Attack Preparation

When planning a wireless attack, you should consider several factors. As mentioned previously, there must be a defined goal. Whether this is a random victim detected through war driving or whether it is a defined target, you need to know who and what you are attacking, for it is in this stage that you will blueprint the procedures used to attack.

In addition, you must have the resources available to perform the attack. This can consist of hardware, programs, scripts, and/or user account information. In other words, before a cook starts preparing a meal, he needs to have a recipe and the ingredients handy.

Planning the attack can take minutes or months. If the network is a high security government site, it would be to the hacker's benefit to set up a test network and obtain copies of all the software applications running on the target to facilitate the testing of weaknesses and exploits. In the case of a home network target, a hacker will most likely already have the tools and programs needed to gain ownership of at least one computer. Auditors often take time to gather a massive amount of data while preparing an attack, but depending on their resources, one auditor could be researching methods on turning a DSL modem into a sniffer while another is preparing scripts and programs to brute-force an FTP server account.

In our scenario, we have already mapped out the internal network and can probably gain access to the main server. A hacker would use this knowledge to install a sniffer and backdoor program on the server, which would open a connection to the Internet. Although the existing firewall will stop a hacker from coming in over the Internet, it will not stop a hacker from connecting via the internal network to the outside. If a hacker can use the WLAN to install a Trojan on the server, she could send data out to a CGI Web site and never be detected.