I agree demonstrating with sslstrip is confusing, I presume demonstrating a 
worst case scenario.

I ran across a good FAQ by Aruba Networks, skip the Aruba specific stuff, but 
found this general comment particularly interesting:
--
Q: What is the impact?
A: When used successfully against WPA2 with AES-CCMP (the default mode of 
operation for most Wi-Fi networks), an attacker can decrypt and replay packets 
in one direction of communication (from client to AP), but cannot forge packets 
and inject them into the network. When used against WPA-TKIP – an encryption 
scheme that already suffers from serious security weaknesses and is not 
recommended for use – an attacker can decrypt, replay, and forge packets.
--
WPA SECURITY VULNERABILITY
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

That reads like a less than major issue for WPA2-AES setups.

Lonnie


On Oct 16, 2017, at 2:48 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> 
wrote:

> Hmm in the video he used the sslstrip tool to force HTTP as a Man in the 
> Middle attack!
> 
> Regards
> Michael Knill
> 
> -----Original Message-----
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Tuesday, 17 October 2017 at 4:30 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: [Astlinux-users] KRACK - WiFi WPA2 Key Reinstallation Attacks
> 
> AstLinux Users,
> 
> For the sake of completeness, AstLinux standard builds do not contain WiFi 
> client (wpa_supplicant) or server (hostapd) support, so the recent KRACK WPA2 
> security disclosures do not apply to AstLinux.
> 
> Ref: Key Reinstallation Attacks
> Breaking WPA2 by forcing nonce reuse
> https://www.krackattacks.com
> 
> Though, any attached WiFi WPA2 access points and corresponding clients may 
> well be vulnerable, in particular any Linux clients using wpa_supplicant are 
> particularly vulnerable.
> 
> Note that this KRACK vulnerability affects WiFi non-encrypted traffic 
> payloads such as HTTP, as if you tapped a cable, encrypted payloads such as 
> HTTPS and OpenVPN remain secure.
> 
> Lonnie
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to