Wireless Security Flaws

Presented at HOPE Number Six (2006), July 22, 2006, 11 a.m. (60 minutes)

Wireless security flaws are commonplace but not many people realize just how much of the inner workings of infrastructure and management traffic for large networks are often accessible over wireless. Working as a team of professional penetration testers, the first time these three saw routing protocols and management traffic visible over 802.11, they thought the client really lacked clue. The tenth time, it wasn't so funny anymore.

This session will show you the common switching, routing, and management traffic commonly present in urban wireless environments, discuss the security risks (from information disclosure to remote exploit), and show you how to prevent this sort of highly critical data from leaving your network by way of your access points. Using examples from the last five years of growing urban wireless presence, this talk will show the initial signs of backbone control traffic creeping out of poorly secured access points and present statistics on overarching protocol trends over time. The talk will then take a more serious turn, showing the sorts of damage that a malicious attacker can wreak on a network with the information provided in just a few routing protocol packets. Lower level attacks such as switching and CDP will also be covered. Finally, a ray of immediately practical hope will be offered, giving recommendations on actions that will prevent this sort of critical data from being advertised out of your wireless access points.

Presenters:

• 3ric Johanson
  3ric Johanson (ericj@shmoo.com) has been involved with breaking things for many years. A Shmoo Group member, he's been involved with several successful projects, including Hackerbot, Vend-O-Rand, and Rainbow Tables. By day he is an independent security consultant specializing in penetration testing and application assessments. By night he has been spotted wearing his "so sue me already" t-shirt while drinking over-caffeinated coffees. Some of his recent public work has included international domain name vulnerabilities. His hobbies include building and breaking things in his underground lair in Seattle. He hates most people, so expect no compassion from him.
• Brandon Uttech
  Brandon Uttech (brandon.uttech@gmail.com), a penetration tester and professional programmer, is resident ninja of his group. His previous work includes wireless security assessments, helping to put on the annual Capture the Flag hacking competition at DefCon, and providing well-timed advice on physical security. In his spare time, Brandon enjoys taiko drumming and swordfighting in the rain.
• Raven Alder
  Raven Alder (raven@oneeyedcrow.net) is a somewhat cynical security geek with a focus on backbone network engineering. Her recent work on penetration testing routing and switching infrastructure has rocked the ISP boat a bit, but she believes that a well-tested backbone is more likely to be a secure backbone. She has coauthored books on the security tools Snort and Nessus and has spoken at many conferences, including previous Black Hat conferences, Linux World Expo, and DefCon. For her next trick, she intends to test implementations of cryptography on critical infrastructure devices.

Links:

• https://infocon.org/cons/2600/HOPE Number Six (2006)/HOPE Number Six (2006) - Wireless Security Flaws.srt (subtitles)
• https://infocon.org/cons/2600/HOPE Number Six (2006)/HOPE Number Six (2006) - Wireless Security Flaws.mp4
• https://www.youtube.com/watch?v=NUUvY70ms6c

Similar Presentations:

• DEF CON 10 (2002) / Wireless Networking
• Hackfest 2017 / The Black Art of Wireless Post-Exploitation
• BSidesDC 2017 / The Black Art of Wireless Post-Exploitation