Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Dark Side Of DefCon's Wireless Network

Posted by michael on from the the-goggles,-they-do-nothing dept.

An anonymous reader writes "While there's been a few postings on events happening at DefCon 12, one event seems to have been overlooked. A new wireless packet injection tool was quietly released (unleashed?) during DefCon: AirPwn. Here's a write-up of the tool as deployed by its author and crew at DefCon 12."

15 of 185 comments (clear)

  1. Hardly bad by shfted! · · Score: 5, Insightful

    It's a hacker conference. There is probably no more tolerant place to release such a piece of code, where your talents will be respected instead of persecuted. There were also no doubt many members of the computer security community present who would want to be aware of any new vulnerabilities immediately. I think it's a great thing it was tried and released at DefCon first.

    --
    He who laughs last is stuck in a time dilation bubble.
    1. Re:Hardly bad by ConsumedByTV · · Score: 2, Insightful

      Those were the same people that were afraid to use the network (because they don't know how to do it securely) and also the same people that don't get how the tool works.

      --


      "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
  2. WiFi at Defcon? by Anonymous Coward · · Score: 0, Insightful

    Does this strike anyone else as dumb?

  3. why.. by Anonymous Coward · · Score: 4, Insightful

    Do people still do this? Packet injections of various and sundry sorts are old news.

    There's a worrisome pattern, in the IT security biz, of repetition. Hacks discovered a few years ago re-appear in new clothes as "new," technologies for protecting against them resurface every few years in the same way. Computing as a whole tends to re-invent things on something like a 15 year cycle, but security seems to be on a truly frenetic clock, cycling every 2 years or so (very very approximately ;)

    Is there some connection between this and that vulnerabilties re-surface in new clothes constantly as well?

  4. Moral of the story is.... by screwedcork · · Score: 1, Insightful

    don't use wi-fi for anything that might be even close to important :D

  5. Suprised? Not really. by westyvw · · Score: 1, Insightful

    Wireless was pushed along by a need to get it out. READ COMPANY PROFITS. I have attended lectures where this is described on and on. Little to no attention was paid to security. WEP? Yeah good luck. It is fairly easy to exploit any wireless connection. It just wasnt done right.
    But this is the best part. Become the middle man.

  6. Joe doesn't need AirPwn by Anonymous Coward · · Score: 1, Insightful

    Joe or any other operator of an access point doesn't need AirPwn, since they obviously have physically access to the upstream Internet connection and could intercept packets more efficiently there and inject ads, etc. What's unique about AirPwn is that it enables easier packet injection by those who don't control/own/operate/admin. the access points, but by almost anyone in the neighborhood (or with a sector antenna pointed in your direction).

  7. Re:A few questions by Vellmont · · Score: 2, Insightful


    1) does SSL prevent this attack from working?
    Yes and no. If you do the packet injection after the SSL session is negotiated, yes (since you'll no longer be able to read the HTTP get or post). If you do the packet injection before the SSL session is negotiated (and setup your own SSL session with your own self-signed certificate), no.

    Someone correct me if I'm wrong, but I believe the way it works is to hijack the TCP connection. If you can do that, you can take over anything (though obviously authentication schemes will still blow up and complain about wrong authentication).

    My question is, is IPV6 immune to this at all?

    --
    AccountKiller
  8. Re:response of a victim by menscher · · Score: 1, Insightful
    Uhh, there was no other option. In any case, WiFi is just as secure as ethernet when all you're doing is running ssh. It's only the occasional unencrypted traffic (like /.) that was at risk. And I'm not exactly concerned about someone messing with that. Perhaps you'd like to stop trolling and back up your statement with something intelligent?

    I will say that I thought twice about using telnet even with a OTP specifically because of TCP hijacking fears. (Initially I thought it would be funny for someone to see a plaintext password scroll by their sniffer window.)

  9. Re:i was owned by ConsumedByTV · · Score: 2, Insightful

    So really you weren't because this wouldn't have affected you at all.

    This type of attack doesn't bother people that don't request images.

    Stop karma whoring.

    --


    "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
  10. Re:Is the use of AirPwn anonymous? by skinfitz · · Score: 2, Insightful

    If you can't figure out how it works (and therefore how easily you could be located), you shouldn't be using it, script kiddie.

    I mean, get real. You won't get any chicks because of it.

    ...as we all know, chicks just love haxx0rs...

  11. It could be worse... by Photo_Nut · · Score: 4, Insightful

    You're at Joe's internet cafe, or in an airport, etc. Suddenly, your internet explorer gets a web page redirect to some random porno movie of 3 guys raping a rather unattractive asian girl, complete with audio... in full screen mode. Since your laptop's audio is on, everyone in the area, including your girlfriend hear, "No don't put it in my pussy. [scream]"... And you're joe blow who doesn't know how to use the keyboard to close the window to save your life.

    Yes, it could happen, particularly, if the geek in the corner is sniffing your WiFi traffic, and singles you out.

    More serious would be something which noted when you wanted a secure site, such as a bank, and proxied to a full-screen web page image complete with security icons that tricked the user into sending you their password in the clear.

    There are malicious 14 year olds with laptops out there that would find this awfully amusing.

  12. Headless chickens by AndroidCat · · Score: 2, Insightful
    I can't wait for the headless-chicken legal/political responses. When they discovered that anyone could listen to their cell-radio conversations, they banned scanners that could cover those frequencies. (Wow, that was effective!) Eventually the technical solution was to go digital/encrypted.

    What are they going to do this time, ban WiFi cards? (Perhaps a warning sticker on products: "This is not a phone or a LAN. This is a two-way radio. Wireless means they don't need wires either.")

    --
    One line blog. I hear that they're called Twitters now.
  13. Re:There could be uses by Xylantiel · · Score: 2, Insightful

    No, read that article again. SSH2 provides an additional protection to MITM attacks for users of public key user authentication. In ssh1 only the client having the server host key prevented MITM, the opportunity to make a second check was missed. dnsiff simply provided a new implementation of an known attack, if you use password authentication it will work just as well on ssh2.

    If your servers share user directories and allow public key user authentication, you should probably disable ssh1 to force your users' clients to make this second check.

  14. Re:I wrote the man page for airpwn by ConsumedByTV · · Score: 2, Insightful

    For those that "secure" their dos network, this isn't going to anything unless they write the proper matching regex and haveit reply with a deauth frame. This isn't included as part of the code base, so they have to figure it out.

    --


    "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M