Wireless Hacking - PowerPoint PPT Presentation

About This Presentation
Title:

Wireless Hacking

Description:

Wireless Hacking. Wireless LANs and footprinting. Wireless LANs. see basic concepts ... you need a card that works with the tools ... – PowerPoint PPT presentation

Number of Views:908
Avg rating:3.0/5.0
Slides: 8
Provided by: albe5
Learn more at: http://home.ubalt.edu
Category:

less

Transcript and Presenter's Notes

Title: Wireless Hacking


1
Wireless Hacking
2
Wireless LANs and footprinting
  • Wireless LANs
  • see basic concepts
  • Linux versus Windows footprinting
  • you need a card that works with the tools
  • the tools need to make the card work in
    promiscuous mode (sniffing)
  • many cards and few chipsets

3
Building a war-drive kit
  • Footprinting locating APs
  • passive listening to AP broadcasts
  • active transmitting client beacons in search of
    AP responses
  • Equipment
  • cards (802.11.b, 11.g) -- choose the software
    first
  • Antennas (e.g. HyperLink Tech)
  • GPS
  • Software (Windows)
  • NetStumbler (set SSID to ANY) active mode.
    Counter-measure set AP not to reply to probes.

4
More in footprinting software
  • Windows
  • StumbVerter download. Uses MapPoint to plot data
    from NetStumbler
  • Linux
  • Kismet both war-drive and sniffer. Uses passive
    mode (counter-measures difficult).
  • GPSMap comes with Kismet and plots AP locations
    in maps, using ImageMagick, but is command-line
    intensive.
  • Dstumbler (requires kernel patch), better in BSD.

5
Wireless Scanning and Enumeration
  • Packet-Capture and Analysis
  • Review of sniffing FAQ, tools, concept.
  • Linux support not covered (too technical)
  • Ethereal is a good tool in Linux, we used in
    Hacking Linux.
  • Windows OmniPeek
  • requires custom driver, commercial but can
    download demo
  • channel scanning, decryption of WEP (needs key)
  • provides a Peer Map view of hosts found
  • What you are looking for
  • SSID -- APs respond to a client ANY SSID with
    their SSID, and you are in if no username and
    password required.
  • MAC access control - OmniPeek maps MAC addresses
  • WEP - war-drive tools indicate if used (e.g.
    NetStumbler).

6
Gaining access in 802.11
  • SSID
  • easy to setup from the ward-drive information
  • just create a profile
  • MAC Access Control
  • use the sniff information to identify valid MAC
    addresses.
  • spoof the MAC address of your wireless card (Read
    this article for counter-measures).
  • WEP (Wired Equivalent Privacy)
  • protects data from eavesdropping, not
    authentication
  • uses key between AP and card transmissions
  • brute-force, key and packet cracking off-line
    (e.g. Aircrack-ng)
  • EAP (Extensible Authentication Protocol) Methods
  • A client finds an AP and is prompted for a
    username and password
  • Keys are create dynamically after login

7
Counter measures
  • Some basic ideas
  • recommendations to secure a WLAN.
  • suggestions to minimize WLAN threats.
  • overview of weakness and solutions for WLANs
    (old, but good).
  • some commercial solutions AirDefense, AirTight,
    SmartPass .
  • State-of-the-art solutions
  • WPA and WPA2 review and Windows
  • Using a Radius server for authentication
  • The IAS Radius service in Windows.
  • FreeRadius home page and tutorial
  • Some WLAN security guides.
  • George Ou guide
  • NIST 800-53 draft
Write a Comment
User Comments (0)
About PowerShow.com