You can also set up SSL for IPSec authentication. So now they have tons to crack. >8D
Now question is how do you set up lets say a Windows client for VPN over 802.11x with WEP? Especially for initial authentication of the system. Would you have them log in locally then use an IPSec client for VPN to login to the domain? I'm thinking of implementing this at home so that I can put it on my resume. Also it is good practice for PKI, VPN/IPSec, and SSL. > If you are running a VPN, it is not a 100% assumption that your WEP has been > cracked. I have done some tests using NetStumbler > (http://www.netstumbler.com) and found that most times a VPN protected > wireless network, with or without WEP enabled, is impossible to crack. > > Brian Ashcraft > Miskatonic Technologies > [EMAIL PROTECTED] > > -----Original Message----- > From: jmiller [mailto:[EMAIL PROTECTED]] > Sent: Saturday, June 29, 2002 11:54 PM > To: [EMAIL PROTECTED] > Subject: Re: Wireless VPN cracking. > > > if they are using wepcrack, and have gained access to your WAP, can you not > also assume that they have the username/password of a user that is > autheticated on the vpn? > JMiller > > > ----- Original Message ----- > From: "Clinton McDonald" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, June 27, 2002 4:49 PM > Subject: Wireless VPN cracking. > > > > Hello all.. > > > > I've got a couple of (hopefully!) quick questions regarding a wireless > > VPN. > > > > I have set up a pix to terminate a VPN for our wireless users, to keep > > all their network traffic secure. It looks vaguely like this: > > > > <<----------VPN--------------->> > > Laptop ---> Access Point ---> Pix ---> Switch ---> Server > > 172.16.0.1 10.1.1.11 > > > > The laptop is running the Cisco Secure VPN Client (3.5), and when the > > VPN is connected, the Pix assigns the addresses 10.0.0.90-10.0.0.99 to > > VPN users for the internal (wired) network. When the traffic gets to > > the Pix, the VPN is terminated there, and there is no encryption on the > > wired part of the network. > > > > My theory is that if anyone is sitting out in the car park with a laptop > > with a wireless card, they can associate to the access point all they > > like, but if they are not authorised VPN users, the Pix will drop their > > traffic, and thus, stop them from getting into the internal (wired) > > network. > > > > Questions are: > > 1. Can someone in the car park crack into a VPN users laptop > > somehow, and then get into the network (ie, bypass the pix and connect > > via the other laptop? > > > > 2. If I ping from the server, to 10.0.0.90 (the VPN user), I get a > > response. Should this be so? > > > > Thanks in advance.. > > > > Clinton McDonald CCNA > >
