Receive/Transmit

Its a well known fact that WEP is fundamentally broken, and its also a well known fact that it can be cracked very easily. Unfortunately it doesn’t seem to be well known enough, as I frequently come across friends who only use WEP encryption on their wireless. The best way to convince them to change it is to demonstrate how easy it is to break, which is what this post is about. This post is for my benefit as much as anyone else’s. I realise its been done to death and there’s hundreds of tutorials already out there, but whenever I need to do this I can never remember the commands and the stuff online never seems to be quite correct or is slightly out of date regarding command switches etc.

I’ll be using a standard laptop running BackTrack 4 R1, with an Alfa USB wireless adaptor (AWUS036H). Using a well-tested adaptor such as this will solve a lot of headaches as it is literally plug and play.

I’ll split this into four steps: finding the target; performing the attack; cracking the key; and connecting to the network. For the purposes of this I’ve set up an access point running 64 bit WEP so the capturing goes a little faster. I’m going to skim over a lot of the theory since this is available elsewhere in much better detail than I’ll be able to go into.

(continue reading…)

I recently read this post on Ivan Pepelnjak’s blog, where he discusses a pretty intense debate about whether or not firewalls are actually any good. The area where people are claiming they aren’t is in front of servers. One of the main benefits of a firewall is stateful packet inspection – the firewall monitors what connections are taking place and dynamically opens ports to let permitted return traffic through. However one opinion is that since all packets to a server are unsolicited, stateful tracking is useless and you should instead stick with basic routers and access lists (which don’t fall down as easily in the event of  a DoS/DDoS). I suppose this opinion is talking of servers in the classical sense, where they only ever take inbound connections and don’t initiate outbound ones. Its very interesting reading, especially the comments.

For my part I don’t deal with set ups big enough to hit some of the limits they are discussing but it’s certainly thought provoking. Most people’s standard response is that you should have a firewall in front of everything, but after following the discussion I’m now not so sure

This is a really interesting article from Cisco which gets into the head of someone who controls large botnets for profit. There’s a slight bit of marketing for the Cisco IPS product in there, but apart from that its a really insightful read.

One of the most interesting parts for me was psyche of the guy that was behind it – they clearly knew that what they were doing was wrong and that they could get into a lot of trouble for it, but this didn’t override their urge to show off. Even when the Cisco researcher confessed that he’d been decieving them the whole time, they happily went along with his next deception and started giving out even more detailed information.

Another bit that really struck me was the amount of paranoia this individual seemed to have to live with, not only due to law enforcement potentially being after him but because of the possibility of his peers stealing his botnet while he slept.

We’ve just had a visit from some Microsoft guys who were going over their new offerings, and on paper it looks very impressive. They seem to be moving to fill in all the holes which previously required 3rd party applications, and it all integrates nicely with existing MS infrastructures.

One of the most interesting things is that they have finally come up with their own AV solution, which uses multiple existing engines plus one of their own. I’m also pretty happy that there is finally an IPS solution (built into TMG, which is roughly the replacement to ISA). They are also jumping on the ‘cloud’ bandwagon and providing outsourced Exchange spam filtering and mail archiving.

All this stuff is either out now or coming out pretty soon, so it will be interesting to see if it holds up to competition once it gets in the wild.