Clean up is the stage in which a hacker goes back over his actions and cleans up any files or logs that were created as a result of the attack. This is the most important part of any hack attack. If a hacker can clean up 100%, the owner of the network will not know the hacker was ever there, and thus will not be expecting the hacker at a later date. In addition, by deleting the logs, a hacker deletes all evidence of his crime. In the case of hacking through a WLAN, there will be some log files left behind on the access point that could provide hints as to the identity of the hacker. MAC addresses and more can be logged depending on the configuration settings, which means a hacker either has to own the access point and delete the logs, or else disguise her activity within valid activity from other WLAN clients . This can be done by controlling valid user sessions or by spoofing an IP address. In addition, once a hacker starts probing the wired network beyond the WLAN, she must account for IDSs and more pitfalls. Other possible logging points could be a firewall, VPN device or application, a RADIUS server, or a wireless sniffer set up by the owner of the WLAN just to monitor wireless activity. This is why hacking can be a dangerous activity. You never know what traps you are falling into. |