Users who Dugg This
John Boitnott
15817 Followers
Ann Bednarz
98 Followers
Bojan Radusinovic
686 Followers
James Lowell
4255 Followers
AngelWardriver
11956 Followers
alphalionJul 23, 2010
Time to turn on the MAC address filter
joshconsultingJul 24, 2010
http://www.mydigitallife.info/2008/06/30/how-to-change-or-spoof-mac-address-in-windows-xp-vista-server-20032008-mac-os-x-unix-and-linux/
Closed AccountJul 24, 2010
The attack doesn't let them connect to the network. It allows someone who already knows the security key and can connect to the network to intercept data.
chakatJul 24, 2010
Not gonna fix this problem. This is all about spoofing mac addresses.
Closed AccountJul 24, 2010
you clearly have no idea that mac addresses can easily be spoofed
thandermaxJul 24, 2010
Find out the GUID of your network card from device manager.
Then search registry for it.
Check the Device desc for match (in registry).
Change NetworkAddress key (or create it) to new MAC address.
Reboot or enable/disable the adapter.
As simple as that.
cysseroJul 24, 2010
Sadly MAC address filtering is about as effective as hiding your door key underneath the welcome mat. Anyone going to lengths to crack your WEP/WPA will not have a problem with MAC address filtering.
milsorgnJul 23, 2010
Lol one more reason to love my trusty Cat5e
Closed AccountJul 24, 2010
why not cat 6?
honoredmuleJul 24, 2010
Why pay more for no benefit in practice?
burrduggJul 24, 2010
Your Cat5e has no encryption at all.
collinjcJul 24, 2010
This vulnerability requires an attacker to be on the same LAN. Therefore, a wire offers no additional security. In a wired LAN and a wireless LAN, all computers are still on the same LAN and have the ability to communicate with one another, by design.
Additionally, this exploit does not allow for someone to attach to the network without first knowing the key. If the attacker already knows the key, then you are already screwed anyway, in my opinion.Comment is buried, click here to see the rest.
rabbittJul 24, 2010
Wrong. It requires the attacker to be posing as the AP.
rabbittJul 24, 2010
Stupid iPhone app submitting my comment before I had finished writing it - please bury this...
rabbittJul 24, 2010
Wrong. RTFA. It requires both parties connect /wirelessly/. Besides the fact that a properly segregated network would /greatly/ reduce any chance of the attacker accessing wired clients (if not remove entirely), this would be moot for wired clients who aren't generating encrypted packets let alone sending them through an AP.Comment is buried, click here to see the rest.
collinjcJul 25, 2010
Wrong. The vulnerability -still- requires the attacker to be -on- the same network. It is a completely internal attack. This is a classic man-in-the-middle attack, only in this case, the man in the middle is on the same LAN.
My entire point was that a wired connection offers absolutely no security against this, and therefore offers no additional benefit.
rabbittJul 25, 2010
And again you are /wrong/. Try again. With this exploit wired == safe, and wireless == unsafe. The OP would be safe against this attack with Cat5e. Try reading the article, maybe even reading this article:
http://www.marketwire.com/press-release/AirTight-Security-Researcher-Uncovers-Wi-Fi-Vulnerability-WPA2-Hole196-Demos-Planned-1294303.htm
And I quote: "And the footprint of such insider attacks is limited to the air, making them among the stealthiest of insider attacks known requiring no key cracking and no brute force! The only way to detect this is by monitoring traffic over the air. "
Again, this exploit DOES NOT AFFECT wired connections.
RTFAComment is buried, click here to see the rest.
collinjcJul 25, 2010
Perhaps you should read my response again. I am -not- saying that this exploit has -anything- to do with wired security. I am saying that this exploit is no -worse- than what you get with a wired connection. Again, you must be a part of the wireless network in order for the attack to work. When you are attached to a wired network, there is no -need- for an attack because all traffic is visible to everyone on the LAN. The concept I'm trying to get across is really pretty straightforward.
teh_techieJul 25, 2010
WRONG. Not all lan traffic is visible to everyone unless you're talking about a hub, monitoring a main switch, or are talking about broadcast traffic. If all traffic was visible to everyone across the lan, our lan with thousands of clients would be so swamped it would be useless!
collinjcJul 25, 2010
Your LAN with thousands of clients is undoubtedly broken into subnets, each with its own access point, responsible for relaying traffic from one subnet to another. It is then up to the access point of the destination subnet to route the packet to the designated computer. However, on a given LAN, all of the traffic is, indeed, visible to all of the users. For verification, you can use a packet analyzer such as Wireshark.
rabbittJul 25, 2010
teh_techie was right and again you are wrong. Unless you are using hubs, network traffic is /not/ visible to every machine on the LAN.
collinjcJul 26, 2010
LAN. Local Area Network. On a single LAN, all of the network traffic is visible. You are incorrect. In a home environment, everyone is typically on the same LAN. In a corporate environment, the network is broken into several LANs.On each of these smaller LANs, only a subset of the traffic is visible. For a description of how such a setup works, please refer to my earlier post. I will post no further on this topic.
rabbittJul 27, 2010
Thank you for demystifying the term "LAN" for me, though you are still wrong. Look up microsegmentation and how switches/routers operate.
