Abstract image of a woman sitting on books and studying on a laptop

New flaws in WPA-TKIP

V
vanhoefm

The document discusses vulnerabilities in the WPA-TKIP protocol, highlighting various attack methods such as denial of service, the Beck & Tews attack, and fragmentation attacks. It explains technical details related to packet encryption, message integrity codes, and the use of Quality of Service (QoS) in these attacks. Practical implications for network security and recommendations for better practices, including updating to WPA2-AES, are also provided.

Technology
1 of 44
Downloaded 62 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Mathy Vanhoef @vanhoefm Brucon 2012
0x00 The WPA-TKIP protocol 0x04 Denial of Service 0x08 Demo 0x0C Beck & Tews attack 0x10 Fragmentation attack 0x14 Performing a port scan
We will cover:  Connecting  Sending & receiving packets  Quality of Service (QoS) extension Design Constraints:  Must run on legacy hardware  Uses (hardware) WEP encapsulation
 Defined by EAPOL and results in a session key  What you normally capture & crack
 Result of handshake is 512 bit session key  Renewed after rekeying timeout (1 hour) EAPOL protection DataEncr MIC1 MIC2  DataEncr key: used to encrypt packets  MIC keys (Message Integrity Code):  Verify integrity of data. But why two?
 WPA-TKIP designed for old hardware  Couldn’t use strong integrity checks (CCMP)  New algorithm called Michael was created  Weakness: plaintext + MIC reveals MIC key  To improve security two MIC keys are used  MIC1 for AP to client communication  MIC2 for client to AP communication
TSC Data MIC CRC Encrypted  Calculate MIC to assure integrity  WEP Encapsulation:  Calculate CRC  Encrypt the packet using RC4  Add replay counter (TSC) to avoid replays
TSC Data MIC CRC Encrypted  WEP decapsulation:  Verify TSC to prevent replays  Decrypt packet using RC4  Verify CRC  Verify MIC to assure authenticity
 Replay counter & CRC are good, but MIC not  Transmission error unlikely  Network may be under attack! Defense mechanism on MIC failure:  Client sends MIC failure report to AP  AP silently logs failure  Two failures in 1 min: network down for 1 min
 Defines several QoS channels  Implemented by new field in 802.11 header QoS TSC Data MIC CRC unencrypted Encrypted  Individual replay counter (TSC) per channel  Used to pass replay counter check of receiver!
Channel TSC 0: Best Effort 4000 1: Background 0 2: Video 0 3: Voice 0  Support for up to 8 channels  But WiFi certification only requires 4
 MIC = Michael(MAC dest, MAC source, MIC key, priority, data)  Rc4key = MixKey(MAC transmitter, key, TSC)
 The previous slides contain all the info to find a denial of service attack, any ideas? 
 The previous slides contain all the info to find a denial of service attack, any ideas?  Key observations:  Individual replay counter per priority  Priority influences MIC but not encryption key  Two MIC failures: network down  What happens when the priority is changed?
 Capture packet, change priority, replay On Reception :  Verify replay counter  Decrypt packet using RC4  Verify CRC (leftover from WEP)  Verify MIC to assure authenticity
 Capture packet, change priority, replay On Reception :  Verify replay counter OK  Decrypt packet using RC4 OK  Verify CRC (leftover from WEP) OK  Verify MIC to assure authenticity FAIL  Do this twice: Denial of Service
 Disadvantage: attack fails if QoS is disabled  Solution: Capture packet, add QoS header, change priority, replay On Reception:  Doesn’t check whether QoS is actually used  Again bypass replay counter check  MIC still dependent on priority [Cryptanalysis for RC4 and breaking WEP/WPA-TKIP]
Attacker: VMWare vs. Victim: Windows
