Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Wireless Access and Exploiting Access Part 1


Wireless Access and Exploiting Access Part 1

By ghostghost | 5548 Reads |
0     0

First off lets take a look at what a wireless network is. Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop can listen in to these types of packets. There are certain things you will need for this type of accessing. The methods I will be explaining here will deal mostly with “wardriving”.

Necessary Equipment: · Laptop Computer - At least a Pentium 100 with a free PCMCIA slot and serial port for GPS. · 802.11-compliant wireless Ethernet card · The Software, Linux, BSD, Windows, Mac, everyone is supported. · Optional: GPS receiver for location tracking. · A way to get around, a car, bus, subway, walking, bike.

I got that from wardriving.com. You can also go there for howtos on these things I will explain.A wireless network interface card, which is the card, you that you will be using to access an access point, is a device providing the network physical layer over a radio link to another station. An access point is typical connected by wire to a LAN. The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. (Two wireless networks using neighboring channels may interfere with each other.) Wired Equivalent Privacy also known as (WEP) is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. WEP uses the RC4 encryption algorithm. The shared-secret key is either 40 or 104 bits long. The system administrator chooses the key. This key must be shared among all the stations and the AP using mechanisms that are not specified in the IEEE 802.11.

Next you will have to sniff out the network. Sniffing is the act by a machine S of making copies of a network packet sent by machine A intended to be received by machine B. Such sniffing, strictly speaking, is not a TCP/IP problem, but it is enabled by the choice of broadcast media, Ethernet and 802.11, as the physical and data link layers. Sniffing is the underlying technique used in tools that monitor the health of a network. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections. It is easier to sniff wireless networks. It is easy to sniff the wireless traffic of a building by setting up shop in a car parked in a lot as far away as a mile, or while driving around the block.

The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames. 2 reasons an attacker want to collect MAC addresses are that (1) the attacker wishes to use these values in spoofed frames so that his station or AP is not identified. (2) The targeted AP may be controlling access by filtering out frames with MAC addresses that were not registered.

Collecting the Frames for Cracking WEP

The main goal here is to discover the WEP shared-secret key. Most client software stores its WEP keys in the operating system registry or initialization scripts. If failed the attacker would then employ systematic procedures in cracking the WEP. I will not get to deep in this because this is a whole other article its self and you can probably google it. But here is an example of a WEP cracking tool to help you out http://airsnort.shmoo.com.

Wireless Spoofing

There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

MAC Address Spoofing

The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

IP SPOOFING

Replacing the true IP address of the sender with a different address is known as IP spoofing. Attacker’s machine cannot simply be assigned the IP address of another host X using ifconfig or a similar configuration tool. An attacker can silence a host A from sending further packets to B by sending a spoofed packet announcing a window size of zero to A as though it originated from B.

In the Part 2 I will discuss wireless network probing. Even though an attacker has all the information but no there are still missing links to his problem

Comments
lukem_95's avatar
lukem_95 17 years ago

You didn't mention anything about compatable cards… you can't just have any card, it needs certain chipsets to work with the software and to use monitor mode.