Skyjacking vulnerability which allows Cisco LAP to be diverted to connect to rogue controller by manipulating OTAP could be more dangerous than what has been clarified by Cisco in its advisory. The advisory says that “An exploit could prevent the device from functioning properly, resulting in a DoS condition. There is no risk of data loss or interception by the rogue access point or Wireless LAN Controller.”
As a matter of fact, it should be possible to convert Authorized Cisco LAP into a wired rogue AP using skyjacking. After Cisco LAP is trapped into skyjacking (for example, made to connect to a controller hosted on the net), it is possible to convert it to Cisco REAP mode and make it bridge traffic locally between Enterprise wired subnet and wireless.
Just a thought – won’t blocking LWAPP discovery port on enterprise firewall protect you from this threat?
Stay tuned for more updates as we dig deeper into this.
Pravin Bhagwat Best practices, Wireless security AirMagnet, Cisco, LAP, LWAPP, OTAP, Rogue, RRM, skyjacking
What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? The odds are very high that you don’t have an exact answer.
WiFish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to ‘Wi-Fishing’ attacks. Assessment is performed through a combination of passive traffic sniffing and active probing techniques. Most WiFi clients keep a memory of networks (SSIDs) they have connected to in the past. Wi-Fish Finder first builds a list of probed networks and then using a set of clever techniques also determines security setting of each probed network. A client is a fishing target if it is actively seeking to connect to an OPEN or a WEP network. Clients only willing to connect to WPA or WPA2 networks are not completely safe either!
To find out why – you’r welcome to try out WiFish Finder a vulnerability assessment tool built by Sohail and Prabhash, members of security research team at AirTight Networks. Sohail is presenting WiFish Finder at DefCon 2009 today. Demo version of this tool (Version 1.0) can be downloaded from http://airtightnetworks.com/fileadmin/downloads/WiFishFinder-v0.1.zip
Sohail is also planning to release WiFish Finder Ver 2.0 with speed, usability and feature enhancements (such as PEAP vulnerability detection) upon his return from Las Vegas. To download full featured version of WiFish Finder and for tips on protecting your laptop from Wi-Fishing attacks, visit http://www.airtightnetworks.com/wifishfinder.This URL will be operational in 4-5 days.
What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? Well, you only have to wait another 4-5 days to find out the answer!
-*- Pravin -*-
Pravin Bhagwat Best practices, Wireless scanning, Wireless security evil twin, honeypot, Open, WEP, Wi-Fishing, WiFi intrusion detection, WiFi security, WiFi vulnerability assessment, WPA, WPA2
Financial institutions need to provide the same automated, continuous, and auditable levels of security to wireless networks as they do for wired-whether they’re managing a wireless network or not.
The risks associated with wireless networks are diverse. And whether you’ve prohibited wireless access at your company, or have chosen to enable encrypted wireless access, you still have a significant wireless security problem. How so? Just about every portable device shipped in the past few years comes with wireless access enabled-smart phones, PDAs, notebooks, MP3 players, portable storage devices and even printers – while WiFi access points the size of a USB-thumb drive are coming to market in increasing numbers. Also, financial institutions, and all enterprises for that matter, which believe they can avoid the risks associated with wireless networks through encryption or policy alone are mistaken-and they’re placing their wired LANs at significant risk as a result. Read more…
Pravin Bhagwat Wireless security Wireless security
