Page 218 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 218
Wireless Networks
Notes against both wired and wireless local networks. Some of the things an attacker could perform
from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop
using man-in-the middle methods, and prevent legitimate access to services, such as Internet
service.
A MAC address is a unique identifier for network nodes, such as computers, printers, and other
devices on a LAN. MAC addresses are associated to network adapter that connects devices
to networks. The MAC address is critical to locating networked hardware devices because it
ensures that data packets go to the correct place. ARP tables, or cache, are used to correlate
network devices’ IP addresses to their MAC addresses.
In for a device to be able to communicate with another device with a known IP Address but an
unknown MAC address the sender sends out an ARP packet to all computers on the network.
The ARP packet requests the MAC address from the intended recipient with the known IP
address. When the sender receives the correct MAC address then is able to send data to the
correct location and the IP address and corresponding MAC address are store in the ARP table
for later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC
address so that the IP address points to another machine. If the attacker makes the compromised
device’s IP address point to his own MAC address then he would be able to steal the information,
or simply eavesdrop and forward on communications meant for the victim. Additionally, if the
attacker changed the MAC address of the device that is used to connect the network to Internet
then he could effectively disable access to the web and other external networks.
13.6 Denial of Service (DoS) Attack
A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP
(Access Point) or network with bogus requests, premature successful connection messages,
failure messages, and/or other commands. These cause legitimate users to not be able to get
on the network and may even cause the network to crash. These attacks rely on the abuse of
protocols such as the Extensible Authentication Protocol (EAP).
The DoS attack in itself does little to expose organizational data to a malicious attacker, since
the interruption of the network prevents the flow of data and actually indirectly protects data
by preventing it from being transmitted. The usual reason for performing a DoS attack is to
observe the recovery of the wireless network, during which all of the initial handshake codes
are re-transmitted by all devices, providing an opportunity for the malicious attacker to record
these codes and use various "cracking" tools to analyze security weaknesses and exploit them to
gain unauthorized access to the system. This works best on weakly encrypted systems such as
WEP, where there are a number of tools available which can launch a dictionary style attack of
"possibly accepted" security keys based on the "model" security key captured during the network
recovery.
13.6.1 Types of Denial of Service (DoS) Attacks
The most common type of Denial of Service attack involves flooding the target resource with
external communication requests. This overload prevents the resource from responding to
legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted
system, an entire network, a component of a given network any system component. DoS attacks
may also target human-system communications (e.g. disabling an alarm or printer), or human-
response systems (e.g. disabling an important technician's phone or laptop).
212 LOVELY PROFESSIONAL UNIVERSITY
