.

ssh and wep

<<

piewacket

Newbie
Newbie

Posts: 5

Joined: Mon Oct 02, 2006 3:51 pm

Post Tue Mar 06, 2007 5:04 pm

ssh and wep

A question i get asked and i always say don't use wep but -
if a vpn using ssh or even a shopping site using ssh goes over an insecure wirless network either unecrypyted or using wep - is this an issue ?
i know you can sniff it - but its encrypted can you perform a session hijack ? How do you see the ipid's ? is there an issue still with wireles access to a https session
<<

jimbob

Post Wed Mar 07, 2007 7:42 am

Re: ssh and wep

Hi,
WEP is considered by many as a fundamentally broken security device since it contains inherent weaknesses. For this reason the best advice from the security community is to opt for a stronger means of securing wireless networks e.g. WPA2.

It's important to keep unauthorised hosts off your network. Once an unwanted visitor is inside your network they can work on attacking your machines. There are techniques such as ARP poisoning that may be used for man-in-the-middle attacks, bypassing the protection offered by SSL/TLS or the intruder might simply attack your computers/routers directly.

Make every effort to keep strangers off your wireless network as you would a wired network. There are many aspects to security that are as or more important than encrypting your network traffic.

Jim
<<

piewacket

Newbie
Newbie

Posts: 5

Joined: Mon Oct 02, 2006 3:51 pm

Post Wed Mar 07, 2007 8:32 am

Re: ssh and wep

thanks jimbob, i guess the question I have is -

is it possible to do a session hijack on an ssl vpn -

does the fact that its runs over wireless make any difference.
<<

Kev

Post Wed Mar 07, 2007 8:47 am

Re: ssh and wep

It really depends on the strength of the encryption. Cracking WEP only connects you to that network.  In my experience the average cracker doesn’t know what to do with intercepted encrypted traffic and looks for easier targets because they are out there.  If all the hosts are extremely well fortified and the communication is using strong encryption, most crackers are going to be dead in the water and there will be little they can do directly against that particular network other than take the entire network down.  The reality is, you won’t find well fortified boxes behind something like WEP, because if you have an Admin that conscientious in the first place, WEP would be the last thing used. 
<<

Kev

Post Wed Mar 07, 2007 9:13 am

Re: ssh and wep

Yes you can in theory perform a session hijacking in that environment and then any communication is vulnerable regardless and protocols that rely on the exchange of public keys to protect communications are often the target of these types of attacks. But session hijacking can be difficult to pull off and requires a decent skill level.
Last edited by Kev on Wed Mar 07, 2007 9:15 am, edited 1 time in total.
<<

piewacket

Newbie
Newbie

Posts: 5

Joined: Mon Oct 02, 2006 3:51 pm

Post Wed Mar 07, 2007 1:00 pm

Re: ssh and wep

Kev - thanks for your input - I have done session hijack in lab on my ceh course but not on ssl -
i have a ssl vpn deployed and am unsure if i should be concerned about users accesing it from public wifi spots that i have no control over

i am now not sure wether wireless makes any difference to the ssl encryption.

although i suppose if can compromise the wireless n/w then session hijack is easier than doing it for a users coming over dial up - as that would have to be done blind as you can't get the packets back - source based routing won't work.
which leaves me coming back to - is it even possible
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Fri Mar 09, 2007 3:32 pm

Re: ssh and wep

Yes you can hijack SSL and crack the session hash but you have to be able to crack the MD5 in the session to see anything. It is not as easy as most might make it sound but yes with Cain & Able you can do this but to crack the session hash to view the info will take some nice CPU power. I could be wrong but I think you are looking at 128 Bit encryption on the SSL. I have noticed that when MITM attacking with Cain on SSL a lot of info is not always encrypted so you can see some of the data. I was able to MITM attach my wifes PC on our AP and then see the online banking info. So I know it is possible but it could depend on how and what in the client server communication is really encrypted.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software