I think by now Cain and Abel makers (oxid) are on to us. Their downloading mechanism looks like has improved. Last time we could download direct from the link. Guess they have some-kind of link protector.
But fret not. This posting is not to rant about the download mechanism found on cain and abel but about cain and abel + wireless sniffing.
We all know Cain and Abel works wondrous on wired LAN. The question is, what about the ever-popular wireless? (aka "wifi"). This idea came on while chatting with a particular someone after work (name? We will call him Mr AW, for now... :) ).
We were contemplating on the idea of Arp spoofing on wireless. Stealing password across wireless network (how cool is that?). So, we did some testing and here are the result.
CAIN AND ABEL WIRELESS SNIFFFING
- software used : Cain and Abel v Cain & Abel 4.9.14(used the Winpcap that was bundled in the software)
- wireless card : Linksys WUSB54g and Buffalo WLI-CB-G54HP
- result: Sniffing on wireless network (unencrypted, WEP, WPA) = SUCCESS!
Further investigation shows a link for the reported working wireless card (good news to Intel 3945, you guys are supported!) --> Click here to visit the link
Will try on my other wireless card (Netgear WG511t, Ubiquiti SRC 300mW,)
Labels: hacking
- How dangerous..... it's been notorious for long...once again it has proven to be the most favored "WOMD" ("Weapon of Mass Destruction") by script kiddies other than [ettercap,dsniff & hunt].
-The difficulty & time consumed in performing arp poison using C&B is so less & easy...Administrators will find it useful...yet nightmarish if any punk n00b or evil-thought school kids learn it by online tutorial & so 'excited' to try out at school network. It would be a doom's day to admin...~~
Works on Starbucks timezone?
- I wonder does it work on Malaysia Starbucks [timezone]?
- The public hotspot captive portal nodes might not susceptible to Arp poisoning...but how??
Countermeasures
- Proper use of VLAN (switch port & MAC-based)security???
- DHCP & ARP broadcast is sent on the relevant VLAN where all the traffics arrives according to the associated specific switch port. Thus, the attacker who just simply plug into "visitor LAN port" would not get anything unless the attacker can change the VLAN tagging information & own the control.
- As for WLAN, i have no idea about what type of 'devices or nodes' deployed...???
- Definitely for SOHO & house user using typical router switch is totally susceptible to arp poisoining...
It would be great if anyone can share some info. here ^^
[p/s: How come your friend's name sounds so weird, what Mr.AW...is it Anti-Wireless??]