Hacking Techniques in Wireless Networks - Download as PDF File .pdf), Text File .txt) or read online. This article elaborates these risks, describes techniques that attackers have used , and suggest defensive techniques. 2 Wireless LAN Overview. In this section. Hacking Techniques in Wireless Networks We also explain three man-in-the- middle attacks using wireless networks. of SSID Hiding”, Retrieved on March 10, terney.info pdf.
|Language:||English, Spanish, Indonesian|
|Distribution:||Free* [*Registration Required]|
Download full-text PDF Hacking Attacks, Methods, Techniques And Their get associated with the Internet, wireless devices and networks. can motivate the development of a variety of hacking techniques. WEP encryption is useless for protecting your wireless network. WEP is. using the same tools and techniques the bad guys use, but it also involves based wireless networks — and ethically hacking them to make them more.
This ethical hacking course is intended to help you regardless of your current knowledge and skills. All you need is a basic computer knowledge and our Training Operating System v2.
We will show you how to prepare your training environment. In this environment you can experiment freely, without doing harm to anybody. You will find all the source codes and examples inside your Training OS to avoid unnecessary code retyping. Most of the modules lessons contain the attack related part, as well as a guidance to protect your own wireless network.
What you will find inside can also be used by beginners — thanks to live Video Training attached to the course. The complete list of all the video training sessions included in this course: Download your Training Operating System v2.
An overview MAC address filtering RF jamming What the newbies do not realize is that they are actually talking with a hacker in disguise. So, they willingly hand over everything from credit cards to user names and passwords.
See Figure 1 for an example of how a fake request might appear. As you can see, to a beginner it appears that an AOL Administrator is on the other side of this conversation.
However, if you look closely, you will see a blank like after Hckr-name:. Although the original name does appear, it would not be difficult for a hacker to set up an account using a date or company name to disguise the fact the account was simply another username.
Social spying is the process of "using observation to acquire information. For example, if one of the IT staff received a call from a hacker pretending to be a distressed CEO, he would probably recognize the voice as not belonging to the real CEO.
In this case, social spying becomes more important. To illustrate one of the nontechnical ways social spying can be used, consider how many people handle ATM cards. You will probably note most people do not care. Most will whip out their card and punch the numbers without a care for who could be watching. If the wrong person memorized the PIN, he would have all the information needed to access the funds in the account, provided he could first get his hands on the ATM card.
Thus, a purse-snatcher would not only get the money just withdrawn from an ATM, but could easily go back and withdraw the entire day's limit. Similarly, hackers socially spy on users as they enter passwords. A "flower delivery" at 8: Although she appears to be looking for the recipient of the flowers, she could be watching for people entering passwords or other sensitive information.
In addition to snooping on people as they actively type their user information, most offices have at least several people who are guilty of posting their password on or near their computer monitor. This type of blatant disregard for security is every network administrator's worst nightmare.
Regardless of repeated memos, personal visits, and warnings, some people seem to always find an excuse to post their network password right in plain view. Even if some people are at least security-conscious enough to hide their Post-it notes in a discreet place, it still only takes a few seconds to lift up a keyboard or pull open a desk drawer.
If you do not believe this, take a quick walk around and see just how many potential security violations are in your office area. You might be very surprised to see just what type of information is there for the taking! Have you ever thrown away a credit card statement without shredding it? If so, you are a potential target. Although you might consider your trash to be sacred territory that no one enters because it is dirty, your trash, and the trash of your company, is often a gold mine.
Fishing through garbage to find passwords, also known as dumpster diving, can provide a hacker with the crucial information needed to take over your network. Let's consider a scenario. If you are a network administrator and you receive an anonymous tip that people are posting passwords all around the office, what would you do? Most administrators would immediately investigate and send out a memo to everyone in the company stating that this activity is not allowed, and that violations will be dealt with harshly.
Although this might get everyone to temporarily take down their Post-it passwords, the problem has only been exacerbated, for all those passwords are now headed right to the anonymous caller who is waiting at the dumpster. In addition to passwords, hackers can find memos, sensitive reports, diskettes, old hard drives, and more in the trash. Imagine the value an old cash register hard drive could have to a hacker looking for a way to gain access to a company's credit card database.
In many cases, a hard drive can simply be installed on another computer and searched using inexpensive or free forensics tools. It sniffs the data passing through the network off the wire and determines where the data is going, where it's coming from, and what it is.
In addition to these basic functions, sniffers might have extra features that enable them to filter a certain type of data, capture passwords, and more. Some sniffers for example, the FBI's controversial mass-monitoring tool Carnivore can even rebuild files sent across a network, such as an email or Web page.
A sniffer is one of the most important information gathering tools in a hacker's arsenal. The sniffer gives the hacker a complete picture network topology, IP addresses of the data sent and received by the computer or network it is monitoring. This data includes, but is not limited to, all email messages, passwords, user names, and documents. The station considers all Probe www. Normal associationthenbegins.
