Posts Tagged ‘network’

WPA2 Hole196 Vulnerability

By Mark Davidson on July 25th, 2010

Last month the Wi-Fi Alliance started steps to put an end to WEP and TKIP. By January 2011 the Wi-Fi Alliance plans to disallow TKIP on access points, and disallowed its use on all WiFi devices by 2012. WEP unfortunately survives a bit longer, with the standard being banned on access points from 2013 and banned from all WiFi devices a year later. WPA2-Mixed mode which allows TKIP, will also go in 2014, leaving only WPA2-AES.

With that good news last month, bad news comes this month for the security of Wi-Fi standards.

AirTight Networks have uncovered a vulnerability that they call “Hole196” (  The 196 referring to the last line of Page 196 in the IEEE 802.11-2007 specification ), this is a vulnerability in the WPA2 security protocol that exposes WPA2-secured Wi-Fi networks to malicious insiders. With WPA2 being vastly adopted as the most robust option for many environments due to its resilience to brute force dictionary attacks, this vulnerability will effect both corporate and public networks significantly.

By exploiting the vulnerability, an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their devices for vulnerabilities, and potentially allow attackers to compromise users devices. AirTight researcher, Md. Sohail Ahmad, will be demonstrating this vulnerability at the Black Hat Arsenal (July 29th) and at DEFCON18 (July 31st) in a presentation entitled “WPA Too?!”.
The “WPA Too” presentation will demo the vulnerability and explain how it can be exploited by a malicious user to attack and compromise a legitimate user.

For the people not lucky enough to attend either security conference, AirTight will present a public Webinar on August 4 at 19:00 GMT to detail its findings.

Once the details of the vulnerability are disclosed it will be time to determine what steps and countermeasures can be used to protect wireless network infrastructure. But for now all that can really be done is to break out the VPN tunnels whenever using Wi-Fi. This can at least protect against your data being intercepted but there is still the potential for the attacker to disrupt the targets network traffic.

Read & Comment ›››

sipcalc

By Mark Davidson on March 11th, 2010

While setting up some iptables rules the other day to allow connections from a clients IP range to are servers in London. I needed to translate an IP range expressed as a CIDR to real from and to values. I remembered being taught how to do so in college but that was a long time ago now so was looking for an online tool, I couldn’t find any I liked so I checked for a Linux tool. I found one called sipcalc which is really good. Not only can it do what I needed with translating the CIDR notation it can do a few other calculations / conversions as well.

Simple install process under Ubuntu just the usual

sudo apt-get install sipcalc

Once install its ready to go. To convert an IP range expressed in CIDR format you simply do

sipcalc 165.19.104.1/23
-[ipv4 : 165.19.104.1/23] - 0

[CIDR]
Host address            - 165.19.104.1
Host address (decimal)  - 2769512449
Host address (hex)      - A5136801
Network address         - 165.19.104.0
Network mask            - 255.255.254.0
Network mask (bits)     - 23
Network mask (hex)      - FFFFFE00
Broadcast address       - 165.19.105.255
Cisco wildcard          - 0.0.1.255
Addresses in network    - 512
Network range           - 165.19.104.0 - 165.19.105.255
Usable range            - 165.19.104.1 - 165.19.105.254

This is what I needed to do and it worked just fine giving me the network range and more.

Another useful one is to pass in an IP address and subnet mask this once again is a simple way of getting details about the IP range

sipcalc 10.0.1.84 255.255.0.0
-[ipv4 : 10.0.1.84 255.255.255.0] - 0

[CIDR]
Host address            - 10.0.1.84
Host address (decimal)  - 167772500
Host address (hex)      - A000154
Network address         - 10.0.1.0
Network mask            - 255.255.255.0
Network mask (bits)     - 24
Network mask (hex)      - FFFFFF00
Broadcast address       - 10.0.1.255
Cisco wildcard          - 0.0.0.255
Addresses in network    - 256
Network range           - 10.0.1.0 - 10.0.1.255
Usable range            - 10.0.1.1 - 10.0.1.254

The final example which is probably the most useful to people is to pass in an interface as the parameter

sipcalc -i eth0
-[int-ipv4 : eth0] - 0

[CIDR]
Host address            - 109.123.80.196
Host address (decimal)  - 1836798148
Host address (hex)      - 6D7B50C4
Network address         - 109.123.80.0
Network mask            - 255.255.255.0
Network mask (bits)     - 24
Network mask (hex)      - FFFFFF00
Broadcast address       - 109.123.80.255
Cisco wildcard          - 0.0.0.255
Addresses in network    - 256
Network range           - 109.123.80.0 - 109.123.80.255
Usable range            - 109.123.80.1 - 109.123.80.254