WLCCP - Analysis of a Potentially Flawed Protocol

ShmooCon VI - 2010

Presented by: Will Gragido, John Pirc
Date: Saturday February 06, 2010
Time: 11:00 - 12:00
Location: Back Room
Track: Build It!

<p>The world of "Enterprise WLAN solutions" is full of obscure and "non-standard" elements and technologies. One prominent example is Cisco's Structured Wireless-Aware Network (SWAN) architecture, composed of autonomous access points combined with some components for centralized management, and still deployed in a number of corporate networks. The proprietary "Wireless LAN Context Control Protocol" (WLCCP) plays a major role here. Unfortunately it seems the design of the protocol might be debatable in several aspects, leading to some theoretical and, well, practical vulnerabilities.In this talk we will describe the inner workings of this piece, dissect the vulnerable parts and have some discussion on good or bad protocol design. As usual, some demos will add spice and some code will be released.</p>

Links

Oliver Roeschke

<p>Oliver is a long time network geek who loves to explore protocols and to break flawed ones.</p>

Enno Rey

<p>Enno is a long time network geek who loves to explore protocols and to break flawed ones.</p>


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats