ASLEAP Attack

WiFi Manager raises this alarm when it detects an ASLEAP attack.  This is most likely to be real attack if the MAC address spoofing alert has also been recently raised for the same Access point.

What is ASLEAP ?

When WEP became vulnerable, Cisco Systems introduced LEAP (Lightweight Extensible Authentication Protocol).  LEAP was written as a standard EAP type though it is not compliant with the 802.1x specification.  LEAP when compared to WEP was considered to be more secure, stable and easy to configure.

ASLEAP is an hacking tool written by Joshua Wright, a network engineer at Johnson & Wales University in Providence, Rhode Island, released as a proof-of-concept to demonstrate weakness in LEAP.  This tool uses off-line dictionary attack to break LEAP passwords.

How does the tool work ?

This tool works as follows -

1. It scans the 802.11 packets by putting the wireless interface in RFMON mode.
2. Hops channels to look for targets (WLAN networks that uses LEAP).
3. De-authenticate the users on LEAP networks, forcing them to re-authenticate by providing their user name and password.
4. Records the LEAP exchange information to a libcap file.
5. The information captured above is then analyzed offline and compared with values in dictionary to guess the password.

What should the wireless LAN administrator do ?

The best bet would be to stay away from LEAP and uses other alternatives like EAP-FAST, EAP-TLS, EAP-TTLS etc., which are more secured. If the devices in the WLAN are latest devices, then the administrator could check whether they support AES and can start using the same.