Re: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter

From: Ollie Whitehouse (ollie@atstake.com)
Date: Fri Nov 07 2003 - 12:55:08 EST


All,

Also just read the 1.2 specification, the planned 'anonymity mode' to protect
against this attack did not make it and was dropped. Word from the grape vine
is politics within the SIG (which neither @stake nor I are members of) are
running rife and it would of broken more than it fixed... So the attack which
RedFang performs *should* work against all 1.0 -> 1.2 devices...

Rgds

Ollie

----- Original Message -----
From: "David J. Jackson" <djackson@netdmz.com>
To: "Ollie Whitehouse" <ollie@atstake.com>; <pen-test@securityfocus.com>
Sent: Sunday, November 02, 2003 3:25 AM
Subject: RE: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter

Does anyone know how to add a Belkin USB Bluetooth adapter (F8T003) to the
list of known adapters with Red fang? Are there any other Bluetooth detection
programs out there yet besides this one and Bluesniff? Has anyone used Red
fang or Bluesniff at all?

Thanks!
David Jackson, GSEC

-----Original Message-----
From: Ollie Whitehouse [mailto:ollie@atstake.com]
Sent: Monday, October 20, 2003 8:53 AM
To: pen-test@securityfocus.com
Subject: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter

All,

Tool: Redfang - The Bluetooth Hunter
Version: 2.5 (15 oct 2003)
Platforms: Linux (tested on Redhat 9 / Mandrake 9.1)
Author: Ollie Whitehouse, Simon Halsall (of QinetiQ), Stephen Kapp

Redfang v2.5 is an enhanced version of the original application that finds
non-discoverable Bluetooth devices by brute-forcing the last six bytes of the
device's Bluetooth address and doing a read_remote_name(). This new version
has streamlined code, enumerates service information, and supports multiple
threads for substantial speed gains using multiple devices (maximum
theoretical limit of 127 USB devices). This release of Redfang was developed
in collaboration with QinetiQ as part of their work in the DTI Next Wave
Technologies project FORWARD. (For more information about the underlying
concepts of Bluetooth discovery, read our research report War Nibbling:
Bluetooth Insecurity.)

http://www.atstake.com/research/tools/info_gathering/

Rgds

Ollie

---
Ollie Whitehouse
Director of Security Architecture
@stake Inc / Atstake Ltd
http://www.atstake.com/
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT