Solutions Fast Track

Previous page
Table of content
Next page

  < Day Day Up > 


The Direct Approach

  • Many wireless networks can be accessed by an attacker with little or no modifications to their client software. This is because access points with default or “out-of-the-box” configurations allow anyone to connect to them.

  • Windows XP will “find” any wireless networks within range that are broadcasting the SSID. Connecting to these only requires that you accept the security warning letting you know there is no data encryption enabled on the access point.

  • Windows 2000 can be configured to use a default profile that will associate with any access point with a default configuration

  • Linux systems can be configured to associate with wireless networks that have default configurations by editing the /etc/pcmcia/wireless.opts file.

  • If the wireless network you are trying to access doesn’t have a DHCP server enabled, you need to manually set your IP address. If you aren’t able to determine the IP range in use on the wireless network, you can guess using some common IP ranges.

Defeating MAC Address Filtering

  • Networks that are configured to filter access by MAC address can be accessed by spoofing the MAC address of your wireless card. This can be done in Windows and LinuxX

  • Modifications can be made to the Registry in both Windows 2000 and Windows XP that allow you to change the MAC address of your wireless card.

  • There are programs such as BWMACHAK available that can change the MAC address of your wireless card.

  • The ifconfig command can be used on Linux systems to change the MAC address of the wireless card.

  • Programs such as SirMACsAlot are available to automate MAC address spoofing on Linux systems.

Finding Cloaked Access Points

  • Cloaked access points are access points that have been configured to not broadcast their SSID beacon.

  • Active scanners such as NetStumbler do not detect cloaked access points.

  • Passive scanners like Kismet and AirSnort can detect cloaked access points.

  • Once a cloaked access point is discovered by a passive scanner, the SSID can be discovered after enough traffic has been captured.

Man-in-the-Middle Attacks on Wireless Networks

  • Wireless networks are vulnerable to man-in-the-middle attacks. This is when a rogue, or unauthorized, access point is placed in proximity to a legitimate wireless network. Users will connect to the rogue access point.

  • Once users have connected to the rogue access point, the traffic that they send can be sniffed by an attacker.

  • Attackers can glean login information, passwords, and other important information from the traffic they sniff.

Attacking Encrypted Networks

  • The two primary types of encryption used on wireless networks are Wired Equivalent Protection (WEP) and WiFi Protected Access (WPA). Both WEP and WPA are vulnerable to attacks.

  • Linux users can passively sniff wireless traffic using AirSnort. When enough weak initialization vectors have been discovered by AirSnort, it can crack the WEP key.

  • Windows users can use WEPCrack to crack WEP keys of a target network.

  • Once the WEP key has been cracked, the attacker can configure his machine, regardless of the operating system he is using, to use the cracked key and associate with the network.

  • WPA is vulnerable to dictionary attacks if the pre-shared key is less than 20 characters.


  < Day Day Up > 


Previous page
Table of content
Next page
WarDriving(c) Drive, Detect, Defend(c) A Guide to Wireless Security
Special Edition Using Macromedia Studio 8
ISBN: N/A
EAN: 2147483647
Year: 2006
Pages: 125
Authors: Sean Nicholson
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Managing Enterprise Systems with the Windows Script Host
Programming Microsoft ASP.NET 3.5
File System Forensic Analysis
Sap Bw: a Step By Step Guide for Bw 2.0
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy