Collaborate Disseminate
In 802.1x does the client authenticate with the certificate containing the privat e key e.g. is the private key stored on the device that is wishing to access a given resource network ?
Continue reading 802.1x certificate authentication, private key?
From my understanding, after the Access-Request, the authentication server (RADIUS) send a reply (incapsulated in the Access-Challenge packet) to the authenticator (AP).
The Access-Challenge packet contains an EAP Request in… Continue reading Access-Challenge EAP Request
I would like to suggest to the client which one EAP method and inner authentication to use.
I’m using hostapd to create the AP.
I’ve tried by removing some methods in the hostapd.eap_user but I simply managed to make those … Continue reading Force/Suggest the client to use one specific EAP method
I’m trying to change the default EAP type in hostapd but I am not able to understand how to do that.
Here’s what I’ve found reading the hostapd.conf file:
> # NAI Realm information
> # One or more realm can be adverti… Continue reading Change default EAP type in hostapd
In case we want to enable dot1x authentication on the wired network without using host checker,do we still need NAC solution or just simple AAA server to authenticate the host and dynamic VLAN assignment? Any added value for … Continue reading The benifits of Full NAC solution VS simple radius server
A very similar question was asked here but it didn’t get any reply, so I’m going to ask a new question with some more insights.
The problem of the most common Evil Twin Attack is that the fake AP is unsecured and I’ve notice… Continue reading Evil Twin Access Point Secured-Unsecured
Can anyone tell me how ARP Poisoning exactly works?
Because I was sure that worked as I stated here.
But I’ve been told that is not how ARP poisoning works. That the path I’ve mentioned in the link is wrong, because the correct one would be:
target(C)–> router(A)—>attacker(B) –>router(A)–> internet.
And I’ve been told that due to the path mentioned above, I wouldn’t need the PTK to decrypt the traffic because the router would decrypt the traffic for me.
So, which one is correct?
Can anyone tell me how ARP Poisoning exactly works?
Because I was sure that worked as I stated here.
But I’ve been told that is not how ARP poisoning works. That the path I’ve mentioned in the link is wrong, because the correct one would be:
target(C)–> router(A)—>attacker(B) –>router(A)–> internet.
And I’ve been told that due to the path mentioned above, I wouldn’t need the PTK to decrypt the traffic because the router would decrypt the traffic for me.
So, which one is correct?
As mentioned in the title, I’ve questions regarding an ARP Poisoning on a WPA Personal and WPA Enterprise.
I’m gonna do an example (please let me know if I’m wrong):
I need to send the ARP reply to the Victim (C), updating the record of the gateway (A) with the MAC of my machine (B).
Then I need to send the ARP reply to the Router (host A), updating the record of the victim (C) with the MAC of my machine (B).
After that I would simply allow ip forwarding on machine.
So, we should have:
C->B->A
A->B->C
Because, if that is correct, I believe that in WPA Personal, in order to the decrypt the traffic that you have received from the client (victim) you would need to generate the PTK used by the victim (which in this case I believe is possible, because you could generate the PMK having the PSK. Then sniff ANonce, SNonce, AP_MAC, CLIENT_MAC and generate the PTK).
Again, if what I’ve said is correct, how would be possible to decrypt the traffic of the WPA Enterprise that has multiple passwords, making therefore not possible to generate the PMK?
As mentioned in the title, I’ve questions regarding an ARP Poisoning on a WPA Personal and WPA Enterprise.
I’m gonna do an example (please let me know if I’m wrong):
I need to send the ARP reply to the Victim (C), updating the record of the gateway (A) with the MAC of my machine (B).
Then I need to send the ARP reply to the Router (host A), updating the record of the victim (C) with the MAC of my machine (B).
After that I would simply allow ip forwarding on machine.
So, we should have:
C->B->A
A->B->C
Because, if that is correct, I believe that in WPA Personal, in order to the decrypt the traffic that you have received from the client (victim) you would need to generate the PTK used by the victim (which in this case I believe is possible, because you could generate the PMK having the PSK. Then sniff ANonce, SNonce, AP_MAC, CLIENT_MAC and generate the PTK).
Again, if what I’ve said is correct, how would be possible to decrypt the traffic of the WPA Enterprise that has multiple passwords, making therefore not possible to generate the PMK?