HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 50 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow ssh and wep
EH-Net
May 19, 2013, 09:08:01 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: ssh and wep  (Read 4531 times)
0 Members and 1 Guest are viewing this topic.
piewacket
Newbie
*
Offline Offline

Posts: 5


View Profile
« on: March 06, 2007, 04:04:50 PM »
A question i get asked and i always say don't use wep but -
if a vpn using ssh or even a shopping site using ssh goes over an insecure wirless network either unecrypyted or using wep - is this an issue ?
i know you can sniff it - but its encrypted can you perform a session hijack ? How do you see the ipid's ? is there an issue still with wireles access to a https session
Logged
jimbob
Guest
« Reply #1 on: March 07, 2007, 06:42:49 AM »
Hi,
WEP is considered by many as a fundamentally broken security device since it contains inherent weaknesses. For this reason the best advice from the security community is to opt for a stronger means of securing wireless networks e.g. WPA2.

It's important to keep unauthorised hosts off your network. Once an unwanted visitor is inside your network they can work on attacking your machines. There are techniques such as ARP poisoning that may be used for man-in-the-middle attacks, bypassing the protection offered by SSL/TLS or the intruder might simply attack your computers/routers directly.

Make every effort to keep strangers off your wireless network as you would a wired network. There are many aspects to security that are as or more important than encrypting your network traffic.

Jim
Logged
piewacket
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #2 on: March 07, 2007, 07:32:04 AM »
thanks jimbob, i guess the question I have is -

 is it possible to do a session hijack on an ssl vpn -

 does the fact that its runs over wireless make any difference.
Logged
Kev
Guest
« Reply #3 on: March 07, 2007, 07:47:21 AM »
It really depends on the strength of the encryption. Cracking WEP only connects you to that network.  In my experience the average cracker doesn’t know what to do with intercepted encrypted traffic and looks for easier targets because they are out there.   If all the hosts are extremely well fortified and the communication is using strong encryption, most crackers are going to be dead in the water and there will be little they can do directly against that particular network other than take the entire network down.  The reality is, you won’t find well fortified boxes behind something like WEP, because if you have an Admin that conscientious in the first place, WEP would be the last thing used. 
Logged
Kev
Guest
« Reply #4 on: March 07, 2007, 08:13:34 AM »
Yes you can in theory perform a session hijacking in that environment and then any communication is vulnerable regardless and protocols that rely on the exchange of public keys to protect communications are often the target of these types of attacks. But session hijacking can be difficult to pull off and requires a decent skill level.
« Last Edit: March 07, 2007, 08:15:43 AM by Kev » Logged
piewacket
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #5 on: March 07, 2007, 12:00:32 PM »
Kev - thanks for your input - I have done session hijack in lab on my ceh course but not on ssl -
i have a ssl vpn deployed and am unsure if i should be concerned about users accesing it from public wifi spots that i have no control over

i am now not sure wether wireless makes any difference to the ssl encryption.

although i suppose if can compromise the wireless n/w then session hijack is easier than doing it for a users coming over dial up - as that would have to be done blind as you can't get the packets back - source based routing won't work.
which leaves me coming back to - is it even possible
Logged
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 385



View Profile WWW
« Reply #6 on: March 09, 2007, 02:32:25 PM »
Yes you can hijack SSL and crack the session hash but you have to be able to crack the MD5 in the session to see anything. It is not as easy as most might make it sound but yes with Cain & Able you can do this but to crack the session hash to view the info will take some nice CPU power. I could be wrong but I think you are looking at 128 Bit encryption on the SSL. I have noticed that when MITM attacking with Cain on SSL a lot of info is not always encrypted so you can see some of the data. I was able to MITM attach my wifes PC on our AP and then see the online banking info. So I know it is possible but it could depend on how and what in the client server communication is really encrypted.

Brian
Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.