02 Oct 09 Security Consultant – Man In The Middle Attacks (MITM)

A Man In The Middle (MITM) attack is a popular network based attack in order to hijack a connection or to sniff traffic. A MITM attack actually covers a variety of different methods. A MITM attack is literally positioning yourself as the attacker between the two communicating parties. Whether you do that via an ARP attack, some type of cryptographic attack, or a physical attack depends on the requirements and scenario. As a security consultant it is important to ensure that the network and it’s communications are as secure as possible against this type of attack. I will cover a simple physical MITM attack, then an ARP attack, and then prevention techniques.
(more…)

Tags: arp, arp attack, arp poisoning, cryptographic attack, default gateway, gateway, layer 2, layer 3, man in the middle, managed switch, MITM, network bridge, nic, openvpn, router, Security Consultant, self signed certificate, SSL, switch

22 Sep 08 Wireless Hacking, Problems with WEP, Wireless Security and WPA

Unfortunately today there are still a huge range of wireless OEM equipment being shipped with WEP as standard. WEP has been known as vulnerable for a long time. This HOWTO assumes Linux familiarity, compatible hardware, the ability to read and troubleshoot, and a brain.

Hacking your wireless network is not difficult, and here’s a procedure you can use to test:

You’ll need:
1. A PC and wireless network.
2. A linux PC/laptop with a wireless networking device

Method:
1. Boot your (debian) pc
2. wget http://download.aircrack-ng.org/aircrack-ng-1.0-rc1.tar.gz
3. tar -xzf aircrack-ng-1.0-rc1.tar.gz
4. cd aircrack-ng-1.0-rc1
5. ./configure
6. make
7. make install

(more…)

Tags: access point, aircrack, aircrack-ng, aireplay-ng, airodump-ng, arp, crack wep, handshake, Linux, wep cracking, wpa