tag:blogger.com,1999:blog-6690994337395244641.post1303668104082408254..comments2022-03-30T14:14:56.448-05:00Comments on Paul Melson's Blog: A Little Wi-Fi Hacking With Your Half-Caf Nonfat Mochachino?PaulMhttp://www.blogger.com/profile/02530533566781746778noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-6690994337395244641.post-26136711533578631642007-10-26T11:13:00.000-05:002007-10-26T11:13:00.000-05:00If the attack is reliably below 6 minutes, then th...If the attack is reliably below 6 minutes, then that's a more valuable attack because it's faster than attacking the AP with aireplay & friends.<BR/><BR/>I can also sort-of-maybe see your use case for trying to spoof an AP to a client at a public venue like an airport or coffee shop. However, it seems far easier to sniff for client beacons that use no encryption and spoof those AP's. Or to just spoof an official-sounding AP name and wait for people to attach to you. Or to associate to the official AP. These all get you direct IP access and the last one even gets you MiTM with a little ARP spoofing. <BR/><BR/>But it's cool research nonetheless.PaulMhttps://www.blogger.com/profile/02530533566781746778noreply@blogger.comtag:blogger.com,1999:blog-6690994337395244641.post-20351453415211830362007-10-24T13:30:00.000-05:002007-10-24T13:30:00.000-05:00Hi Paul,Actually we refined the attack and now it ...Hi Paul,<BR/><BR/>Actually we refined the attack and now it takes less than 6 minutes and not 30 minutes.<BR/><BR/>Answering your question: Our idea was to prove that the Client itself can be hacked if it uses WEP. Picture this: A hacker scans the air at an airport, finds a client which probes for a wireless network. If this network uses WEP the current tools such as Karma cannot do much, but using the Caffe Latte attack, they can first break the WEP key for that network. Then bring up a honeypot with that WEP key, have the client associate with this honeypot and then gain IP layer connectivity. Once IP layer connectivity is gained then all the hacker needs is a vulnerability scanner. You know the rest of the story now :)<BR/><BR/>You can download the ppt from: <BR/><BR/>http://www.airtightnetworks.net/knowledgecenter/WEP-CaffeLatte.htmlAnonymousnoreply@blogger.com