Page 217 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 217
Unit 13: Wireless Networks Security
devices are "on the air" throughout the active working shift, MAC filtering provides only Notes
a false sense of security since it prevents only "casual" or unintended connections to the
organizational infrastructure and does nothing to prevent a directed attack.
z z Network injection: In a network injection attack, a cracker can make use of access points
that are exposed to non-filtered network traffic, specifically broadcasting network traffic
such as “Spanning Tree” (802.1D), OSPF, RIP, and HSRP. The cracker injects bogus
networking re-configuration commands that affect routers, switches, and intelligent hubs.
A whole network can be brought down in this manner and require rebooting or even
reprogramming of all intelligent networking devices.
z z Caffe Latte attack: The Caffe Latte attack is another way to defeat WEP. It is not necessary
for the attacker to be in the area of the network using this exploit. By using a process that
targets the Windows wireless stack, it is possible to obtain the WEP key from a remote
client. By sending a flood of encrypted ARP requests, the assailant takes advantage of the
shared key authentication and the message modification flaws in 802.11 WEP. The attacker
uses the ARP responses to obtain the WEP key in less than 6 minutes.
Self-Assessment
Fill in the blanks:
1. ................................. is an attack on the integrity of either the data transmission or on the
data stored on a system.
2. ................................ is when a user denies having performed an action on the network
3. Non-traditional networks such as personal network Bluetooth devices are not safe from
cracking and should be regarded as a ........................... risk.
4. Identity theft (or MAC spoofing) occurs when a ..........................is able to listen in on
network traffic and identify the MAC address of a computer with network privileges.
5. ................................... is effective only for small residential (SOHO) networks, since it
provides protection only when the wireless device is "off the air".
6. In a network ......................attack, a cracker can make use of access points that are exposed
to non-filtered network traffic.
13.5 Middle Attacks
A man-in-the-middle attacker entices computers to log into a computer which is set up as a soft
AP (Access Point). Once this is done, the hacker connects to a real access point through another
wireless card offering a steady flow of traffic through the transparent hacking computer to the
real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies
on security faults in challenge and handshake protocols to execute a “de-authentication attack”.
This attack forces AP-connected computers to drop their connections and reconnect with the
cracker’s soft AP (disconnects the user from the modem so they have to connect again using their
password which you can extract from the recording of the event). Man-in-the-middle attacks
are enhanced by software such as LANjack and AirJack which automate multiple steps of the
process, meaning what once required some skill can now be done by script kiddies. Hotspots are
particularly vulnerable to any attack since there is little to no security on these networks.
13.5.1 Address Resolution Protocol (ARP) Poisoning
Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access Control
(MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it is effective
LOVELY PROFESSIONAL UNIVERSITY 211
