lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dufresne at (Ron DuFresne)
Subject: Cisco LEAP exploit tool...

On Wed, 14 Apr 2004, Dave Howe wrote:

> Thomas wrote:
> > Another interesting tool: THC-LEAPcracker
> > The THC LEAP Cracker Tool suite contains tools to break the
> >   NTChallengeResponse encryption technique e.g. used by Cisco
> > Wireless LEAP Authentication. Also tools for spoofing
> > challenge-packets from Access Points are included, so you are
> > able to perform dictionary attacks against all users.
> I don't suppose this tool is any use against EAP? we are considering
> implimenting an EAP encrypted AP directly on the lan, and I am looking for
> reasons to say it should be DMZed.....

All wireless traffic should be treated as unsecured, and pushed through a
DMZ/encryption tunneled setup.  Puttiing wireless AP's directly on the LAN
is a major blunder.


Ron DuFresne
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists