Beruflich Dokumente
Kultur Dokumente
I.
INTRODUCTION
Wi-Fi, or Wireless Fidelity, is a term that is used generically to refer to any product or service using any type of 802.11 technology. Wi-Fi networks operate in the unlicensed 2.4 and 5 GHz radio bands, with an 11 Mbps (802.11b) or 54 Mbps (802.11a) data rate, respectively.WiFi enabled devices (laptops or PDAs) can send and receive data wirelessly from any location equipped with Wi-Fi access. How? Access points, installed within a Wi-Fi location, transmit an RF signal to Wi-Fi enabled devices that are within range of the access point, which is about 300 feet. The speed of the transmission is governed by the speed of the pipeline fed into the access point. T-Mobile Hotspot service is unique in that every T-Mobile Hotspot service location is equipped with a full T-1 connection running to the access points.
IV.
1) Load driver and activate adapter 2) Put adapter into monitor mode (real 802.11 mode) 3) Set appropriate channel 4) Open RAW socket on interface 5) Use your socket
data confidentiality comparable to that of a traditional wired network. WEP is RC4 based, which is XOR based
1) Clear text attacks (e.g. authentication challenge) 2) PRGA/IV couple table construction 3) Fluhrer, Mantin and Shamir attack based on first
bytes of key being weak (weak IVs)
5) Attacking stations
1) Reject association requests 2) Inject disassociation frame 3) Inject fake associations 4) Wake up devices in sleep mode 5) Etc.
Rogue APs: - A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. For AP mode, we need to inject 1) Beacon frames
MAC based authorization tracking: - Authorized clients are identified by their MAC address 1) MAC address is easy to spoof 2) No MAC layer conflict on Wi-Fi network 3) Just need a different IP Recipe: spoof an authorized MAC address, get an IP and surf X. IP BASED AUTHORIZATION TRACKINGAuthorized clients are identified by their IP address
Manufacturers provides so calledsolutions, mainly station to station communication prevention systems (e.g. C***o PSPF)
XI. MAC +IP BASED AUTHORIZATION TRACKING: The smart way of tracking people 1) Previous technique wont help because of MAC address checking 2) Hint: IP layer does not care about MAC layer 3) ARP cache poisoning and IP spoofing 4) Send traffic with spoofed MAC address Recipe: Same as before, plus MAC spoofing, then surf
XV. WEP
WEP has been extensively studied by many people from across the world, attacks have been implemented, some of which have been available to the public and open- sourced. All that can be done is make the tools even easier to use than they are now. Optimizations of the attacks are not really necessary as a network can be compromised in just a few minutes.
CONCLUSION
Wi-Fi environnement are highly insecure and tough to secure .so, we just cant cope with amateur style protection. We should not use WEP anymore and avoid using open network for public access. Old Wi-Fi products, still occupying a large share of the network installations, are not by any means secure. Even equipment that can be configured to be secure, are left unsecured, many times due to the increased complexity of access point setups. The attention vulnerable Wi-Fi networks receive from hackers is tremendous, vulnerabilities are not only discovered, but they are refined by others and implemented and combined by a whole on-line community. A compromised network is a great utility for several parties. Neighbours get free broadband access to the Internet, malicious hackers retain strong anonymity, and mobile users get free Internet almost anywhere. Malicious hackers can monitor the users of a network, giving the hackers many opportunities to cause havoc. The risk of getting a visit from someone with bad intentions is currently fairly low, but as it is rather easy to obtain enough knowledge and equipment to compromise a Wi-Fi network, the risks will only rise. The fact that more and more networks become secure, means that the remaining insecure network, will be hunted down.
XI. CONFIGURATION BASED TRICKS: Some gateways are misconfigured 1) HTTP proxy left open on gateway 2) ESTABLISHED, RELATED -j ACCEPT prevents connections drop when authorization expires on Linux based systems 3) Administration network on the same VLAN, accessiblethrough Wi-Fi etc.
XII. ATTACKING STATIONS: Associated stations are almost naked 1) LAN attacks (ARP, DHCP, DNS, etc.) 2) Traffic interception tampering 3) Direct station attack
ACKNOWKEDGEMENT
I am really thankful to my teacher who gave me this topic to learn about cyber crime and computer forensic. This topic gives me a lot of knowledge about Attacking Wi-Fi nets with traffic injection. What are the functions of it and what are the advantages and disadvantages of this network I have learnt. At last since this topic is very helpful in computer and cyber
crime field so due to assign of this topic to me I have gained much knowledge from this topic.
REFERENCES
[1] http://www.rstack.org/ [2] http://www.miscmag.com/ [3] http://www.frenchhoneynet.org/ 4] http://asleap.sf.net/