Attacking Wi-Fi Nets With Traffic Injection

Name- Vijay Kumar Section- OE163 Roll No.- A53

Reg. No-10906654 School of Electronics And Communication Engineering Lovely Professional University Email: kumarvijay958@gmail.com

Abstract-In networks, nodes need to cooperatively

forward packets for each other. Without necessary countermeasures, such networks are extremely vulnerable to injecting traffic attacks, especially those launched by insider attackers. Injecting an overwhelming amount of traffic into the network can easily cause network congestion and decrease the network lifetime. In this paper, we focus on those injecting traffic attacks launched by insider attackers. After investigating the possible types of injecting traffic attacks, we have proposed two sets of defence mechanisms to combat such attacks. The first set of defence mechanisms is fully distributed, while the second is centralized with decentralized implementation. The detection performance of the proposed mechanisms has also been formally analyzed. Both theoretical analysis and experimental studies have demonstrated that under the proposed defence mechanisms, there is almost no gain to launch injecting traffic attacks from the attacker's point of view.

II. TRAFFIC INJECTION

Traffic injection also know as Wi-Fi Injection used to hack wi-fi system to access information on pc or attack the PC with virus, or can access the internet from your wifi system

I.

INTRODUCTION

III.TRAFFIC INJECTION HAS CHANGED THINGS

1) Increase Dos capabilities 2) Dramatically decreased WEP cracking achievement time 3) Allows station traffic attacking 4) Allows station attacking

Wi-Fi, or Wireless Fidelity, is a term that is used generically to refer to any product or service using any type of 802.11 technology. Wi-Fi networks operate in the unlicensed 2.4 and 5 GHz radio bands, with an 11 Mbps (802.11b) or 54 Mbps (802.11a) data rate, respectively.WiFi enabled devices (laptops or PDAs) can send and receive data wirelessly from any location equipped with Wi-Fi access. How? Access points, installed within a Wi-Fi location, transmit an RF signal to Wi-Fi enabled devices that are within range of the access point, which is about 300 feet. The speed of the transmission is governed by the speed of the pipeline fed into the access point. T-Mobile Hotspot service is unique in that every T-Mobile Hotspot service location is equipped with a full T-1 connection running to the access points.

IV.

WI-FI INJECTION BASICS

1) Load driver and activate adapter 2) Put adapter into monitor mode (real 802.11 mode) 3) Set appropriate channel 4) Open RAW socket on interface 5) Use your socket

V. ATTACKING WI-FI NETWORKS

1) Managing management traffic 2) Rogue APs 3) WEP cracking 4) Bypassing captive portals

data confidentiality comparable to that of a traditional wired network. WEP is RC4 based, which is XOR based

1) Clear text attacks (e.g. authentication challenge) 2) PRGA/IV couple table construction 3) Fluhrer, Mantin and Shamir attack based on first
bytes of key being weak (weak IVs)

5) Attacking stations

VI. MANAGING MANAGEMENT TRAFFIC

Suppose to control DSS state, 1) Management traffic is a regulation traffic that is completely unprotected. 2) Management traffic is extremely prone to spoofing. A) Tampering management traffic: - Alter DSS current state by tampering management traffic

4) Korek optimization of FMS attack based on

solved cases VIII. WEP CRACKING TOOL The current tools are Perl based, and are composed of the following scripts:

1) Reject association requests 2) Inject disassociation frame 3) Inject fake associations 4) Wake up devices in sleep mode 5) Etc.
Rogue APs: - A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. For AP mode, we need to inject 1) Beacon frames

1) WeakIVGen.pl:- This script allows a simple

emulation of IV/encrypted output that one might observe with a WEP enable 802.11 Access Point. The script generates IV combinations that can weaken the secret key used to encrypt the WEP traffic

2) Prism-getIV.pl:- This script relies on output from

Prism dump [or from Ethereal captures if libpcap has been patched for 802.11 monitor mode], and looks for IVs that match the pattern known to weakened secret keys. This script also captures the 1st byte of the encrypted output and places it and the weak IVs in a log file. 3) WEP Crack.pl:- This script uses data collected or generated by WeakIVGen to attempt to determine the secret key. It will work with either 40bit or 128bit WEP. Bypassing captive portals: - A captive portal is a Web page that the user of a public-access network is obliged to view and interact with before access is granted.

