Comments on: WPA2 finds itself in a “hole”! Vulnerable to insider attacks! http://blog.airtightnetworks.com/wpa2-finds-itself-in-a-hole-vulnerable-to-insider-attacks/ Thu, 05 Jan 2012 23:48:02 +0000 hourly 1 http://wordpress.org/?v=3.1 By: Kaustubh Phanse http://blog.airtightnetworks.com/wpa2-finds-itself-in-a-hole-vulnerable-to-insider-attacks/comment-page-1/#comment-6133 Kaustubh Phanse Mon, 16 Aug 2010 05:49:06 +0000 http://blog.airtightnetworks.com/?p=1382#comment-6133 Hi Douglas, You are absolutely right! Wi-Fi client isolation alone is not of much use because it can be bypassed if the attacker poisons the cache of the victim with the attacker's Ethernet NIC MAC address. As you have rightly suggested, if the Wi-Fi APs are put on a separate VLAN then the victim's data cannot reach the attacker's machine (which will be on a VLAN different from the AP). In that case, the ARP poisoning attack will end up as a denial of service and man in the middle will not be successful. Hi Douglas,

You are absolutely right!

Wi-Fi client isolation alone is not of much use because it can be bypassed if the attacker poisons the cache of the victim with the attacker’s Ethernet NIC MAC address.

As you have rightly suggested, if the Wi-Fi APs are put on a separate VLAN then the victim’s data cannot reach the attacker’s machine (which will be on a VLAN different from the AP). In that case, the ARP poisoning attack will end up as a denial of service and man in the middle will not be successful.

]]> By: Douglas Smith http://blog.airtightnetworks.com/wpa2-finds-itself-in-a-hole-vulnerable-to-insider-attacks/comment-page-1/#comment-5967 Douglas Smith Thu, 05 Aug 2010 14:33:49 +0000 http://blog.airtightnetworks.com/?p=1382#comment-5967 Client Isolation plus IP subnetting: MITM->DOS Client isolation (PSPF) cannot prevent the attack if the attacker adds an ethernet node to redirect traffic to. If the hackers ethernet NIC is on a different IP subnet, then the ARP poisoning redirect will not result in packets being forwarded to the hackers ethernet NIC as it will be on an unreachable ethernet segment. The attack will become a denial-of-service rather than man-in-the-middle. Do you agree that the combination of client isolation and IP subnetting could be used to partially address the Hole196 ARP poisoning attack? Client Isolation plus IP subnetting: MITM->DOS

Client isolation (PSPF) cannot prevent the attack if the attacker adds an ethernet node to redirect traffic to.

If the hackers ethernet NIC is on a different IP subnet, then the ARP poisoning redirect will not result in packets being forwarded to the hackers ethernet NIC as it will be on an unreachable ethernet segment. The attack will become a denial-of-service rather than man-in-the-middle.

Do you agree that the combination of client isolation and IP subnetting could be used to partially address the Hole196 ARP poisoning attack?

]]> By: WPA2 Hole196 Vulnerability | Pablumfication http://blog.airtightnetworks.com/wpa2-finds-itself-in-a-hole-vulnerable-to-insider-attacks/comment-page-1/#comment-5758 WPA2 Hole196 Vulnerability | Pablumfication Sun, 25 Jul 2010 18:47:32 +0000 http://blog.airtightnetworks.com/?p=1382#comment-5758 [...] WEP & TKIP WPA2 Hole196 Vulnerability WPA2 finds itself in a “hole”! Vulnerable to insider attacks! Black Hat ® Technical Security Conference: USA 2010 // Black Hat Arsenal WPA2 Exposed with [...] [...] WEP & TKIP WPA2 Hole196 Vulnerability WPA2 finds itself in a “hole”! Vulnerable to insider attacks! Black Hat ® Technical Security Conference: USA 2010 // Black Hat Arsenal WPA2 Exposed with [...]

]]> By: [ATNB] WPA2 - You don't even need to crack it. - Overclock.net - Overclocking.net http://blog.airtightnetworks.com/wpa2-finds-itself-in-a-hole-vulnerable-to-insider-attacks/comment-page-1/#comment-5711 [ATNB] WPA2 - You don't even need to crack it. - Overclock.net - Overclocking.net Fri, 23 Jul 2010 10:31:06 +0000 http://blog.airtightnetworks.com/?p=1382#comment-5711 [...] announced its plan to phase out WEP and TKIP, promoting WPA2 as the go-to security standard. Source Basically an exploit was found (known as Hole 196) and exploiting this vulnerability, you can [...] [...] announced its plan to phase out WEP and TKIP, promoting WPA2 as the go-to security standard. Source Basically an exploit was found (known as Hole 196) and exploiting this vulnerability, you can [...]

]]> By: Tweets that mention WPA2 finds itself in a “hole”! Vulnerable to insider attacks! -- Topsy.com http://blog.airtightnetworks.com/wpa2-finds-itself-in-a-hole-vulnerable-to-insider-attacks/comment-page-1/#comment-5707 Tweets that mention WPA2 finds itself in a “hole”! Vulnerable to insider attacks! -- Topsy.com Fri, 23 Jul 2010 06:45:39 +0000 http://blog.airtightnetworks.com/?p=1382#comment-5707 [...] This post was mentioned on Twitter by AirTight Networks, Rocky Gregory and CWNP, MD SOHAIL AHMAD. MD SOHAIL AHMAD said: WPA2 finds itself in a “hole”! Vulnerable to insider attacks! http://bit.ly/bHdqmS [...] [...] This post was mentioned on Twitter by AirTight Networks, Rocky Gregory and CWNP, MD SOHAIL AHMAD. MD SOHAIL AHMAD said: WPA2 finds itself in a “hole”! Vulnerable to insider attacks! http://bit.ly/bHdqmS [...]

]]>