Sign in to follow this  
Followers 0
digitalchameleon

Security of managed WPA wireless access points.

4 posts in this topic

Airodump output:


ENC CIPHER AUTH ESSID
OPN XYZ-open
WPA2 CCMP MGT XYZ-authorized

Logging onto XYZ-open directs you to a webpage asking for a username and password, which I'm assuming will then allow you access to XYZ-authorized. Can anybody provide information about how this happens exactly? I've been searching google and aircrack forums with no luck. Is this AP vulnerable to WPA handshake capture? Can the webpage passwords be sniffed form the XYZ-open network?

Edited by digitalchameleon
-1

Share this post


Link to post
Share on other sites

Airodump output:


ENC CIPHER AUTH ESSID
OPN XYZ-open
WPA2 CCMP MGT XYZ-authorized

Logging onto XYZ-open directs you to a webpage asking for a username and password, which I'm assuming will then allow you access to XYZ-authorized. Can anybody provide information about how this happens exactly? I've been searching google and aircrack forums with no luck. Is this AP vulnerable to WPA handshake capture? Can the webpage passwords be sniffed form the XYZ-open network?

sounds like the open one is a guest network behind a walled garden... traffic between the open and WPA networks would be isolated, and logging into the open network would not provide you with credentials for logging into the WPA protected network..

-1

Share this post


Link to post
Share on other sites

The only page I can get through XYZ-open says:

Access XYZ internet.

Username:_____________

Password:_____________

All packets seem to end up here, with this http server. I have seen clients access XYZ-open shortly before their MAC address appears associated with XYZ-authorized.

0

Share this post


Link to post
Share on other sites

It's likely a newer Cisco/Linksys wireless router. They do indeed provide a walled garden for allowing visitors to your house/business/whatever to access the Internet but not the machines on the secure portion of the network. From what I've seen, the "visitor" side is just running a gateway auth service and has no bearing on who can associate with the "secure" side.

I do a similar thing with m0n0wall/pfSense -- my wireless router (a little ALIX board running m0n0wall) runs with no encryption but requires gateway auth login before a machine can connect to anything. The access point's WAN interface is connected to a switch on the untrusted interface of my pfSense box. You can only route to the public Internet through the untrusted interface, but if you need to access something on my internal LAN, you can connect to an OpenVPN daemon on the pfSense untrusted interface using a pre-shared key and tunnel into the trusted LAN network.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0