1) Associations requests answers 2) Management traffic 3) Data frames acking

IX. COMMERCIAL PUBLIC INTERNET ACCESS.

1) Captive portal based system 2) Authentication to billing system through Web portal 3) Authorization for Internet access 5) Authorization tracking

VII. WEP CRACKING

Wired Equivalent Privacy is a security algorithm for IEEE 802.11 wireless networks its intention was to provide

MAC based authorization tracking: - Authorized clients are identified by their MAC address 1) MAC address is easy to spoof 2) No MAC layer conflict on Wi-Fi network 3) Just need a different IP Recipe: spoof an authorized MAC address, get an IP and surf X. IP BASED AUTHORIZATION TRACKINGAuthorized clients are identified by their IP address

Manufacturers provides so calledsolutions, mainly station to station communication prevention systems (e.g. C***o PSPF)

XII. COMMUNICATION INJECTION

Send traffic directly to station without AP authorization 1) Allows PSPF bypass 2) Allows communicating while AP out of reach 3) Allows communication while AP refuses association

XIV. HOW WI-FI TAP WORKS

1) IP address are just a little more tricky to spoof 2) ARP cache poisoning helps redirecting traffic 3) Traffic redirection allows IP spoofing Recipe: ARP poison gateway for authorized IP, spoof and surf Sending traffic receiving traffic 1) Read Ethernet from tuntap 1) Sniff 802.11 frame 2) Add 802.11 header 2) Remove wep layer if needed 3) Add BSSID, from DS 3) Remove 802.11 header 4) Inject frame over WI-FI 4) Send Ethernet from tuntap

XI. MAC +IP BASED AUTHORIZATION TRACKING: The smart way of tracking people 1) Previous technique wont help because of MAC address checking 2) Hint: IP layer does not care about MAC layer 3) ARP cache poisoning and IP spoofing 4) Send traffic with spoofed MAC address Recipe: Same as before, plus MAC spoofing, then surf

XV. WEP
WEP has been extensively studied by many people from across the world, attacks have been implemented, some of which have been available to the public and open- sourced. All that can be done is make the tools even easier to use than they are now. Optimizations of the attacks are not really necessary as a network can be compromised in just a few minutes.

CONCLUSION
Wi-Fi environnement are highly insecure and tough to secure .so, we just cant cope with amateur style protection. We should not use WEP anymore and avoid using open network for public access. Old Wi-Fi products, still occupying a large share of the network installations, are not by any means secure. Even equipment that can be configured to be secure, are left unsecured, many times due to the increased complexity of access point setups. The attention vulnerable Wi-Fi networks receive from hackers is tremendous, vulnerabilities are not only discovered, but they are refined by others and implemented and combined by a whole on-line community. A compromised network is a great utility for several parties. Neighbours get free broadband access to the Internet, malicious hackers retain strong anonymity, and mobile users get free Internet almost anywhere. Malicious hackers can monitor the users of a network, giving the hackers many opportunities to cause havoc. The risk of getting a visit from someone with bad intentions is currently fairly low, but as it is rather easy to obtain enough knowledge and equipment to compromise a Wi-Fi network, the risks will only rise. The fact that more and more networks become secure, means that the remaining insecure network, will be hunted down.

XI. CONFIGURATION BASED TRICKS: Some gateways are misconfigured 1) HTTP proxy left open on gateway 2) ESTABLISHED, RELATED -j ACCEPT prevents connections drop when authorization expires on Linux based systems 3) Administration network on the same VLAN, accessiblethrough Wi-Fi etc.

XII. ATTACKING STATIONS: Associated stations are almost naked 1) LAN attacks (ARP, DHCP, DNS, etc.) 2) Traffic interception tampering 3) Direct station attack

ACKNOWKEDGEMENT

I am really thankful to my teacher who gave me this topic to learn about cyber crime and computer forensic. This topic gives me a lot of knowledge about Attacking Wi-Fi nets with traffic injection. What are the functions of it and what are the advantages and disadvantages of this network I have learnt. At last since this topic is very helpful in computer and cyber

crime field so due to assign of this topic to me I have gained much knowledge from this topic.

REFERENCES
[1] http://www.rstack.org/ [2] http://www.miscmag.com/ [3] http://www.frenchhoneynet.org/ 4] http://asleap.sf.net/