devices

- 112 separate MAC spoofing attacks

- 89 Denial of Service attacks

- 42 authentication attacks, likely due to brute force attacks or 
  misconfigured clients

- 20 separate AirSnarf attacks

- 4 separate Hotspotter attacks

- 3 large Ad-Hoc mesh networks were re-established on day two with an 
  average of 10 stations connected.

- Another association was made with the Sear Service Toolbox 
  (SST-PR-1) and the network was attacked twice

- One Virtual Routing Redundancy Protocol (VRRP) attack, a routing 
  tool attack to redirect traffic

- 165 BlueJack attacks

- 12 Blue Snarf attacks

Jeez. That's a lot of free time.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org