[ISN] Conference Wireless LAN is Hacker Heaven

From: InfoSec News (isn@private)
Date: Wed May 19 2004 - 05:20:18 PDT

  • Next message: InfoSec News: "[ISN] Safe and insecure"

    http://wifi.weblogsinc.com/entry/5607251948314673/
    
    Mike Outmesguine
    May 18, 2004
    
    AirDefense is one of the more respected companies producing wireless
    LAN security software. AirDefense performed a research experiment at
    the recent Networld+Interop conference in Las Vegas. Their monitoring
    software scanned for vulnerabilities and network attacks during the
    conference producing some astonishing results:
    
    AirDefense noted an increase in unsecured connections to Hotspots, up
    three percent from 18 percent yesterday. The majority of connections
    continued to be created for email, file transfer protocol, instant
    messaging and Telnet.
    
    "The increase in malicious activity was likely due to more free time
    by the attendees and the frustration of attendees not being able to
    get out to the Internet," said [chief security officer of AirDefense
    Richard] Rushing.
    
    Additional AirDefense research discovered the following wireless LAN
    and Bluetooth risks and threats on day two:
    
    - 189 separate attacks on different devices
    
    - 112 separate MAC spoofing attacks
    
    - 89 Denial of Service attacks
    
    - 42 authentication attacks, likely due to brute force attacks or 
      misconfigured clients
    
    - 20 separate AirSnarf attacks
    
    - 4 separate Hotspotter attacks
    
    - 3 large Ad-Hoc mesh networks were re-established on day two with an 
      average of 10 stations connected.
    
    - Another association was made with the Sear Service Toolbox 
      (SST-PR-1) and the network was attacked twice
    
    - One Virtual Routing Redundancy Protocol (VRRP) attack, a routing 
      tool attack to redirect traffic
    
    - 165 BlueJack attacks
    
    - 12 Blue Snarf attacks
    
    Jeez. That's a lot of free time.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed May 19 2004 - 06:56:12 PDT