Granted consumer grade switches are prone to mitm attacks (arp poisoning, mac flooding, etc), your typically enterprise grade switch is pretty safe. Generally speaking though, switches/routers do NOT broadcast traffic to all nodes on the network, unlike a hub which actually does (which is the whole point of this conversation).
So the only traffic your computer would see on a typical network (without performing a mitm attack on switch itself) would only be traffic going to and from you. You would /not/ see the traffic between your buddy joe and his favorite pr0n site of the month, nor would you see the traffic between mary jane and her bank site (over the /wired/ network).
If you are seeing traffic on your network, it is likely because you are either using a hub, or you are seeing broadcast traffic - not /real/ traffic (like mary jane's bank account details). That is unless you are savvy enough to hax0r your employers switches ...
keflerJul 24, 2010
Huh Huh.. "Hole 196" at "Airtight networks"
alurJul 24, 2010
Doesn't seem like a big deal for home networks to me as this is simply someone with access to the network spying on the data going back and forwards to the others on the network, and I'm pretty sure that mac address filter wouldn't do you any good in this case.
opiticaJul 24, 2010
do you have any understanding of what the article said?
Closed AccountJul 24, 2010
Yes. He does. The attacker has to already be on the wireless network before he can run the attack, meaning he has to already have the network key. This just lets anyone on the same wireless network intercept the encrypted data you are sending. It does not allow them to connect to the wireless network however.
truejournalsJul 24, 2010
I read the article, and alur is right. This exploit requires that you have access to the network in the first place. THEN you can decrypt the traffic of OTHERS on the network, something you shouldn't be able to do with WPA2. "whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others"
Is it a security hole? Yes. But, it's a security hole for corporations, schools, etc. Addtionally, simply adding another layer of security (ex, a VPN) would keep you safe.
s1ngular1ty1Jul 24, 2010
Yeah he does, you don't.
teh_techieJul 25, 2010
It's not as simple as listening in and hearing what everyone is saying to one another. In order for that to happen, you'd have to pretend to be the access point, and be able to route traffic to and from other hosts to hear an entire "network conversation".
thecosmicpopeJul 24, 2010
Good. Stuff like this is what forces developers to improve. They have done a great job, but it's now time to get moving on the next standard.
boogie606Jul 24, 2010
exactly...this way a different vulnerability can be created...
blatsekJul 24, 2010
I hope wifi crackers get ported to android. i can't wait to be able to take out my phone and press a button and hop onto any network I want
teh_techieJul 25, 2010
This vulnerability doesn't let you do that. RTFA
s1ngular1ty1Jul 24, 2010
Ok, this is a stupid vulnerability. You have to already be authorized to use the network to use the vulnerability. It doesn't get you access to a network you couldn't already get on.
FTA
"The ability to exploit the vulnerability is limited to authorized users."
Basically, the exploit allows users with access to a network using Group Temporal Keys (GTK) to pretend to be the base station (router) instead of a client. So they could intercept traffic from other users on the network by spoofing the router or block other user's traffic.
It is not a way to get into a network you couldn't get into before.
dralezeroJul 24, 2010
Well there are a lot of public hot spots so this would be of concern to them and less so your home network.
s1ngular1ty1Jul 24, 2010
What public hot spots are using WPA2 ??? How would you login without the password ????
1hrsleepJul 24, 2010
Some cafes have a rotating password that they give to customers after a purchase.
s1ngular1ty1Jul 24, 2010
They aren't using WPA2.
nathanglJul 31, 2010
first off, just because this isn't a vulnerability that allows you to compromise an access point and gain unauthoried access you can't just jump to saying "this is a stupid vulnerability." This is a huge issue, this is a flaw within the standard itself that affects all networks and is not easily addressable. And just because you can't compromise and gain unauthorized access you are able to intercept traffic from other users, and to me and alot of other security professionals you obviously see that this is a total loss of confidentiality and integrity. Yes there are mitigating factors that you need to be running using GTK but in a corporate or public zone that you can exploit this the potential for harvesting potentially sensitive information is huge. You have to consider that.
Closed AccountJul 24, 2010
I'm not really too concerned about this at home. Now if my company had multiple WPA2 access points running I'd definitely be worried about an employee snooping on traffic.
antdudeJul 25, 2010
Hi! I'm on your home network already. ;)
yage2006Jul 24, 2010
"whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others,"
Don't be too worried about this for home wifi it means they would already have to be allowed on your network either your wifi is open or its someone you know is on the network.
It could be troublesome for businesses or schools and government networks.
ilovesalsaJul 24, 2010
12a06acff578000