 Example: network with 20 connected clients  Deauthentication attack:  Must continuously sends packets  Say 10 deauths per client per second  (10 * 60) * 20 = 12 000 frames per minute  New attack  2 frames per minute
0x00 The WPA-TKIP protocol 0x04 Denial of Service 0x08 Demo 0x0C Beck & Tews attack 0x10 Fragmentation attack 0x14 Performing a port scan
 First known attack on TKIP, requires QoS  Decrypts ARP reply sent from AP to client  Simplified: each byte is decrypted by sending a modified packet for all 256 possible values:  Wrong guess: CRC invalid  Correct guess: CRC valid but MIC failure  MIC key for AP to client
 Takes 12 minutes to execute  Limited impact: injection of 3-7 small packets
What is needed to inject packets:  MIC key  Result of Beck & Tews attack  Unused replay counter  Inject packet on unused QoS channel  Keystream corresponding to replay counter  Beck & Tews results in only one keystream…  How can we get more? First need to know RC4!
 Stream cipher  XOR-based This means: Ciphertext Plaintext Keystream  Predicting the plaintext gives the keystream
Simplified:  All data packets start with LLC header  Different for APR, IP and EAPOL packets  Detect ARP & EAPOL based on length  Everything else: IP  Practice: almost no incorrect guesses!  Gives us 12 bytes keystream for each packet
 But is 12 bytes enough to send a packet?  No, MIC & CRC alone are 12 bytes. If only we could somehow combine them… …well, title of this section is fragmentation
 But is 12 bytes enough to send a packet?  No, MIC & CRC alone are 12 bytes. If only we could somehow combine them… …well, title of this section is fragmentation  Using 802.11 fragmentation we can combine 16 keystreams to send one large packet
Data MIC Data1 Data2 Data16 MIC TSC1 Data1 CRC1 TSC16 Data16 MIC CRC16  MIC calculated over complete packet  Each fragment has CRC and different TSC  12 bytes/keystream: inject 120 bytes of data
 Beck & Tews attack: MIC key AP to client  Predict packets & get keystreams  Combine short keystreams by fragmentation  Send over unused QoS channel What can we do with this?  ARP/DNS Poisoning  Sending TCP SYN packets: port scan!
A few notes:  Scan 500 most popular ports  Detect SYN/ACK based on length  Avoid multiple SYN/ACK’s: send RST Port scan of internal client:  Normally not possible  We are bypassing the network firewall / NAT!
New flaws in WPA-TKIP
Building packets sucks… 
New flaws in WPA-TKIP
tcpdump -i mon0 -w crash.pcap
 Target will send outgoing SYN/ACK  Will this go through the firewall/NAT?  Normally not… Device SYN/ACK forwarded? Scarlet VDSL Box No WAG320N No OpenBSD/PF No DD-WRT When SPI is disabled
 Realistic in practice?  Bidirectional traffic is possible Internet Access Point Client Attacker
 Realistic in practice?  Bidirectional traffic is possible Internet Access Point Client Attacker
 Realistic in practice?  Bidirectional traffic is possible Internet Access Point Client Attacker
 Realistic in practice?  Can connect to open ports Internet Access Point Client Attacker
 Client running SSH server with weak password  Bypass firewall using fragmentation attack  Bidirectional communication is possible  Connect to SSH server as root  Dump the network password! Note: not been tested
Beck & Tews:  Inject 3-7 packets of 28 bytes Fragmentation:  Inject arbitrary amount of packets  With a size up to 120 bytes  Additionally, exploit IP fragmentation to transmit IP packets of arbitrary size
Belkin F5D7053:  Ignores TSC… you can simply replay a packet  When connected to a protected network, it still accepts unencrypted packets
 Very efficient Denial of Service  Use fragmentation to launch actual attacks  Forced to use WPA-TKIP?  Use short rekeying timeout (2 mins)  Disable QoS and update drivers (if possible)  Update to WPA2-AES  Specifically set encryption to AES only
@vanhoefm Brucon 2012

More Related Content

PDF
Practical Verification of TKIP Vulnerabilities
vanhoefm
 
PDF
Informal Presentation on WPA-TKIP
vanhoefm
 
PDF
Advanced WiFi Attacks Using Commodity Hardware
vanhoefm
 
PDF
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 
PPT
Firewall - Network Defense in Depth Firewalls
phanleson
 
PDF
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
ShortestPathFirst
 
PDF
Aircrack
Nithin Sathees
 
PDF
USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...
vanhoefm
 
Practical Verification of TKIP Vulnerabilities
vanhoefm
 
Informal Presentation on WPA-TKIP
vanhoefm
 
Advanced WiFi Attacks Using Commodity Hardware
vanhoefm
 
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 
Firewall - Network Defense in Depth Firewalls
phanleson
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
ShortestPathFirst
 
Aircrack
Nithin Sathees
 
USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...
vanhoefm
 

What's hot (20)

PDF
Fundamentals of network hacking
Pranshu Pareek
 
PPTX
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
PDF
Practical steps to mitigate DDoS attacks
Security Session
 
PPTX
Ddos and mitigation methods.pptx (1)
btpsec
 
PPTX
Cracking wpa2 psk in the cloud
Fotios Lindiakos
 
PDF
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
PPT
10 DDoS Mitigation Techniques
IntruGuard
 
PDF
Packet sniffing & ARP Poisoning
Viren Rao
 
PDF
DDoS Attack Detection & Mitigation in SDN
Chao Chen
 
PPT
Mobile Security - Wireless hacking
phanleson
 
PPT
Anton Chuvakin on Honeypots
Anton Chuvakin
 
PPTX
Wireless Attacks
primeteacher32
 
PPT
Barriers to TOR Research at UC Berkeley
joebeone
 
PPT
Securing wireless network
Syed Ubaid Ali Jafri
 
PDF
Строим ханипот и выявляем DDoS-атаки
Positive Hack Days
 
PDF
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
 
DOCX
Type of DDoS attacks with hping3 example
Himani Singh
 
PDF
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
PPTX
Exploiting WiFi Security
Hariraj Rathod
 
PPT
Attacking Automatic Wireless Network Selection
amiable_indian
 
Fundamentals of network hacking
Pranshu Pareek
 
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Practical steps to mitigate DDoS attacks
Security Session
 
Ddos and mitigation methods.pptx (1)
btpsec
 
Cracking wpa2 psk in the cloud
Fotios Lindiakos
 
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
10 DDoS Mitigation Techniques
IntruGuard
 
Packet sniffing & ARP Poisoning
Viren Rao
 
DDoS Attack Detection & Mitigation in SDN
Chao Chen
 
Mobile Security - Wireless hacking
phanleson
 
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Wireless Attacks
primeteacher32
 
Barriers to TOR Research at UC Berkeley
joebeone
 
Securing wireless network
Syed Ubaid Ali Jafri
 
Строим ханипот и выявляем DDoS-атаки
Positive Hack Days
 
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
 
Type of DDoS attacks with hping3 example
Himani Singh
 
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
Exploiting WiFi Security
Hariraj Rathod
 
Attacking Automatic Wireless Network Selection
amiable_indian
 
Ad

Similar to New flaws in WPA-TKIP (20)

PPT
Wireless security837
mark scott
 
PPT
4 wifi security
al-sari7
 
PPT
Hacking Cisco
guestd05b31
 
PPT
5169 wireless network_security_amine_k
Rama Krishna M
 
PPTX
Pentesting layer 2 protocols
Abdessamad TEMMAR
 
PPT
12 tcp-dns
Culverton Blessy
 
PPT
Wireless hacking and security
Adel Zalok
 
PPTX
Wireless Security null seminar
Nilesh Sapariya
 
PPTX
Wireless network security
Vishal Agarwal
 
PPTX
Wifi Security
Shital Kat
 
PPTX
Resilience in the ZigBee Residential Mode
Aleph Tav Technologies Private Limited
 
PPTX
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
iit2022057
 
PPTX
WLAN SECURITY BY SAIKIRAN PANJALA
Saikiran Panjala
 
PPT
Security Issues of 802.11b
guestd7b627
 
PPT
Security Issues of IEEE 802.11b
Sreekanth GS
 
PPTX
Cys Report Krack Attack Threat Briefing
Debra Baker, CISSP CSSP
 
PPT
SAS (Secure Active Switch)
Security Date
 
PDF
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 
PPTX
Cours4.pptx
Bellaj Badr
 
