https://wiki.itcollege.ee/index.php?action=history&feed=atom&title=Hole196
Hole196 - Revision history
2026-05-08T14:20:53Z
Revision history for this page on the wiki
MediaWiki 1.45.1
https://wiki.itcollege.ee/index.php?title=Hole196&diff=34237&oldid=prev
Lrooden: IDS/IPS täpsustus
2011-06-21T11:44:05Z
<p>IDS/IPS täpsustus</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:44, 21 June 2011</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l34">Line 34:</td>
<td colspan="2" class="diff-lineno">Line 34:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== ARP Poisoning ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== ARP Poisoning ===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Vanem ARP mürgitamise (ARP Poisoning) viis, kus võltsitud ARP päring saadeti AP<del style="font-weight: bold; text-decoration: none;">-le </del>teistele klientidele <del style="font-weight: bold; text-decoration: none;">edastamiseks</del>, on IDS/IPS poolt tuvastatav. '''Hole196''' võimaldab võltsitud ARP päringu saata otse teisele kliendile ja on seega <del style="font-weight: bold; text-decoration: none;">võrguseadmes </del>IDS/IPS poolt avastamatu.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Vanem ARP mürgitamise (ARP Poisoning) viis, kus võltsitud ARP päring saadeti <ins style="font-weight: bold; text-decoration: none;">läbi </ins>AP teistele klientidele, on IDS/IPS poolt tuvastatav. '''Hole196''' võimaldab võltsitud ARP päringu saata otse teisele kliendile ja on seega <ins style="font-weight: bold; text-decoration: none;">võrguseadme </ins>IDS/IPS poolt avastamatu<ins style="font-weight: bold; text-decoration: none;">. Kliendi arvutis asuv IDS/IPS tarkvara tuvastaks ARP cache muutuse kuid sellised programmid on vähe levinud</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Man-in-the-middle ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Man-in-the-middle ===</div></td></tr>
<!-- diff cache key ico_mediawiki-ITK_:diff:1.41:old-34236:rev-34237:php=table -->
</table>
Lrooden
https://wiki.itcollege.ee/index.php?title=Hole196&diff=34236&oldid=prev
Lrooden at 10:28, 20 June 2011
2011-06-20T10:28:49Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:28, 20 June 2011</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>'''Hole196''' võimaldab sisemist rünnakut võrgus oleva pahatahtliku kasutaja poolt. See puudutab kõiki WPA ja WPA2 kliente, sõltumata kasutatavast krüptost (AES või TKIP), kasutatavast autentimise viisist (PSK või 802.1x/EAP) või kasutatavast WLAN arhitektuurist (iseseisev, kohaliku- või tsentraalse kontrolliga). '''Hole196''' ei võimalda volitamata kasutaja juurdepääsu võrgule.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''Hole196''' <ins style="font-weight: bold; text-decoration: none;">on WiFi võrgu turvaprotokolli haavatavus, mis </ins>võimaldab sisemist rünnakut võrgus oleva pahatahtliku kasutaja poolt. See puudutab kõiki WPA ja WPA2 kliente, sõltumata kasutatavast krüptost (AES või TKIP), kasutatavast autentimise viisist (PSK või 802.1x/EAP) või kasutatavast WLAN arhitektuurist (iseseisev, kohaliku- või tsentraalse kontrolliga). '''Hole196''' ei võimalda volitamata kasutaja juurdepääsu võrgule.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== IEEE 802.11 standard [http://standards.ieee.org/getieee802/download/802.11-2007.pdf] ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== IEEE 802.11 standard [http://standards.ieee.org/getieee802/download/802.11-2007.pdf] ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l16">Line 16:</td>
<td colspan="2" class="diff-lineno">Line 16:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> 196 Copyright © 2007 IEEE. All rights reserved.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> 196 Copyright © 2007 IEEE. All rights reserved.</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">'''Hole196''' on kirjas 802.11 standardi 196-ndal leheküljel, sealt ka nimi "Auk 196".</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Krüptovõtmed ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Krüptovõtmed ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">Kahte </del>tüüpi krüptovõtmeid</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Kasutatakse kahte </ins>tüüpi krüptovõtmeid</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div># '''Pairwise Transient Key''' (PTK) - unikaalne, genereeritud iga sessiooni jaoks eraldi, kaitseb unicast <del style="font-weight: bold; text-decoration: none;">andmeid</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div># '''Pairwise Transient Key''' (PTK) - unikaalne, genereeritud iga sessiooni jaoks eraldi, kaitseb unicast <ins style="font-weight: bold; text-decoration: none;">liiklust</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># '''Group Temporal Key''' (GTK) - jagatud kõigi klientide vahel, kaitseb grupile saadetud andmeid (näit. ARP broadcast)</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># '''Group Temporal Key''' (GTK) - jagatud kõigi klientide vahel, kaitseb grupile saadetud andmeid (näit. ARP broadcast)</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l39">Line 39:</td>
<td colspan="2" class="diff-lineno">Line 41:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Ohver saadab kogu oma liikluse AP-le krüpteerituna oma PTK-ga aga märgib gatewayks ründaja</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Ohver saadab kogu oma liikluse AP-le krüpteerituna oma PTK-ga aga märgib gatewayks ründaja</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* AP dekrüpteerib ohvri liikluse, krüpteerib selle ründaja PTK-ga ja saadab ründajale</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* AP dekrüpteerib ohvri liikluse, krüpteerib selle ründaja PTK-ga ja saadab ründajale</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Ründaja dekrüpteerib ohvri liikluse</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Ründaja dekrüpteerib ohvri liikluse <ins style="font-weight: bold; text-decoration: none;">enda PTK-ga</ins></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Ründaja edastab ohvri liikluse AP-le aga õige gateway'ga</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Ründaja edastab ohvri liikluse AP-le aga õige gateway'ga<ins style="font-weight: bold; text-decoration: none;">, tagasi tulnud liikluse edastab ohvrile</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Kuidas kaitsta? ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Kuidas kaitsta? ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l46">Line 46:</td>
<td colspan="2" class="diff-lineno">Line 48:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Probleemi päriselt kõrvaldamiseks tuleks parandada protokolli ja uuendada AP-de tarkvara - see võtab aega.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Probleemi päriselt kõrvaldamiseks tuleks parandada protokolli ja uuendada AP-de tarkvara - see võtab aega.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Seni saab ennast kaitsta</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Seni saab ennast kaitsta<ins style="font-weight: bold; text-decoration: none;">:</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Isoleerides WiFi kasutajad teineteisest (ei välista ARP mürgitamist kuid takistab ohvril oma liikluse ründajale saatmist)</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Isoleerides WiFi kasutajad teineteisest (ei välista ARP mürgitamist kuid takistab ohvril oma liikluse ründajale saatmist)</div></td></tr>
</table>
Lrooden
https://wiki.itcollege.ee/index.php?title=Hole196&diff=34235&oldid=prev
Lrooden: Add Category
2011-06-20T09:51:24Z
<p>Add Category</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:51, 20 June 2011</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l59">Line 59:</td>
<td colspan="2" class="diff-lineno">Line 59:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [http://hostap.epitest.fi/wpa_supplicant/ WPA Supplicant]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [http://hostap.epitest.fi/wpa_supplicant/ WPA Supplicant]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [http://www.snort.org/ Snort® - open source network intrusion prevention and detection system (IDS/IPS)]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [http://www.snort.org/ Snort® - open source network intrusion prevention and detection system (IDS/IPS)]</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Traadita side alused]]</ins></div></td></tr>
</table>
Lrooden
