 He's truly the cruise director. We're here to talk about secure wireless networking. Primarily building secure 802.11 networks. How many people here have a deployed 802.11 network? That's good. Now, this doesn't count in the airport in your kitchen. Hands. Hi, that's my look-it. How many people here use 802.11 X? Like five? Left. How many people here use left? That's what we expected. Alright, so background for those of you who don't have 802.11 networks deployed, I'm just going to go over the few basic wireless technologies. 802.11 B, I'm not going to go into too much depth. We'll talk about it for the rest of the presentation. But our other common choices are 802.11 A, which is just coming out, and 802.11 G, which is the next protocol that will replace 802.11 A. They are both, for most purposes, 100% equivalent to 802.11 B. Louder? Louder? Do you have a sound guy who can turn this up, please? Thank you. Do you have a mic? Is it better? Can you hear me? Alright, much better. Thank you. Okay, so we have 802.11 A, which is a 5GHz variant of 802.11 B. It's actually newer than 802.11 B. 802.11 G, which is the same performance as 802.11 A, but in the 2.4GHz band, and that's a bad idea for reasons we'll go into later. Then we have Bluetooth. Now, the only reason I put Bluetooth in here is people have asked me about Bluetooth. How secure is Bluetooth? Can we put our LAN on Bluetooth? Bluetooth doesn't really do much. It's not useful for real networking. You can have a wireless earpiece for yourself, and that's about it. Seriously, how many people hear of a useful Bluetooth device? We have one hand. What is it, sir? What do you do with it, man? He says he has a compact flash radio. He says they're doing some kind of vaporware thing, and it's not... Is it on the market? Oh, okay. Alright, so we've got one. Alright, so 802.11 B. 802.11 B is important because right now it's cheap, it's widely available, it's very, very well supported. You can find standards, you can find hardware that will work with pretty much every platform you've got, and it's just generally useful. It's effectively its wireless ethernet. If you do a raw frame dump, you're still looking at 802.3 frame dumps that look real familiar, but they push the signal out over a 2.4 gigahertz wireless signal. It's roughly the same frequency as your microwave oven, and it will cook you. Ken was talking a few minutes ago about a one-watt amp. There were reports of headaches the night they did that. It's a bad idea. Casey's crazy. So 2.4 gigahertz. You push theoretically 11 megabits. Now Ken noted that you don't actually ever get 11 megabits, you get five if you're doing pretty well, and your signal drops off if you've got something annoying like a tree in the way. So really you can expect something about half of ethernet speed. Why is that? Particle overhead. Another issue is that when a packet is missed, it's retransmitted. There is some link layer retransmit strategies. So what ends up happening is if the connection isn't clear, packets need to go over multiple times. It basically reduces your total throughput. So basically you end up in a situation where the lower your signal strength, the lesser your bandwidth. Also, it's not full duplex. So anybody here still have to administer a network with old coax ethernet? Nobody. You're lucky. Well, it's coming back. Performance blows. 802.11a is fixing that just by providing, by brute force, higher bandwidth. And 802.11g is similar. They're both 54 megabit instead of 11. So you'll get maybe 20 megabits of realistic performance. Now the basic security that everybody hears about, on the box, is WEP. Wireless equivalent privacy. It's basically RC4 reheat for every packet. And the idea is to be as secure as an ethernet network. WEP comes in two variants, 64 and 128 bits. Pretty much everybody here probably uses 64. If you do use 128, there is... Am I correct? No point? Not at all? As far as the WEP cracking, it doesn't matter, really. Whether you use 64 or 128, given the way that most of the access points sequence the initialization vectors. Basically, theoretically, you should need a few more packets to break the 128, but in practice, it doesn't matter. Hold on. Why would you know this? I happen to be the author of AirSnart, which was not mentioned at this point, but... Yeah. Please call guy. The last security measure we have is 802.1x. 802.1x is pretty common. Microsoft's deployed it. They did a pretty good job with that. 802.1x provides you with a number of features. First and foremost, you can... Can you hear me? Okay. Can you hear me now? So 802.1x is useful because it lets you negotiate a WEP per client. It also lets you re-key faster. It saves you against AirSnart, basically. If you rotate your key every two minutes, AirSnart will currently not be effective. I'll go into that a little bit more in a minute. So radio physics in two minutes. Who here is a ham operator or has a lot of experience with wireless networking? Not too many people. About 10. Okay. Point one, RF signals behave like light. There are things that cast shadows. Things with water in them are high on the list. People, trees. Trees are the big, annoying one. If you live in somewhere like Seattle, it's pretty green. But also buildings, concrete, steel, coated glass. And you see the green or blue colored office buildings. Those also provide a pretty decent shield against the 2.4 gig signal. Signals also diminish rapidly over distance. That's