WinXP+PEAP+Cert Behavior

Bryan Kadzban bryan
Fri Dec 1 05:31:11 PST 2006

Benn wrote:
> Well, the key rotation should keep it from being interceptable simply
>  from any point,

Not really.  The key rotation doesn't matter here -- the attacker would
be sending broadcast ARP responses using the known group key at the
moment, claiming that his machine had somebody else's IP.  So when a
server tries to send to that IP, it sends to the attacker's MAC instead
of the real MAC.  The AP will happily use the attacker's key to encrypt
this traffic, because it only looks at the target MAC.

Because the attacker already has a valid association, the new group key
will be given to him just like any other valid client.  And so at the
appropriate time, the attacker's ARP responses will start being
encrypted with the new group key.

This isn't related to getting onto the network; this is an attack that
can be carried out after associating and going through the EAP
transaction, if everyone is always allowed.  It's a half-DoS, half-MitM
attack (you can do either).

> Interesting you mention that -- I actually tweaked freeradius to do 
> exactly that, but lacking the proper response Message-Authenticator
> it was dropped.  Is that the kind of thing that I can easily
> generate?

You should only require the RADIUS shared secret.  It may be easier if
you write your own "RADIUS" server (in quotes because it isn't; it'll
just blindly generate accept messages); then you can take the shared
secret and generate the proper authenticator.

> Or, is it a pretty straightforward calculation?

IIRC, it has something to do with repeated MD5 hashing, and putting the
shared secret into the source for the hash.

> I should probably just rtfm the radius rfc, ne? :)

That's what I was going to suggest.  ;-)  It's what I do every time I
need to refresh myself on the Message-Authenticator stuff (and also any
other fields).

RFC 2865.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : 

More information about the Hostap mailing list