ok guys, what i am saying is that the vpn isnt protected until you log into the vpn server, ie
laptop-----------wap----vpn srever/authentication----------- cloud ------------other vpn box--- other network ^ you can attack here and the vpn is pointless, at best you get WEP at the access point, trivial to crack please educate me if i am wrong Jmiller ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 08, 2002 9:56 AM Subject: Re: Wireless VPN cracking. > Sorry, I am not an expert by any means but I can tell you this works. At home > I use a WAP setup for WEP 128bit encription to a laptop with the MS VPN > client on it and VPN into my company network via 802.11b and across my ADSL > line. > > I believe since WEP and VPN's are two totally separt technolgies there is no > conflict. > > Cliff > > > > Subj: RE: Wireless VPN cracking. > > Date: 7/3/2002 6:14:12 PM Eastern Daylight Time > > From: <A HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A> > > To: <A HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A> > > CC: <A HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A>, <A HREF="mailto:[EMAIL PROTECTED]">SECURITY-BASICS@securityfocu s.com</A> > > Sent from the Internet > > > > > > > > You can also set up SSL for IPSec authentication. So now > > they have tons to crack. >8D > > > > Now question is how do you set up lets say a Windows > > client for VPN over 802.11x with WEP? Especially for > > initial authentication of the system. > > > > Would you have them log in locally then use an IPSec > > client for VPN to login to the domain? > > > > I'm thinking of implementing this at home so that I can > > put it on my resume. Also it is good practice for PKI, > > VPN/IPSec, and SSL. > > >If you are running a VPN, it is not a 100% assumption that your WEP has > > been > > >cracked. I have done some tests using NetStumbler > > >(http://www.netstumbler.com) and found that most times a VPN protected > > >wireless network, with or without WEP enabled, is impossible to crack. > > > > > >Brian Ashcraft > > >Miskatonic Technologies > > >[EMAIL PROTECTED] > > > > > >-----Original Message----- > > >From: jmiller [mailto:[EMAIL PROTECTED]] > > >Sent: Saturday, June 29, 2002 11:54 PM > > >To: [EMAIL PROTECTED] > > >Subject: Re: Wireless VPN cracking. > > > > > > > > >if they are using wepcrack, and have gained access to your WAP, can you > > not > > >also assume that they have the username/password of a user that is > > >autheticated on the vpn? > > >JMiller > > > > > > > > >