Penetration Testing: Re: Sniffing on WPA

[Paul Day <paul+pen-test () bur st>]

On Sat, 5 Nov 2005, Eduardo Espina wrote:
> As you can see, it doesn't matter that every client has a different
> TKIP key for encryption you can sniff every user associated to the AP.
> At this point WPA looks like WEP, because if you have the WPA-PSK key
> you can sniff all users.
>
> But it isn't limited to WPA-PSK, this attack works even with 802.1x
> authentication. I did this on EAP-TLS and got *plain text traffic*
> from all the poisoned users.
Yes, because you're _on_ the LAN. You're talking about (known) issues with 
Ethernet, nothing to do with the L2 WiFi encryption/protection which 
you've stated you're past (by sitting on the WiFi LAN as an 
authenticated user).
If you see it as a problem, you should isolate the WiFi VLAN with a 
firewall and require all users to bring up a VPN connection not 
susceptible to a MITM attack... Or give every user on the WiFi their own 
/30 VLAN.
PD

--
Paul Day  -  http://www.bur.st/~paul/

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------