ok guys, what i am saying is that the vpn isnt protected until you log into
the vpn server,
ie
laptop-----------wap----vpn srever/authentication-----------
cloud ------------other vpn box--- other network
^
you can attack here and the vpn is pointless, at best you get WEP at the
access point, trivial to crack
please educate me if i am wrong
Jmiller
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, July 08, 2002 9:56 AM
Subject: Re: Wireless VPN cracking.
> Sorry, I am not an expert by any means but I can tell you this works. At
home
> I use a WAP setup for WEP 128bit encription to a laptop with the MS VPN
> client on it and VPN into my company network via 802.11b and across my
ADSL
> line.
>
> I believe since WEP and VPN's are two totally separt technolgies there is
no
> conflict.
>
> Cliff
>
>
> > Subj: RE: Wireless VPN cracking.
> > Date: 7/3/2002 6:14:12 PM Eastern Daylight Time
> > From: <A HREF="mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A>
> > To: <A
HREF="mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A>
> > CC: <A HREF="mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A>,
<A
HREF="mailto:[EMAIL PROTECTED]";>SECURITY-BASICS@securityfocu
s.com</A>
> > Sent from the Internet
> >
> >
> >
> > You can also set up SSL for IPSec authentication. So now
> > they have tons to crack. >8D
> >
> > Now question is how do you set up lets say a Windows
> > client for VPN over 802.11x with WEP? Especially for
> > initial authentication of the system.
> >
> > Would you have them log in locally then use an IPSec
> > client for VPN to login to the domain?
> >
> > I'm thinking of implementing this at home so that I can
> > put it on my resume. Also it is good practice for PKI,
> > VPN/IPSec, and SSL.
> > >If you are running a VPN, it is not a 100% assumption that your WEP has
> > been
> > >cracked. I have done some tests using NetStumbler
> > >(http://www.netstumbler.com) and found that most times a VPN protected
> > >wireless network, with or without WEP enabled, is impossible to crack.
> > >
> > >Brian Ashcraft
> > >Miskatonic Technologies
> > >[EMAIL PROTECTED]
> > >
> > >-----Original Message-----
> > >From: jmiller [mailto:[EMAIL PROTECTED]]
> > >Sent: Saturday, June 29, 2002 11:54 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Wireless VPN cracking.
> > >
> > >
> > >if they are using wepcrack, and have gained access to your WAP, can you
> > not
> > >also assume that they have the username/password of a user that is
> > >autheticated on the vpn?
> > >JMiller
> > >
> > >
> >
>
