Last year, a vulnerability was announced for Cisco's proprietary LEAP wireless security protocol. Last week Cisco announced EAP-FAST, a replacement for LEAP, fixing the known weakness and adding significant additional strength.
Cisco Introduces Nonproprietary WLAN Security Solution: http://www.crn.com/Sections/BreakingNews/breakingnews.asp?ArticleID=47954 http://www.iapplianceweb.com/story/OEG20040216S0026 A program called "Asleep" was announced that performed a dictionary attack against LEAP. As far as I know, Asleep or any other LEAP attack program was never made publicly available (if you know where I can find it, please let me know, off-list for my wireless test lab): LEAP vulnerability "Asleep": http://www.frame4.com/php/article854.html http://www.unstrung.com/document.asp?doc_id=41185 IETF Draft: http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-00.txt Cisco develops WLAN security protocol to defeat password attacks: http://www.computerworld.com/networkingtopics/networking/lanwan/story/0,10801,90163,00.html?from=imutopicheads http://www.technicallythere4you.com/modules.php?op=modload&name=News&file=article&sid=3454 http://www.nwfusion.com/news/2004/0212cisietf.html http://www.wi-fiplanet.com/news/article.phpr/3312691 Frank Keeney ---------------------------------------------------------------- Pasadena Networks, LLC. http://pasadena.net Wireless Security