PPTX
Wpa vs Wpa2
Nzava Luwawa
 
Wireless security837
mark scott
 
4 wifi security
al-sari7
 
Hacking Cisco
guestd05b31
 
5169 wireless network_security_amine_k
Rama Krishna M
 
Pentesting layer 2 protocols
Abdessamad TEMMAR
 
12 tcp-dns
Culverton Blessy
 
Wireless hacking and security
Adel Zalok
 
Wireless Security null seminar
Nilesh Sapariya
 
Wireless network security
Vishal Agarwal
 
Wifi Security
Shital Kat
 
Resilience in the ZigBee Residential Mode
Aleph Tav Technologies Private Limited
 
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
iit2022057
 
WLAN SECURITY BY SAIKIRAN PANJALA
Saikiran Panjala
 
Security Issues of 802.11b
guestd7b627
 
Security Issues of IEEE 802.11b
Sreekanth GS
 
Cys Report Krack Attack Threat Briefing
Debra Baker, CISSP CSSP
 
SAS (Secure Active Switch)
Security Date
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 
Cours4.pptx
Bellaj Badr
 
Wpa vs Wpa2
Nzava Luwawa
 
Ad

Recently uploaded (20)

PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Advancing precision in air quality forecasting through machine learning integ...
IAESIJAI
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
Internet of Everything -Basic concepts details
sendilkumar66
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Advancing precision in air quality forecasting through machine learning integ...
IAESIJAI
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
Configure Apache Mutual Authentication
Antonino Piraino
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 

New flaws in WPA-TKIP

  • 1. Mathy Vanhoef @vanhoefm Brucon 2012
  • 2. 0x00 The WPA-TKIP protocol 0x04 Denial of Service 0x08 Demo 0x0C Beck & Tews attack 0x10 Fragmentation attack 0x14 Performing a port scan
  • 3. We will cover:  Connecting  Sending & receiving packets  Quality of Service (QoS) extension Design Constraints:  Must run on legacy hardware  Uses (hardware) WEP encapsulation
  • 4. Defined by EAPOL and results in a session key  What you normally capture & crack
  • 5. Result of handshake is 512 bit session key  Renewed after rekeying timeout (1 hour) EAPOL protection DataEncr MIC1 MIC2  DataEncr key: used to encrypt packets  MIC keys (Message Integrity Code):  Verify integrity of data. But why two?
  • 6. WPA-TKIP designed for old hardware  Couldn’t use strong integrity checks (CCMP)  New algorithm called Michael was created  Weakness: plaintext + MIC reveals MIC key  To improve security two MIC keys are used  MIC1 for AP to client communication  MIC2 for client to AP communication
  • 7. TSC Data MIC CRC Encrypted  Calculate MIC to assure integrity  WEP Encapsulation:  Calculate CRC  Encrypt the packet using RC4  Add replay counter (TSC) to avoid replays
  • 8. TSC Data MIC CRC Encrypted  WEP decapsulation:  Verify TSC to prevent replays  Decrypt packet using RC4  Verify CRC  Verify MIC to assure authenticity
  • 9. Replay counter & CRC are good, but MIC not  Transmission error unlikely  Network may be under attack! Defense mechanism on MIC failure:  Client sends MIC failure report to AP  AP silently logs failure  Two failures in 1 min: network down for 1 min
  • 10. Defines several QoS channels  Implemented by new field in 802.11 header QoS TSC Data MIC CRC unencrypted Encrypted  Individual replay counter (TSC) per channel  Used to pass replay counter check of receiver!
  • 11. Channel TSC 0: Best Effort 4000 1: Background 0 2: Video 0 3: Voice 0  Support for up to 8 channels  But WiFi certification only requires 4
  • 12. MIC = Michael(MAC dest, MAC source, MIC key, priority, data)  Rc4key = MixKey(MAC transmitter, key, TSC)
  • 13. The previous slides contain all the info to find a denial of service attack, any ideas? 
  • 14. The previous slides contain all the info to find a denial of service attack, any ideas?  Key observations:  Individual replay counter per priority  Priority influences MIC but not encryption key  Two MIC failures: network down  What happens when the priority is changed?
  • 15. Capture packet, change priority, replay On Reception :  Verify replay counter  Decrypt packet using RC4  Verify CRC (leftover from WEP)  Verify MIC to assure authenticity
  • 16. Capture packet, change priority, replay On Reception :  Verify replay counter OK  Decrypt packet using RC4 OK  Verify CRC (leftover from WEP) OK  Verify MIC to assure authenticity FAIL  Do this twice: Denial of Service
  • 17. Disadvantage: attack fails if QoS is disabled  Solution: Capture packet, add QoS header, change priority, replay On Reception:  Doesn’t check whether QoS is actually used  Again bypass replay counter check  MIC still dependent on priority [Cryptanalysis for RC4 and breaking WEP/WPA-TKIP]
  • 18. Attacker: VMWare vs. Victim: Windows
  • 19. Example: network with 20 connected clients  Deauthentication attack:  Must continuously sends packets  Say 10 deauths per client per second  (10 * 60) * 20 = 12 000 frames per minute  New attack  2 frames per minute
  • 20. 0x00 The WPA-TKIP protocol 0x04 Denial of Service 0x08 Demo 0x0C Beck & Tews attack 0x10 Fragmentation attack 0x14 Performing a port scan
  • 21. First known attack on TKIP, requires QoS  Decrypts ARP reply sent from AP to client  Simplified: each byte is decrypted by sending a modified packet for all 256 possible values:  Wrong guess: CRC invalid  Correct guess: CRC valid but MIC failure  MIC key for AP to client
  • 22. Takes 12 minutes to execute  Limited impact: injection of 3-7 small packets
  • 23. What is needed to inject packets:  MIC key  Result of Beck & Tews attack  Unused replay counter  Inject packet on unused QoS channel  Keystream corresponding to replay counter  Beck & Tews results in only one keystream…  How can we get more? First need to know RC4!
  • 24. Stream cipher  XOR-based This means: Ciphertext Plaintext Keystream  Predicting the plaintext gives the keystream
  • 25. Simplified:  All data packets start with LLC header  Different for APR, IP and EAPOL packets  Detect ARP & EAPOL based on length  Everything else: IP  Practice: almost no incorrect guesses!  Gives us 12 bytes keystream for each packet
  • 26. But is 12 bytes enough to send a packet?  No, MIC & CRC alone are 12 bytes. If only we could somehow combine them… …well, title of this section is fragmentation
  • 27. But is 12 bytes enough to send a packet?  No, MIC & CRC alone are 12 bytes. If only we could somehow combine them… …well, title of this section is fragmentation  Using 802.11 fragmentation we can combine 16 keystreams to send one large packet
  • 28. Data MIC Data1 Data2 Data16 MIC TSC1 Data1 CRC1 TSC16 Data16 MIC CRC16  MIC calculated over complete packet  Each fragment has CRC and different TSC  12 bytes/keystream: inject 120 bytes of data
  • 29. Beck & Tews attack: MIC key AP to client  Predict packets & get keystreams  Combine short keystreams by fragmentation  Send over unused QoS channel What can we do with this?  ARP/DNS Poisoning  Sending TCP SYN packets: port scan!
  • 30. A few notes:  Scan 500 most popular ports  Detect SYN/ACK based on length  Avoid multiple SYN/ACK’s: send RST Port scan of internal client:  Normally not possible  We are bypassing the network firewall / NAT!
  • 34. tcpdump -i mon0 -w crash.pcap
  • 35. Target will send outgoing SYN/ACK  Will this go through the firewall/NAT?  Normally not… Device SYN/ACK forwarded? Scarlet VDSL Box No WAG320N No OpenBSD/PF No DD-WRT When SPI is disabled
  • 36. Realistic in practice?  Bidirectional traffic is possible Internet Access Point Client Attacker
  • 37. Realistic in practice?  Bidirectional traffic is possible Internet Access Point Client Attacker
  • 38. Realistic in practice?  Bidirectional traffic is possible Internet Access Point Client Attacker
  • 39. Realistic in practice?  Can connect to open ports Internet Access Point Client Attacker
  • 40. Client running SSH server with weak password  Bypass firewall using fragmentation attack  Bidirectional communication is possible  Connect to SSH server as root  Dump the network password! Note: not been tested
  • 41. Beck & Tews:  Inject 3-7 packets of 28 bytes Fragmentation:  Inject arbitrary amount of packets  With a size up to 120 bytes  Additionally, exploit IP fragmentation to transmit IP packets of arbitrary size
  • 42. Belkin F5D7053:  Ignores TSC… you can simply replay a packet  When connected to a protected network, it still accepts unencrypted packets
  • 43. Very efficient Denial of Service  Use fragmentation to launch actual attacks  Forced to use WPA-TKIP?  Use short rekeying timeout (2 mins)  Disable QoS and update drivers (if possible)  Update to WPA2-AES  Specifically set encryption to AES only