https://wiki.itcollege.ee/index.php?title=Hole196&diff=34234&oldid=prev
Lrooden: Created page with ''''Hole196''' võimaldab sisemist rünnakut võrgus oleva pahatahtliku kasutaja poolt. See puudutab kõiki WPA ja WPA2 kliente, sõltumata kasutatavast krüptost (AES või TKIP),…'
2011-06-20T09:48:57Z
<p>Created page with ''''Hole196''' võimaldab sisemist rünnakut võrgus oleva pahatahtliku kasutaja poolt. See puudutab kõiki WPA ja WPA2 kliente, sõltumata kasutatavast krüptost (AES või TKIP),…'</p>
<p><b>New page</b></p><div>'''Hole196''' võimaldab sisemist rünnakut võrgus oleva pahatahtliku kasutaja poolt. See puudutab kõiki WPA ja WPA2 kliente, sõltumata kasutatavast krüptost (AES või TKIP), kasutatavast autentimise viisist (PSK või 802.1x/EAP) või kasutatavast WLAN arhitektuurist (iseseisev, kohaliku- või tsentraalse kontrolliga). '''Hole196''' ei võimalda volitamata kasutaja juurdepääsu võrgule.<br />
<br />
== IEEE 802.11 standard [http://standards.ieee.org/getieee802/download/802.11-2007.pdf] ==<br />
<br />
'''8.5 Keys and key distribution'''<br />
<br />
'''8.5.1 Key hierarchy'''<br />
<br />
RSNA defines two key hierarchies:<br />
a) Pairwise key hierarchy, to protect unicast traffic<br />
b) GTK, a hierarchy consisting of a single key to protect multicast and broadcast traffic<br />
NOTE—Pairwise key support with TKIP or CCMP allows a receiving STA to detect MAC address spoofing<br />
and data forgery. The RSNA architecture binds the transmit and receive addresses to the pairwise key. If an<br />
attacker creates an MPDU with the spoofed TA, then the decapsulation procedure at the receiver will generate<br />
an error. GTKs do not have this property.<br />
<br />
196 Copyright © 2007 IEEE. All rights reserved.<br />
<br />
== Krüptovõtmed ==<br />
<br />
Kahte tüüpi krüptovõtmeid<br />
<br />
# '''Pairwise Transient Key''' (PTK) - unikaalne, genereeritud iga sessiooni jaoks eraldi, kaitseb unicast andmeid<br />
# '''Group Temporal Key''' (GTK) - jagatud kõigi klientide vahel, kaitseb grupile saadetud andmeid (näit. ARP broadcast)<br />
<br />
WPA2 standardi järgi on GTK ühesuunaline võti, AP peaks seda kasutama krüpteerimiseks ja WiFi klient dekrüpteerimisel. Samas WiFi klient jätab endale alati GTK koopia. (wpa_supplicant tarkvara logi näitab, et GTK on WiFi kliendile alati teada.)<br />
<br />
Pahatahtlik kasutaja saab saata GTK-ga krüpteeritud andmeid teistele võrgu kasutajatele.<br />
<br />
== Võimalik rünne ==<br />
<br />
=== ARP Poisoning ===<br />
<br />
Vanem ARP mürgitamise (ARP Poisoning) viis, kus võltsitud ARP päring saadeti AP-le teistele klientidele edastamiseks, on IDS/IPS poolt tuvastatav. '''Hole196''' võimaldab võltsitud ARP päringu saata otse teisele kliendile ja on seega võrguseadmes IDS/IPS poolt avastamatu.<br />
<br />
=== Man-in-the-middle ===<br />
<br />
* Ründaja saadab ohvrile ARP teate "mina olen gateway"<br />
* Ohver saadab kogu oma liikluse AP-le krüpteerituna oma PTK-ga aga märgib gatewayks ründaja<br />
* AP dekrüpteerib ohvri liikluse, krüpteerib selle ründaja PTK-ga ja saadab ründajale<br />
* Ründaja dekrüpteerib ohvri liikluse<br />
* Ründaja edastab ohvri liikluse AP-le aga õige gateway'ga<br />
<br />
== Kuidas kaitsta? ==<br />
<br />
Probleemi päriselt kõrvaldamiseks tuleks parandada protokolli ja uuendada AP-de tarkvara - see võtab aega.<br />
<br />
Seni saab ennast kaitsta<br />
<br />
* Isoleerides WiFi kasutajad teineteisest (ei välista ARP mürgitamist kuid takistab ohvril oma liikluse ründajale saatmist)<br />
* Kasutada VPN ühendust<br />
* Kasutada IDS/IPS tarkvara (näiteks Snort) tuvastamaks ARP cache muutusi.<br />
<br />
== Välislingid ==<br />
<br />
* [http://www.airtightnetworks.com/WPA2-Hole196 WPA2 Hole196 Vulnerability - FAQs]<br />
* [http://www.airtightnetworks.com/fileadmin/pdf/WPA-Too-Hole196-Defcon18-Presentation.pdf BlackHat and Defcon presentation slides of Hole 196]<br />
* [http://www.nowiressecurity.com/articles/secure_network_hole_196_wpa.htm Secure Your Network (and Clients) Against Hole 196]<br />
* [http://hostap.epitest.fi/wpa_supplicant/ WPA Supplicant]<br />
* [http://www.snort.org/ Snort® - open source network intrusion prevention and detection system (IDS/IPS)]</div>
Lrooden