WinXP+PEAP+Cert Behavior

Bryan Kadzban bryan at kadzban.is-a-geek.net
Thu Nov 30 12:46:03 EST 2006


On Thu, Nov 30, 2006 at 05:29:03PM +0100, Benn wrote:
> and even having the initial
> handshake in plaintext would be acceptable if the rest of the
> connection is within a pipe.

Hmm...  I'm thinking that your requirements here are contradictory.
;-)

If anyone can associate and get a key, then I don't think the encryption
that's in place for the other clients is really worth anything anymore
either.  I think it may be possible to start basically "stealing"
traffic (see e.g. Ettercap) using ARP poisoning.  If you're able to get
the server to send you data that was meant for another machine, then
your machine will be able to decrypt it.

But if that's still acceptable, and your management *really* only wants
the appearance of security, then you could probably hack up the internal
RADIUS server to always send Access-Accepts after the first packet.
Actually, you could probably hack together a fairly small standalone
RADIUS server that responds to anything on udp/1812 with an
Access-Accept (and at that point, you might as well just not bother
checking the RADIUS authenticator either -- although you would need to
generate a valid response authenticator, otherwise hostapd won't accept
the response).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20061130/20be3dec/attachment.pgp 


More information about the HostAP mailing list