Theattackercanalsochosetoactivelyprobebyinjectingframes thatheconstructs,andthensniffstheresponseasdescribedinalatersection. Thesource anddestinationMACaddressesarealwaysintheclearinalltheframes. Therearetworeasonswhyan attackerwouldcollectMACaddressesofstationsandAPsparticipatinginawirelessnetwork. Often, the shared key can be discovered by guesswork based on a certain amount of social engineering regarding the administrator whoconfiguresthewirelessLANandallitsusers.
SomeclientsoftwarestorestheWEPkeysinthe operating system registry or initialization scripts. In the following, we assume that the attacker was unsuccessfulinobtainingthekeyinthismanner.
Forthispurpose,alargenumber millions offramesneedtobecollectedbecause ofthewayWEPworks. ThewirelessdevicegeneratesontheflyanInitializationVector IV of24bits. Addingthesebitstothe sharedsecretkeyofeither40orbits,weoftenspeakof64,orbitencryption.
WEPgenerates apseudorandomkeystreamfromthesharedsecretkeyandtheIV. Itisthenexclusive ORedwiththepseudorandomkeystreamtoproducetheciphertext. TheIVisappendedintheclear to the cipher text and transmitted. The receiver extracts the IV, uses the secret key to regenerate the randomkeystream,andexclusiveORsthereceivedciphertexttoyieldtheoriginalplaintext. CertaincardsaresosimplisticthattheystarttheirIVas0andincrementitby1foreachframe,resetting inbetweenforsomeevents.
EventhebettercardsgenerateweakIVsfromwhichthefirstfewbytesof the shared key can be computed after statistical analyses. Some implementations generate fewer mathematicallyweakvectorsthanothersdo. Themathematicsbehindthesystematiccomputationofthesecretsharedkeyfromacollectionofcipher textextractedfromtheseframesisdescribedelsewhereinthisvolume.
Whatisneededhoweverisa collection of frames that were encrypted using mathematicallyweak IVs.
The number of encrypted framesthatweremathematicallyweakisasmallpercentageofallframes. Inacollectionofamillion frames,theremayonlybeahundredmathematicallyweakframes. Itisconceivablethatthecollection maytakeafewhourstoseveraldaysdependingonhowbusytheWLANis.
Givenasufficientnumberofmathematicallyweakframes,thesystematiccomputationthatexposesthe bytes of the secret key is intensive. However, an attacker can employ powerful computers. On an averagePC,thismaytakeafewsecondstohours. Thestorageofthelargenumbersofframesisinthe severalhundredmegabytestoafewgigabytesrange. Once the attacker begins probing i. WirelessSpoofing Therearewellknownattacktechniquesknownasspoofinginbothwiredandwirelessnetworks.
The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate lookingbutnonexistentvalues,orwithvaluesthatbelongtoothers.
Theattackerwouldhavecollected theselegitimatevaluesthroughsniffing. Buttheprobingactivityinjectsframesthatareobservable bysystemadministrators. TheattackerfillstheSenderMACAddressfieldoftheinjectedframeswitha spoofedvaluesothathisequipmentisnotidentified.
Eitherthe attacker has to compromise a computer system that has a station, or he spoofs with legitimate MAC addressesinframesthathemanufactures. MACaddressesareassignedatthetimeofmanufacture,but setting the MAC address of a wireless card or AP to an arbitrary chosen value is a simple matter of invokinganappropriatesoftwaretoolthatengagesinadialogwiththeuserandacceptsvalues.
Such tools are routinely included when a station or AP is downloadd. The attacker, however, changes the MACaddressprogrammatically,sendsseveralframeswiththataddress,andrepeatsthiswithanother MACaddress.
However,incertainattacks,theattackerneedstohavealargenumberofMACaddresses thanhecouldcollectbysniffing. However,noteveryrandom sequence of six bytes is a MAC address.
The IEEE assigns globally the first three bytes, and the manufacturerchoosesthelastthreebytes. It assumesthatthepacketitreceivedindeedwassentbythehostofficiallyassignedthatsourceaddress. Because the IP layer of the OS normally adds these IP addresses to a data packet, a spoofer must circumventtheIPlayerandtalkdirectlytotherawnetworkdevice. Notethattheattackersmachine cannotsimplybeassignedtheIPaddressofanotherhostXusing i f c o n f i g orasimilarconfiguration tool.
IP spoofing is an integral part of many attacks. For example, an attacker can silence a host A from sendingfurtherpacketstoBbysendingaspoofedpacketannouncingawindowsizeofzerotoAas www.
Sowhenaframehasaspoofedsource address, it cannot be detected unless the address is wholly bogus. If the frame to be spoofed is a managementorcontrolframe,thereisnoencryptiontodealwith. Ifitisadataframe,perhapsaspartof anongoingMITMattack,thedatapayloadmustbeproperlyencrypted.