Interesting links | 2008-11-08

As always, Jeremy Stretch posted several interesting articles: how to hijack HSRP, introduction to split horizon in distance vector routing protocols and (long needed) default redistribution metrics.

Petr Lapukhov started playing with HTTP URL regular expressions within NBAR and documented his findings. The most interesting is the last Q/A pair: can I use NBAR as a content filtering engine?

And last but definitely not least, if you’re worried what will happen to WPA2 now that WPA has been cracked, Robert Graham explains the fundamental differences between WPA and WPA2. Also, make sure you read the detailed explanation of the WPA flaw to understand its implications.

2 comments:

  1. Considering WPA, it's nice but get back a second in reality. The attack only works in AP=>host direction. The researchers presumeds some IP fields so for an *unique frame*, attack have only to calculate 15 bytes. Clearly, the attack actually works with 1 byte per minute (aka 900 seconds or 15 minutes to attack a unique frame). Still a lot to work on.. mada mada dane

    Francois

    ReplyDelete
  2. I know they can't do much (yet), therefore I've posted the second link to a reasonable in-depth analysis. However, even with what they can do it's possible to poison ARP or DNS cache, which is all it takes sometimes to start a MITM attack.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.