Hacking Techniques in Wireless Networks. Prabhaker Mateti. Department of Computer Science and Engineering Wright State University Dayton, Ohio 45435-0001. Documentation & errata The Wireless Tools package include extensive man pages for each of the tools, which are the most up to date and most detailed documentation on. Wireless networking news, projects, products, tools, scanners, public hotspots, and wireless router firmware replacements. Wireless Hacking and Security tutorials, Wireless Hacking and Security training, learn Wireless Hacking and Security, Wireless Hacking and Security video training. Hello, this is Juergen from Germany. This is a really great, scientific contribution on this subject. I want to try to test whether one or more of these tools are. Hacking Techniques in Wireless Networks. Prabhaker Mateti. Department of Computer Science and Engineering. Wright State University. Dayton,Ohio 4. 54. This article is. scheduled to appear in “The Handbook of Information Security”, Hossein Bidgoli. Editor- in- Chief), John Wiley & Sons, Inc., 2. Introduction. 2. 2. Wireless LAN Overview. Stations and Access Points. Channels. 4. 2. 3 WEP. Infrastructure and Ad Hoc Modes. Frames. 4. 2. 6 Authentication. Association. 6. 3. Wireless Network Sniffing. Passive Scanning. Detection of SSID. Collecting the MAC Addresses. Collecting the Frames for. Cracking WEP. 8. 3. Detection of the Sniffers. Wireless Spoofing. MAC Address Spoofing. IP spoofing. 1. 04. Frame Spoofing. 1. A wireless network is any type of computer network that uses wireless data connections for connecting network nodes. Wireless networking is a method by which homes. Wi-Fi is relatively easy to configure, but optimizing, securing, and diagnosing problems with a wireless network can be a challenge. Here are five free tools that can. SecTools.Org: Top 125 Network Security Tools. For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. Website dedicated to Wireless LAN Security and Wardriving. Includes lots of whitepapers, presentations, tools, firmware, drivers, equipment, and resources. The latest Mobile and Wireless white papers, delivered to your inbox. Wireless Network Probing. Detection of SSID. Detection of APs and stations. Detection of Probing. AP Weaknesses. 1. Configuration. 1. Defeating MAC Filtering. Rogue AP. 1. 36. 4 Trojan AP. Equipment Flaws. 1. Denial of Service. Jamming the Air Waves. Flooding with Associations. Forged Dissociation. Forged Deauthentication. Power Saving. 1. 58. Man- in- the- Middle Attacks. Wireless MITM.. 1. ARP Poisoning. 1. Session Hijacking. War Driving. 1. 79. War chalking. 1. 79. Typical Equipment. Wireless Security Best Practices. Location of the APs. Proper Configuration. Secure Protocols. Wireless IDS. 2. 01. Wireless Auditing. Newer Standards and Protocols. Software Tools. 2. Conclusion. 2. 2GLOSSARY. Cross. References. References. 2. 4Further. Reading. 2. 5IEEE 8. WEP, forged. Deauthentication, rogue/ Trojan access points, session hijacking, war driving. This article describes IEEE 8. We describe sniffing, spoofing and probing in the context of wireless. We describe how SSIDs can be. WEP can be cracked. We show how easy it. We also explain three man- in- the- middle attacks using wireless. We give a list of selected open- source. We summarize the activity known. We conclude the article. Wireless networks broadcast their packets using radio. A modern laptop computer can listen. Worse, an attacker can manufacture new packets on the fly and persuade. We use the term hacking as described below. A person who enjoys exploring the details. One. who programs enthusiastically (even obsessively) or who enjoys programming. A person capable. A person who is good at programming. An expert at a particular program, or one who. Unix hacker'. (Definitions 1. An. expert or enthusiast of any kind. One might be an astronomy hacker, for. One who enjoys the intellectual challenge of creatively. A. malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker. From The Jargon. Dictionaryhttp: //info. This article describes IEEE 8. It is not an overview of security features proposed in WPA or IEEE. We do not consider legal. The article’s focus is in. IEEE 8. 02. 1. 1. In this section, we give a brief overview of wireless LAN. WLAN) while emphasizing the features that help an attacker. We assume. TCP/IP suite (see, e. Mateti 2. 00. 3]). IEEE 8. 02. 1. 1 refers to a family of specifications (www. IEEE for over- the- air interface between a wireless client and an AP or. To be called 8. 02. Medium Access Control (MAC) and Physical Layer specifications. The. IEEE 8. 02. 1. Physical (Layer 1) and Data Link (Layer 2). OSI Model. In this. MAC layer and not the variations of. A wireless network interface card (adapter) is a device. An access. point (AP) is a station that provides frame distribution service to stations. The AP itself is typically connected by wire to. LAN. The station and AP each contain a network interface. Media Access Control (MAC) address, just as wired network cards do. This address is a world- wide- unique 4. The 4. 8- bit address is often represented as a string of six. D: 1. 7: B9: E8) or hyphens(e. D- 1. 7- B9- E8). While the MAC address as. Each AP has a 0 to 3. Service Set Identifier. SSID) that is also commonly called a network name. The SSID is used to. If two wireless networks are physically close. SSIDs label the respective networks, and allow the components of one. SSIDs can also be mapped to virtual LANs. APs support multiple SSIDs. Unlike. SSIDs are not. registered, and it is possible that two unrelated networks use the same. SSID. The stations. GHz and 2. 5. GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring. Wired Equivalent. Privacy (WEP) is a shared- secret key encryption system used to. AP. The WEP. algorithm is intended to protect wireless communication from eavesdropping. A. secondary function of WEP is to prevent unauthorized access to a wireless. WEP encrypts the payload of data packets. Management and. WEP uses the RC4 encryption algorithm. The shared- secret key is either 4. The key is. chosen by the system administrator. This key must be shared among. AP using mechanisms that are not specified in the IEEE. In the ad hoc mode. No AP is involved. All stations. Beacon and Probe frames. The ad hoc mode stations form an Independent. Basic Service Set (IBSS). A station. in the infrastructure mode communicates only with an AP. Basic Service. Set (BSS) is a set of stations that are logically associated with each other. AP. Together they operate as a fully connected. The BSSID is a 4. MAC address. This field uniquely identifies each. BSS. The value of this field is the MAC address of the AP. Both the station and AP radiate and gather 8. The format of frames is illustrated below. Most of the frames. IP packets. The other frames are for the management and control. Figure 1 An IEEE 8. Frame. There are three classes of frames. The management. These are of Association. Association response, Reassociation request, Reassociation response. Probe request, Probe response, Beacon, Announcement traffic indication message. Disassociation, Authentication, Deauthentication types. The SSID is part. Management messages are always sent in the. WEP or WPA) is used, so the SSID is visible. The control frames help in the delivery of data. The data frames encapsulate the OSI Network Layer. These contain the source and. MAC address, the BSSID, and the TCP/IP datagram. The payload part of the datagram is. WEP- encrypted. Authentication is the process of proving identity of a. AP. In the open system authentication, all stations. A station A sends an. Authentication management frame that contains the identity of A, to station. B. Station B replies with a frame that indicates recognition, addressed. A. In the closed network architecture, the stations must know the. SSID of the AP in order to connect to the AP. The shared key. Figure 2: States and Services. Data can be exchanged between the station and AP only after a. AP in the infrastructure mode or with another station. All the APs transmit Beacon frames a few times each. SSID, time, capabilities, supported rates, and other information. Stations can chose to associate with an AP based on the signal strength. AP. Stations can have a null SSID that is considered. SSIDs. The association is a two- step process. A station that is. Beacon frames. The station. BSS to join. The station and the AP mutually authenticate themselves. Authentication management frames. The client is now. In the. second step, the station sends an Association Request frame, to which the AP. Association Response frame that includes an Association ID to. The station is now authenticated and associated. A station can be authenticated with several APs at the same. AP at any time. Association implies. There is no state where a station is associated but not. Sniffing is eavesdropping on the network. A (packet) sniffer is a program that. Sniffing is the act by a machine S of making. A intended to be received by machine. B. Such sniffing, strictly speaking, is not a TCP/IP problem, but it is. Ethernet and 8. 02. Sniffing has long been a reconnaissance technique used in. Attackers sniff the frames necessary to enable the exploits. Sniffing is the underlying technique used in. Sniffing can also help find the easy kill as in scanning for open access. WEP, or in telnet, rlogin and ftp. It is easier to sniff wireless networks than wired ones. It. is easy to sniff the wireless traffic of a building by setting shop in a car. In a. wired network, the attacker must find a way to install a sniffer on one or more. Depending on the equipment used in a. LAN, a sniffer needs to be run either on the victim machine whose traffic is of. An. attacker at large on the Internet has other techniques that make it possible to. Scanning is the act of sniffing by tuning to various radio. A passive network scanner instructs the. This does not. reveal the presence of the scanner. An attacker can passively scan without transmitting at. Several modes of a station permit this. There is a mode called RF. This is. analogous to placing a wired Ethernet card in promiscuous mode. This mode is. not enabled by default. Some wireless cards on the market today have. One can buy wireless cards. A station in monitor mode can capture. AP or ad- hoc network. The so- called promiscuous. In. this mode, packets cannot be read until authentication and association are. An example sniffer is Kismet (http: //www. An example wireless card that permits RF monitor modes is Cisco Aironet AIR- PCM3. The attacker can discover the SSID of a network usually by. SSID occurs in the following frame types: Beacon. Probe Requests, Probe Responses, Association Requests, and Reassociation. Requests. Recall that management frames are always in the clear, even when WEP. On a number of APs, it is possible to configure so that the. SSID transmitted in the Beacon frames is masked, or even turn off Beacons. The SSID shown in the Beacon frames is set to null in the. WLAN invisible unless a client already knows the correct. SSID. In such a case, a station wishing to join a WLAN begins the. Probe Requests since it could not detect any APs. Beacons that match its SSID. If the Beacons are not turned off, and the SSID in them is. SSID included in the Beacon frame by.
0 Comments
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2016
Categories |