sort of the quick 3D graph of signal strength over distance. As you get further away, the signal drops off very, very rapidly. And then you run into problems with things like trees casting shadows. Next question. Units of distance. I made it generic. Yeah. Who here is paid attention in physics class? Wow. I'm surprised. Law of inverse squares. Sound familiar? That's what's responsible for this. That's all I graphed here. And then as I said before, metal, stone, and water are the three classes of materials that you have to worry about. So skyscrapers, trees. Pretty much anything concrete. You go into a tunnel, you lose signal. Hardware. We have a couple large classes of hardware. You have the access points. This is the infrastructure that most of you are probably deploying. The access points that we've been using for Seattle Wireless, which I forgot to mention I am somewhat involved with. We use RG-1000s. They're about 60 bucks. Airports. You go to the higher end. You have the gear or blue center, whatever they're calling themselves these days. You have the AP-1000, AP-500 items in that product line. Those provide a bridge between your Ethernet network and your 802.11 network. You also have client devices. This is a Cisco Aeronet card PCI, but most of the interfaces you'll see are PCMCA interfaces and USB. Client devices come from Lucent or Gear, Cisco, Proxim. Those are probably the top three manufacturers. Of those three, they all use different chip sets. You have chip sets from Intersill, which makes the Prism chip set. Popular because it will work with the host AP code. How many people are familiar with host AP? Not too many. Go look it up. It's fun stuff. Cisco, of course, has their own chip set, which is not compatible with anything else. And then you have a gear, which has the Hermes chip set, which is what is emulated by the Prism 2. You have antennas and amps. These are the things that you attach to your radio to violate FCC regulations. You've got omnidirectional antennas and directional antennas. Those are two larger classes for directionals, which are the most interesting for doing building-to-building stuff. You pretty much have... We've got dishes, which typically will look like a big barbecue grill. I'll have a picture later in this presentation. You also have a fishbone-looking thing, which we call a yaggy. Those are pretty much... What else? We have the Pringles cans. Contrary to what Ken says, they actually work pretty well. 14 DBI's, reasonable. What else? I think that's it. Yeah, you're using the barbecue grill, right? Yeah, you can get it for 60 bucks. Where did you get it? Hyperlink? 60 bucks from Hyperlink, you can get a 24 DBI directional dish. It's an old Primestar dish. What's that? It's an old Primestar dish. It says, old Primestar dishes work. Yeah, but you gotta look around for those. Paul, your credit card, bam, you got it the next day. Yeah, he's saying you can take them from your neighbors. Am I correct to say that? Yeah, stand up, please. We all know who's... No, the guy behind you. Oh, come on, come on. We can bring you up on stage afterwards. Then you have an ample question. What's a good omni? Honestly, I don't use the omnis that much. We mostly use rubber ducts that come attached to access points. Hyperlink does sell omnis that look large like PVC pipes attached to wire. I've never used an omni, so... I've never used an omni. Yeah, indoors usually you end up having more problems with signal obstruction than anything else, so you just want to scatter more access points. Yeah, in general, if you've got a direction, if you're doing an interbuilding link, if you have a directional end, even in a really small little rubber duct type omni, you generally get fairly good signal strength. I know we're doing about a half a mile interbuilding link with a directional and just the actual omni that ships on the card, and we're getting really good signal strength. We can easily push 8 megabit over it, so it's pretty reasonable. Is that 8 megabits real throughput? No, okay, it didn't accept. And then amplifiers. Now, amplifiers I'm not going to go into too much. The reason being that if you want an amplifier to be truly useful, you have to have one on both ends of the connection, and if you have mobile clients, which is a typical scenario, you don't have an amplifier on both ends of the connection. Correction, if you have a 200 milliwatt prism card, it may be useful to put an amplifier on your access point, but typically it's more expense than just gathering more access points, and you run into more problems with worrying about having personnel near the radios. 2.4 gig is not good stuff. You might as well open up your microwave and let it run. So, typical network topology. This is what most companies deploy in a highly simplified form. Who here has a network that looks substantially different? Yeah, they didn't think so. Now, typically when people who don't think add wireless, they attach an access point to their client network and say, hey, we can plug all our laptops in with wireless cards and run our network. You can use your printers, you can use your file servers. It'll all work the same as if they were just Ethernet clients. Now, does anybody here see the obvious problem with this? Yeah, go ahead. Yeah, he says you don't have a perimeter, which is exactly the problem. Or you do have a perimeter, you just have a new perimeter for every access point, and most people don't put firewalls there if they're deploying like this. That's what I usually recommend is you just treat it like it's another public network, roughly as hostile as the public internet, which it is, unless you're a DEF CON, which in case it's worse. Although it doesn't work either. But separate IDS, separate firewall, put all your access points outside of that. And with that, with the firewall, you want to add a VPN and not trust any of the underlying security built into 802.11. So, you know, use PPTP is probably the most popular with Windows clients for only the reason that it's very easy to configure. IPsec is somewhat better as far as theoretical security, but who here has ever tried to do IPsec on mobile clients? A couple of people, pain in the ass? Yeah. Horrible, he says. Yeah. It's been my experience. And PPTP is generally good enough. If PPTP is not strong enough to protect your data, you probably shouldn't be on wireless anyway. So, we have a couple types of intruders. You've got the unintentional intruder, which is a pretty new type with wireless. You've got the opportunist, and then you've got the targeted attacker. So, first off, the unintentional intruder. This guy has no clue what he's doing, but he's got his shiny new tie book or, you know, laptop, his VIO with Windows XP, and turns on his laptop, you know, he's maybe outside your office, he's near your house. And in this case, you know, Windows comes and says, hey, there's a wireless connection available. Okay. If you didn't turn on a web, on your network, they don't even have to try. Windows will prompt them for everything they need. And you may think, well, he doesn't know what he's doing, so how much damage can he do? I'll get into that in a moment, but it basically comes down to a liability issue. The other class of unintentional users is, if you're in a big office building, you don't own the whole thing. You may have neighbors who pop onto your wireless network accidentally. I know people who do this, or I don't know people who do this. You probably don't want your neighbors, competitors, et cetera, logging onto your network for their internet access. And Windows XP and macOS X are the two system shipping right now that make this the easiest. Then you have the opportunists. And I also don't know any of these people. They typically run tools like Net Stembler, D Stembler. I don't know, is Hikari here? No. He's probably playing CTF. Good for him. Basically, these are tools. Who here is not familiar with Net Stembler? If you're not familiar, you're not familiar. Okay, we've got two people. For these two people, Net Stembler is a Windows application. It works with an orinoco card. And basically what it does is it lists all access points in your vicinity. So you pop in your card, you turn it on. You get a pretty little signal graph showing you the information you need to hunt down the access point. Opportunists have the same liability issues as the unintentional intruder, just more so. An unintentional intruder may pop in. Question. Oh, correct. Okay. Somebody's pimping out Kizmet. I'm sorry. I forgot to mention Kizmet. His point was that Net Stembler will only find access points that advertise themselves. Most access points do this by default. In fact, I think I'll do. But it is possible to turn off the beacon that advertises an access point. Now, what this means for legitimate users, they have to know your SSID, the network name, before they sign on, because Net Stembler won't show. But Kizmet, as he points out, will find those networks just by sniffing raw frames and looking for traffic sent to a wireless network. So right, liability issues. Your unintentional attacker or unintentional intruder, what he'll be doing is maybe signs on to Nap Street. He's like, hey, you guys have a T1. Great. Bye-bye bandwidth. I mean, it only takes one user. 8 or 11 is more than fast enough to saturate a T1. If you've got a T3, you probably have bigger problems when somebody's on your network like this. But this liability issue, if they download child pornography, pirated software, pirated movies, pirated music, especially with the recent legislation, you don't want that being traced back to your network and not have some kind of sacrificial lamb to offer up to the feds. And if some Joe random on the sidewalk signed on to your network, that's the problem you've got. Opportunist intruders will tend to come seek out your network explicitly to do these sorts of things. Maybe they're not very technically savvy, but they'll send a little bit sketchy and they'll sign on to your network and use your bandwidth and your identification to use it or to engage in these activities. You can also just run IRC bots and wear servers off your net. I've seen this. It's pretty amusing. But obviously, nobody here wants this on your network. But for those of you who are looking for new places to host stuff, there are a lot of companies that hand out routables. I probably shouldn't say this. I'm not going to name names, but walk around with nets down where you'll find them. Okay, so you have your targeted intruders. These are the guys you really worry about. There aren't very many around. I've heard a number of security professionals making the point privately, of course, on front of customers that there is no such thing as a black hat. I would respectfully disagree. But your targeted intruder is your classic black hat. He knows who you are. He knows what you've got, and he's coming to take it. They'll typically have four knowledge of your network, and when they've got whatever it is they want done, they'll leave, which makes them very hard to find. They won't keep going until you get caught. And for this reason, they're the hardest to detect of the three types of attackers. Your best solution here is to lock your network down as tight as you possibly can and make sure you have full-time security professionals like most of yourselves. So we have three classes of attacks that you'll see from these intruders. You have passive attacks, which I'll get into. Wireless segment attacks, which are active attacks that are restricted to the 802.11 network. And you have a full compromise, which is somebody's compromised the previous two, and now they're walking up the line into your wired network. So passive attack, cracking web. This is the most popular one. It's gotten the most publicity. Air Snard. A number of other tools do this as well. I won't list them all. They keep having new ones every couple months. Cracking web is pretty easy. Contrary to what a lot of people think, there's no CPU really involved. You can have an IPAC with a proper software and a wireless card, and you stick it in the bushes outside somebody's building. You come back a couple days later. You've got a web key. It's a passive attack. There's no way to detect it without physically controlling access to your premises. So you have a more than technical problem. The second problem is passive sniffers. If you do not use web or you let your web key stay static long enough for somebody to crack it, you'll have somebody recording all your traffic. This is pretty self-evident. Who here has had problems with their network traffic being taken off the wire? Not many. Who here would know? You must be paranoid. Wireless segment attacks. We call these a barbecue grill. You've got a couple of these. You're using them for business too, right? Yeah. They're 24 DBI usually. Pretty nice. About 60 bucks. Get them in the mail. Put them together in about five minutes. I'm going to take over here because I've got some of these things that are new. So I'm just going to do this little section here. Okay. So basically the wireless segment attacks that we have here. The first one is the direct client attacks. These are when you're on a network that doesn't have any security. Maybe it doesn't have web, whatever. This is basically the one that people consider us often, which is basically attacker comes on to your network. And instead of attacking your infrastructure, they just attack another client. Maybe it's some Windows box. It's got some open shares. It's got some problems like that. Basically the clients in the wireless network may assume that the network they're on is going to be pretty safe from having any attackers on it. And if you don't have any higher levels of security on your network, that's not going to be true. Another wireless segment attack is the men in the middle of attacks. There's a number of different types of these. The first one is people putting up access points. If you've got a bunch of unclued users, and somebody else starts putting up access points near your facilities, chances are some of your users will end up on their access points. If they've got the same SSID, most people won't notice. And if they can route packets back into your network, which they can if your network is open, they can men in the middle all connections. Most of you have probably played with men in the middle in SSL, SSH. Yes, how many people have men in the middle of one of those protocols? Was that? Oh, how many people are men in the middle of those protocols here at DEF CON right now? Oh, come on, admit it. I know you're out there. You can say they can't get on the wireless to do it. That's true, unfortunately. So men in the middle, the easy one is somebody gets an extra access point, tweaks a few settings, and puts it online near your user's question. How close? As far as the signal reach, usually a few hundred feet is the maximum range. If you're using special equipment, oh, that's where I was going with that antenna. Okay, so you use one of those antennas, which you bought for 60 bucks, or a Pringles can, which you built for six, seven dollars. Most of it going to the can of Pringles. You can sit in a park a couple miles away, and you can pick up signal. They have a two or three degree beam width, so you can be pretty precise about picking out targets in the middle. And another point of the directional antennas is that they do also direct the signal that you transmit as well so that you can do some men in the middle attacks from a distance because you can overpower a local omni with a directional, even with a card with a reasonable power level. And of course then you can always get to the point of amplifying the card and so on. So could someone theoretically do a rogue access point attack from across the streets? Absolutely. Another man in the middle of attack of relevance is, I'm sure some of you are probably aware of the ability of ARP spoofing, which is basically a layer two attack. It's a pretty nasty attack, and normally it can be done only on a given Ethernet segment, which is usually fairly well controlled because it's a wire that's in your building. Now at this point when you've got a wireless network up, if you don't have a web or something on it at the minimum, anyone can use these an ARP man in the middle of ARP spoofing techniques on any of the clients on your network. So basically it opens up another dangerous possibility. I'm going on to the denial of service. Unless you have any other management stuff. I'm going on to the denial of service. We discussed the rogue access point in the man in the middle part, which is a rogue access point is indirectly a man in the middle attack of this sort, maybe slightly different. Anyway, denial of service, basically denial of service is more or less impossible to prevent completely in any wireless network using a frequency based mechanism because basically worst case scenario, there's a lot of simpler ways to do denial of service. You can send a lot of packets, you can do things like that, but the worst case all you have to do is generate a lot of noise in the given frequency range in the local area. I mean, if someone's got a leaking microwave and starts cooking a burrito, it'll take out any nearby wireless networks and we've actually seen that happen in practice. The other fun one is you get one of these dishes and you get an old microwave. You take the microwave apart, take a cyclotron, attach to the dish, point a target, turn it on. You'll cook the radio. There's nothing you do to protect against this. Sorry, IPF is not good enough. Right, so basically that's a fundamental limitation of all wireless networks. If DOS is absolutely not acceptable, then basically you can't use a wireless network because they all can be DOS and it's pretty much theoretically impossible to prevent that sort of attack. Now, we haven't discussed exactly what EO21X does to a large degree, so let me give a little quick intro on it. Basically, EO21X is a mechanism which allows client-based authentication on a wireless network. Actually, EO21X is not specifically for wireless. The EO21X standard was actually made for port-based authentication on Ethernet 802 equipment. Why 802 is better? Because the web can have the same key. Right, so one of the things about 802.1X, the advantages of it over just a straight-up web is that it's actually a per-user, per-port authentication. Per-port originally was referred to a port on a switch or on a router, but in this case it refers to a macros or machine. Now, the advantage is 802.1X can be used to negotiate a web key, which is specific to that user. Now, with standard web, one of the problems with the security model of standard web is that there's a single web password that is used by the entire network. Basically, that's an incredible pain to administer if you've got any more than like three users, because what basically happens is, let's say you've got 50 users using the network and you've got static web. Now, one of the users, you no longer want to have access. Maybe they're an employee and they no longer work for the company. Basically, every other one of your users has to switch to a new web key because there's one key for the entire network. Now, 802.1X fixes that problem by it has the ability to dynamically create a session web key that is specific between that user and the access point. So if you've got multiple users, they each get their own web key. The web key is different from one session to another. You can have authentication take place at a fixed interval so that the web key changes from time to time. By changing the web key, you, of course, get rid of the passive attacks on the RC4 problems, which is what Air Snored and other tools similar to it exploit. So basically, 802.1X fixes most of those issues. Now, as far as attacks go, which is what we're really covering here, there is a number of attacks on 802.1X in relation to certain authentication mechanisms. Now, one of the things about 802.1X is that it supports EAP to do authentication, which is basically a general mechanism that allows you to use any number of different actual authentication mechanisms. You can use a clear text password, not a good idea. You can use MD5 passwords. You can use TTLS. Now, some of those mechanisms were designed for EAP over wired networks, and the security model doesn't work with the way 802.1X is designed in that, basically, if you use certain types of EAP authentication, particularly the MD5 one, some other ones, basically everything except for TTLS for the most part, you'll end up having a problem in that once the user has authenticated onto the network, you can send the user a disassociated packet, kick them off, take their MAC address, and now you're talking on the network. Now, of course, by exchanging a web key, you alleviate that problem, but not all of the... 802.1X doesn't always distribute a web key. Only certain versions do, and so that's another thing that you need to make sure to do to prevent the attacks on 802.1X. But, basically, 802.1X that doesn't distribute a web key and that uses a non-two-way authenticated authentication mechanism is attackable. There's a number of different protocol attacks. There's some timing attacks. Those have been overhyped a little bit because if you're using a good EAP and you're using a web session key, those attacks are removed, so... One point I want to make is the one advantage of 802.1X is you can authenticate people as they sign onto your network, and we do have a question, yes. It's hard to track. I know Cisco does currently. All the big-name vendors, they'll have two lines. Apple has airport stuff, that's all consumer, but all the corporate lines, if you go to a Lucid and you go for an AP line, they all support 802.1X. 802.1X support is actually very easy to add. You don't actually have to do most of the hard work on the access point. You let your... Oh, Raka? You let your upstream authentication server handle all the heavy work, so far this is pretty long, and interoperability is pretty good. Although, if you go with Cisco, go all Cisco, it'll make your headaches much fewer. Oh, but the point I wanted to make, when you deploy 802.1X, a good thing to do is to add another tunneling layer on top of that, because that way you prevent session hijacking. A large software company in Redmond does this, and I'm actually pretty impressed with their implementation. PPTP, 802.1X, all over Cisco gear, all the light. Where does they're dropping all that for a gear, for what it's worth? But using something like PPTP, even though it's relatively weak, will protect your connections from hijacking. So now, unless you have anything else on 802.1X, I'm going to go into the active web attacks. These active web attacks have been... There's a number of them. There's two that I'm going to discuss in particular. Now, there's actually some documents published about these, even before the original RC-4 flaw that Airstart is based on. Now, the interesting thing is after all the RC-4 flaw, they became kind of forgotten, because they were the early version of attacks. They're harder to exploit because they require writing raw radio frames. Basically, just for those of you who are interested and you don't know this, with 802.11B, there's actually another frame level. I mean, you've got your IP headers, and underneath that you've got your 802 headers or your standard ethernet header frame. But in the case of 802.1X, there's an additional radio level frame, which is specific to 802.11B. There's a radio level frame, which most of the cards by default won't give you. They'll give you the ethernet level frame and you don't see the radio frame. There are certain cards into monitor mode, which is what tools like AirSnow or the Kismet use. And you can read the radio frames. Now, I've been talking to a couple of people about writing radio frames. I haven't done too much research into it. You can do some more into that. But basically, it's an issue which these active web attacks require. And I think that that's part of the reason that they've gotten a little less coverage. Now, as far as the actual attacks, basically, there's two really big ones that are relevant. The first attack is a known plaintext attack. Basically, it involves a person off-site. I'm going to go kind of into a little bit of the technical detail of how the attacks work, but not too much, and then I'm going to explain how that affects everyone for the people who don't care about the technical detail. So first, a little quick technical detail. Now, the first attack is a known plaintext attack. What you do is you're from another location on the Internet. Now, we're going to assume, for the time being, that you've got an 802.11 network which is connected to the Internet and that you can get packets to the 802.11 network from the Internet to be transmitted. So maybe they've got a Class C and they've got the 802.11 on Internet-rotable Class C. If it's behind a net, there's some ways you can get around it. I'm not going to go into that. Basically what you do is you, from an external location on the Internet, you send a packet to the wireless network. Now, you send a known payload in some way that you can recognize your packet when it comes across encrypted. A good example might be choosing unusual size. Now, when you see that packet come across the network and you have the known plaintext, you can use the known plaintext to generate basically what's called the cipherstream for a particular IV. Now, what that basically means is once you've got that, you can then send packets to the network, even with a web-encrypted network, even with 802.1x, and have your packets be accepted by the network. Basically, so if you can send a packet in from outside with a payload you know, you can basically, any point after that, send data on the 802.11 network and have it accepted. Even if you're not authenticated, I mean basically, this would allow you to send data from a wireless location without the permission of the people who use it. Now, there's a separate attack, which is also an active attack, which you can use to listen to data on a web-encrypted network. And basically what it involves is you listen for a packet, which is encrypted. You then make modifications to the encrypted packet, and then you make modifications to the checksum. Sorry, your question? Yes? The question was, if the Web Key changes, is this attack still valid? If the Web Key changes, you do have to send a new packet from the Internet and get a new plain text, a new Cypher stream, but basically you can do it in one packet. So unless you're changing your Web Key insanely often, it's still a problem. If you're changing the Web Key every 20 minutes, then yes, every 20 minutes, you have to perform the attack again. Basically, you can attack a network immediately. It doesn't take any packet collection, any Airstorm tools like it take a long time to collect enough data to crack the Web Key. With this mechanism, basically, you can start right in sending packets on a web network without a lot of work at all. It's actually pretty easy to attack. The bottom line is you can grab a packet off the network. First you send one, inject one of your own packets into the network from outside. Set it up encrypted. You flip some bits. You can drop it back on the network immediately. That was the second attack I'm talking about, actually, which is basically the way to listen to a network with Web, because that lets you send another network with Web. The way you listen to a network with Web is you receive an encrypted packet. Then you modify the encrypted packet without knowing what you're modifying. You basically do blind modification to certain areas where you know protocol information is stored, like the to address of the IP. If you happen to know where it was originally addressed to, you can modify it in such a way that it's now addressed to somewhere else. Then you can, because of the way the checksum is, modify the checksum so that the packet will be considered valid and retransmit it on the network. Basically, what happens is you get an encrypted packet. You make some modifications to it so that it changes where it's destined to without necessarily being able to read the packet. Then you dump it back on the wireless network. It gets decrypted and sent to you somewhere over the Internet. That one's a little more complex of attack, but basically if you have a machine on the Internet which you control, you can basically listen and read and write to a Web encrypted network. Now, there's currently no tools that I'm aware of out there that do this. I don't know if anyone is actually actively working on them. It's a fairly difficult problem due to the raw radio frames, but there are attacks that do exist. I suspect at some point someone will write the attacks. Most of the fixes to Web purely on rotating Web keys will probably at some point become damaged. How was it? Guess. If you want to flip some bits to change the destination of the packet, how do you know? If you know that they're knatted, it's usually pretty easy to guess IPs. You can re-inject the same packet over and over again and just brute force it. You only have to find the IPs once, and then once the Web key changes, you don't have to redo. Basically, if they have a Class C that's routable, you can look them up on the Internet and find out what that Class C is and modify it to Class C that you control. Like you said, if they're knatted, it's probably 192.168. Dot one dot. Yeah, exactly. Basically, it does require a little more manual labor, a little more sophisticated attacker. That's something like Air Snow that's just run and work. Blue shirt, question. Yes, it has been for quite a while. Right. It's useful for exactly one thing, and that is preventing people from accidentally signing onto your network. Yeah, and actually, Web is valuable in the sense that it does reduce the random wandering around, net stumbling, want to get on the net people, and it makes it annoying for a sophisticated attacker. By all means, deploy Web whenever you can. However, basically, currently, no, there may be some extension, say, to 1x or to Web, that will fix this problem as well. In fact, the IEEE is currently working on a new security standard, but they've been arguing over that for a long time and they'll probably continue arguing over it for some time to come. Now, PPTP or a VPN sort of solution for wireless security will make this not an issue, because those basically assume that the network that you're going over is public which, so they're not having to solve. Question? I saw some of the handouts. We had a question. Green shirt? Alright, right on. Yeah. Well, what's up next? Oh, okay. Somebody fully compromised your network. This is pretty simple stuff. They own some of your work. They own some of your clients maybe, steal your authentication information. Then, the next step is they need to compromise either your VPN box or your firewall upstream, assuming you have one. If you don't have one, it's not an issue. And then they start attacking your upstream hosts. This isn't really merit much discussion. They can print to your printers, pull files off your file servers, attack anything they could attack if they're sitting at one of your desks. So, the big deal with this is, somebody's got a directional antenna and they're sitting offsite, but they can get themselves bridged onto your network. They can do a man-in-the-middle attack against one of your wired hosts, talking to the internet or another wired host. That is, I can sit with a laptop a mile away and pretend to be your gateway and take all of your traffic. And that's bad. Because even if you've got a policy of not trusting your wireless hosts, and steal every file that moves on and off your file server, pretty much any other piece of data. Plus, I can do SSH and SSL man-in-the-middles. Who here has had a problem with SSL man-in-the-middles? Well, you seem to create problems, man. Yeah, you do. So, very few people. But it is an issue. If somebody goes to the trouble of compromising your network to that extent, they will get, yes, keep your network secure Quick Solutions, VPN, PPTP and IPsec. Who here is not familiar with both of those? Good. This is better. I gave this talk for a bunch of corporates and such. 80% of the hands went up. Enable Mac filtering. Mac filtering is pretty weak. It's the sort of thing that somebody like Microsoft uses when they do a wireless product demo on stage for future reference. Next time they launch a new version of Windows. Check for rogue access points on a routine basis. There are tools to do this. Net Stumbler is a good one. Just do a walk around of your area and make sure that you know every access point that's up and you control it. And also carefully monitor all your logs. Yes. The question is, can you isolate the attacker and send them something like a virus? I was going to say, whoa, yeah, take over as AOL account. Yeah. Should I say anything here? Really? Yeah, you can kind of find them. The advantage of wireless is if you know what you're doing, you might be able to actually physically find them and meet space and beat them down. Other than that, no. It's just like somebody plugged into an open ethernet jack on the side of your building. Good luck finding them. You know what the IP address is. It's still IP. I mean, what are you going to do to them? You don't know? You can DOS them. Great. DOS your network. So, yeah, secure wireless network. The wireless is another border, just like the internet. Do we have anything else we wanted to add, like big deal stuff? No. For more information, you can ask my email address and his email address and a website that doesn't exist yet. In a day or so that will contain links to all the papers that have come out, obviously for problems, the other ones I was talking about, a bunch of other different attacks for people who want real deep technical info. Still good to questions? Yeah. That site will be up just as soon as the wireless network here works. Make sure the wireless network gets working again. Maybe set up a slightly protected network for people who actually... Questions? Yes. You can transmit as far as you can receive. You get a directional antenna in your good shape. Pringles can antennas take an hour to build. So, if you're really strapped for cash, questions? Yes. Sorry, I can't hear you. The question is, how secure are they? They're secure as any of their other products. I believe FX actually gave a talk on attacking embedded devices. I actually missed it, but usually they have pretty weak IP implementations if they have remote administration. You can do things like... Remember the code red versus Cisco 675 thing? A couple of you. You can usually knock over hardware like that pretty easily, especially if it's from, like, Linksys. 8021, whatch? Oh, Vaporware standard, one of them. There's many. More questions, yes. It depends what you're looking for. If you're looking for easy stuff, you're better off with an Omni. Like, if you're in San Francisco for a meeting and you realize that you don't have a net connection, you don't want to pay... What do they call it, T-Mobile now? Yeah, whatever, Starbucks. You get out an Omni or just your card and walk around the streets and realize that there are, like, 3 billion open access points. Actually, if you've got time and you're looking for more interesting stuff, like, in Seattle, you can go up on a hill, get an directional antenna to start scanning downtown. It depends what you're up to. Yes, a green shirt. What's that? Air stored under BSD. I have a question. Oh, is there air stored under BSD? I believe there's another tool under BSD. Is your car in here? I've never seen this before. No, yes, no. There's... Yeah, it's part of BSD air tools, along with de-stumbler, et cetera, et cetera. The guy in the back there. You're gonna have to really scream because... Oh, you're Gandhi, right? No, sorry. You're Joe. Ah, okay, whatever. I was drunk. Oh, the question is triangulation of physical location. It is possible to triangulate physical location with directionals. In fact, actually, we've been kicking around a project just for fun of setting up a couple directionals, having them scan from a couple different locations downtown, Seattle, and then put up access points in a three-dimensional map where they're located. Generally, any kind of triangulation thing is slow and fairly difficult. If you've got an attacker and you want to find out where the attacker is coming from, it's probably not going to be real easy, but if you've got some time, you can triangulate. Well, yeah, because of the threat spectrum and pointing it out here, it's harder to pick up with any kind of standard, just pure radio equipment. You have to basically use NATO 211 equipment to even tell what you've got. And then you end up having to use the signal strength that thing returns. Right. What's that for you? Because a bunch of PhDs wrote that. Yeah. You can get signal strength off most cards. Yeah, basically, you get signal strength for most of the existing cards. The current cards have signal strength support, so you could just basically use the card. You could aim a directional around. I'm not talking about the time-based triangulation. I'm talking about a directional antenna-based triangulation. Yes, that's true. Any other questions, yes, about which? Right? Leap. Leap is a Cisco standard, which is basically a Web-key rotation standard. It's reasonable. It's basically an earlier implementation that's similar to what NATO 211X became. Again, there's those two attacks which may eventually be real that it would be susceptible to other than that, it's a pretty good standard. It's superior over straight web. Certainly, it's per user. It's similar to what NATO 211X and what it's capable of. So, thank you everybody. We will be reachable at... What are we going to be? CTF area, or the bar, or the largest concentration of alcohol in the premises, like Caesar's Challenge tonight. Oh, and by the way...