December 11, 2016

DecaffeinatID: A Very Simple IDS / Log Watching Application / ARPWatch For Windows

Adrian Crenshaw from Irongeek.com developed a utility to monitor Address Resolution Protocol (ARP) in Windows OS to detect ARP related attacks.

According to the project website, DecaffeinatID is a simple application that acts as an Intrusion Detection System to notify the user whenever other users at their local Wi-Fi hotspot/ LAN are up to the kind of “reindeer games” that often happen at coffee shops and public places.

DecaffeinatID watches the Windows logs for three types of activities such as:

  • New or changed ARP table entries
  • New events in security log
  • New events in the firewall log

DecaffeinatID is Microsoft Windows XP SP2 and Vista compatible.

Visit the project page here.

Download DecaffeinatID from: http://irongeek.com/downloads/decaffeinatid0.09.zip

WPA2 Vulnerability: Hole 196

AirTight Networks discovered vulnerability in WPA2 protocol. WPA2 protocol uses two keys, the PTK (Pairwise Transient Key), which is unique for every Wi-Fi client and used for unicast traffic, and the GTK (Group Temporal Key) used for broadcasts. The fake and injected data and spoofed MAC addresses can be detected with the PTK, the GTK does not offer this functionality. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document.

With reference to AirTight Network website, this vulnerability could be used by an intruder to bypass WPA2 private key encryption and authentication to sniff and decrypt data.

This vulnerability will be demonstrating at the Black Hat Arsenal and at DEFCON18 in a presentation entitled “WPA Too?!” in Las Vegas on July 29th and July 31, 2010 respectively.

This vulnerability is due to a weakness in the standard and it cannot be fixed by an update patch.