[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FWD: linux-wlan-ng susceptible to a 'Etherleak' attack?

solomon@linux-wlan.com wrote:
> > Since I'm not too sure how to carry out the attack,
> > and I don't know if the vulnerability really exists or
> > is just a false positive within nessus, can anybody
> > else confirm this?
> linux-wlan-ng doesn't pad outgoing or incoming frames at all, as 802.11 
> has no minimum length requirements.  We transmit exactly what the linux 
> net layer gives us, and pass up exactly what comes off the air.  
> Granted, a conversion from 802.11->802.[23] happens, but that involves 
> header mangling and not padding.
> The nessus test seems to "fail" if the ICMP response payload is 
> something other than null bytes.
> I'm inclined to blame a false positive at the moment, but I'm willing to 
> stand corrected.  
> Now I do have one question -- what kind of AP was it?  Perhaps the AP is 
> not doing the right thing, and because of that, the station is 
> apparently failing.
>  - Solomon
> -- 
> Solomon Peachy                        solomon@linux-wlan.com
> AbsoluteValue Systems                 http://www.linux-wlan.com
> 715-D North Drive                     +1 (321) 259-0737  (office)
> Melbourne, FL 32934                   +1 (321) 259-0286  (fax)

FWIW, I tried this morning, and nessus does not report my laptop to be
vulnerable to etherleak. I'm using the wlan-ng prism2_pci driver on my
laptop, and ran nessus directly on my access point.

see shy jo

Attachment: pgpxHBo0afFSj.pgp
Description: PGP signature

Reply to: