Email Delivery

Receive new posts as email.

Email address

Syndicate WNN sites

Single feed for all sites

Syndicate this site

RSS 0.91 | RSS 2.0
RDF | Atom
Podcast only feed (RSS 2.0 format)
Get an RSS reader
Get a Podcast receiver

Contact

About This Site
Contact Us
Privacy Policy

Search

Google

Web this site

January 2007
Sun Mon Tues Wed Thurs Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Stories by Category

Basics :: Basics
Casting :: Casting Listen In Podcasts Videocasts
Culture :: Culture Hacking
Future :: Future
Hardware :: Hardware Adapters Appliances Chips Consumer Electronics Gaming Home Entertainment Music Photography Video Gadgets Mesh Monitoring and Testing PDAs
Industry :: Industry Conferences Financial Deals Free Health Legal Research Vendor analysis
International :: International
Media :: Media IPTV Locally cached Streaming
Metro-Scale Networks :: Metro-Scale Networks Community Networking Municipal Public Safety
Network Types :: Network Types Broadband Wireless Cellular 2.5G and 3G 4G UMTS Power Line Satellite
News :: News Mainstream Media
Politics :: Politics Regulation Sock Puppets
Schedules :: Schedules
Security :: Security 802.1X
Site Specific :: Site Specific Administrative Detail April Fool's Blogging Book review Cluelessness Guest Commentary History Humor Self-Promotion Unique Who's Hot Today?
Software :: Software Open Source
Spectrum :: Spectrum
Standards :: Standards 802.11a 802.11e 802.11g 802.11n 802.20 Bluetooth MIMO UWB WiMAX ZigBee
Transportation and Lodging :: Transportation and Lodging Air Travel Aquatic Hotels Rails
Unclassified :: Unclassified
Vertical Markets :: Vertical Markets Academia Enterprise WLAN Switches Home Hot Spot Aggregators Hot Spot Advertising Road Warrior Roaming Libraries Location Medical Residential Rural SOHO Small-Medium Sized Business Universities Utilities wISP
Voice :: Voice

Archives

January 2007 | December 2006 | November 2006 | October 2006 | September 2006 | August 2006 | July 2006 | June 2006 | May 2006 | April 2006 | March 2006 | February 2006 | January 2006 | December 2005 | November 2005 | October 2005 | September 2005 | August 2005 | July 2005 | June 2005 | May 2005 | April 2005 | March 2005 | February 2005 | January 2005 | December 2004 | November 2004 | October 2004 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 | December 2003 | November 2003 | October 2003 | September 2003 | August 2003 | July 2003 | June 2003 | May 2003 | April 2003 | March 2003 | February 2003 | January 2003 | December 2002 | November 2002 | October 2002 | September 2002 | August 2002 | July 2002 | June 2002 | May 2002 | April 2002 | March 2002 | February 2002 | January 2002 | December 2001 | November 2001 | October 2001 | September 2001 | August 2001 | July 2001 | June 2001 | May 2001 | April 2001 |

Recent Entries

Wi-Fi Protected Setup Details Announced
Details on San Francisco/EarthLink Deal
San Francisco Reaches Deal with EarthLink, Google
Solid Coverage in Time of Muni Wi-Fi
NextWave Buys Go Networks
Surf, Sand, and Wi-Fi
Bluetooth Has Patent Woes
San Francisco! Slowly I Turned...Step by Step...Inch by Inch...
EarthLink CEO Garry Betty Dies
Rent-A-Cellular-Bridge from Avis

Site Philosophy

This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator or JiWire, Inc.

Copyright

Entire site and all contents except otherwise noted © Copyright 2001-2006 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.

Powered by
Movable Type

« Qwest Offers Wi-Fi in DSL Modem | Main | Steve Stroh's Broadband Wireless Blog »

April 8, 2004

Tool to Crack Cisco LEAP Released

By Glenn Fleishman

Automated LEAP attack tool available: A network engineer last year reported a major hole in Lightweight EAP, Cisco’s previously preferred method of authentication a user across a wireless network to gain access to a network. He held off on releasing an automated tool until now, IDG News Service reports.

Asleap finds LEAP-protected networks, forces users off their connections (deauthenticates them) to force a new authentication, grabs that transaction, and starts a massive dictionary attack on the password. Cisco’s replacement for LEAP, EAP-FAST, will stop dictionary-based cracking from working, Cisco says, but the products aren’t yet available.

Deauthentication is an important part of the wireless cracker’s arsenal because it forces a new authentication right when the cracker is watching. This reduces waiting time, and allows a cracker to monitor traffic for under a minute in some cases. (Deassociation forces a client off a Wi-Fi network, and can be used to force re-authentication or for denial of service attacks — or, as Airespace uses it, to deny connections to rogue access points.)

Cisco issued an unrelated security warning yesterday about its access point management tool, WLSE: The software apparently had a hardcoded username and password built in that provides full access to the unit. The patch disables or removes that back-door account. The WLSE can manage the configuration of hundreds of Cisco APs centrally.

Posted by Glennf at April 8, 2004 1:40 PM

Categories: Security

Trackback Pings

TrackBack URL for this entry:
https://db.isbn.nu/mt3/mt-tb.pl/1787

Listed below are links to weblogs that reference Tool to Crack Cisco LEAP Released:

» Cisco WiFi Authentication Protocol Hack Tool from Bitsplitter Blog
I saw the demo at Defcon last summer, apparently now the tool for cracking Cisco LEAP has been released. There's been a lot of work on replacing WEP in the standard 802.11 stack with a more secure and infrastructure friendly system. Cisco LEAP was o... [Read More]

Tracked on April 10, 2004 10:58 PM

Comments