This seems to be a protocol problem with RADIUS authentication.
The protocol is
S->C : server sends nonce to client
C->S : client sends cryptographic hash of nonce to server
S->C : server sends ACK/NACK to client
if ACK (server trusts client)
C->S : client sends nonce to server
S->C : server sends cryptographic hash of nonce to client
if server sent right hash client trusts server and communicates
The problem is that the server is an oracle for the client, this
is a common mistake made by novice security folks trying to create
secure systems. It's why Kerberos 5 replaced Kerberos 4, ssh2 replaced
ssh1, and why there is a few seconds of lag when you mistype a password
at the login prompt of your computer. Cisco and others using RADIUS can
fix this without changing the protocol (but also opening themselves up
for a low bandwidth denial of service attack) by simply adding a couple
seconds of delay after a failed login attempt, a couple seconds when no
one can log in. Since WiFi as a radio technology is inherently easy to
DoS this won't be a serious problem.
Without the delay a rouge client can attempt hundreds of thousands of
logins a second and the server will tell it when it has succeeded in
discovering a password.
No one should really be using WEP or LEAP anyway for security, use
a good IPsec tunnel. IPsec is a little complex because all the
leasons of weak security like WEP, LEAP, ssh1, Kerberos1-4, etc have
been taken to heart so it's about as secure as we know how to make
it. ssh2 is also pretty secure if you've done the initial login in a
secure environment.
-- Daniel
<< When truth is outlawed; only outlaws will tell the truth. >> - RLiegh
On Fri, 3 Oct 2003, jon baer wrote:
]
]----- Original Message -----
]From: "Michael Renzmann" <[EMAIL PROTECTED]>
]To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
]Sent: Friday, October 03, 2003 6:38 AM
]Subject: Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable
]
]
]> Hi.
]>
]> Cisco released a security notice [1] in August about possible dictionary
]> attacks against their proprietary LEAP (Lightweight Extensible
]> Authentication Protocol, used with 802.1x). But according to
]> Computerworld [2] it seems that this information has not been spread
]> well enough.
]>
]> In addition, Unstrung yesterday reported [3] about the demonstration of
]> a tool that seems to be able to retrieve valid passwords for LEAP
]> protected WLANs within "minutes, even seconds". The tool is not
]> available yet, but its author (Joshua Wright from Johnson & Wales
]> University) announced "that the tool will be generally available in a
]> couple of months".
]>
]> Those of you who are using LEAP to protect their Wireless LAN should
]> take care of a proper password policy and change passwords regularly.
]> Cisco provides further information on password selection in their
]> advisory ("Available Documentation", last paragraph).
]>
]> Bye, Mike
]>
]> [1]
]>
]http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080
]1aa80f.shtml
]> [2]
]>
]http://www.computerworld.com/mobiletopics/mobile/story/0,10801,85637,00.html
]?f=x68
]> [3] http://www.unstrung.com/document.asp?doc_id=41185
]>
]>
]
]--
]NYCwireless - http://www.nycwireless.net/
]Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
]Archives: http://lists.nycwireless.net/pipermail/nycwireless/
]
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
