Cracking of wireless networks

Cracking of wireless networks

Cracking of wireless networks is the penetration of wireless networks. A wireless network can be penetrated in a number of ways. These ways vary greatly in the level of computer skill and commitment they require. Once within a network, a skilled hacker can modify software, network settings, other security items and much more.[citation needed] Precautions can be taken however.

Obtaining a WEP key is the main goal for some hackers.[citation needed] Several methods are used to achieve this. A WEP key can be obtained within minutes.

Contents

Methods

Cracking of wireless networks typically begins with finding wireless networks, and then gathering as much information about them as possible. This is called network enumeration.[citation needed] Wireless networks are often found while being mobile, using network discovery software such as Kismet or Network stumbler. Then more information is gathered by eavesdropping a selected network with a network analyzer or sniffer. A sniffer monitors the data packets transmitted by a wireless network. The information that sniffers yield include SSID's, IP's, number of computers transmitting on the network, types of encryption, and MAC addresses. Furthermore, network mappers may be used to identify the servers on the network and their operating systems.[citation needed] SSIDSniff, Blade Software's IDS Informer, and commands such as ArPing may be used to gather IP addresses.[citation needed] When information about the brand and model of the access point was found, the hacker can consult an online manual for the default SSID's and passwords of the device, resulting in access to the network when these settings were not altered. Websites that provide default settings include CIRT.net.[1][2] Default settings can also be found with a search engine such as Google.

The next step is a vulnerability assessment.[citation needed] This is done with a network scanner such as nessus, nmap, wireshark, or Mognet.[citation needed] The vulnerability of the firmware of the access point may also be investigated using tools such as Pong.[citation needed]

Based on the outcome of the vulnerability assessment, the hacker determines a way of entry. He or she may:

  • Pose as a legitimate user, using a port/service that is open/available. This requires the wireless network's authentic SSID, BSSID, and WiFi-channel. These can be set with the package Wireless tools for Linux. It may also require a valid MAC address. This can be set with SMAC MAC Address Changer, or with commands such as iproute2 or ifconfig.[citation needed]
  • Use network encryption cracking software.
  • Employ a man-in-the-middle attack.
  • Use ARP spoofing.[citation needed]
  • Create a null session, provided that the operating system of the targeted computer is Windows. A null session is a connection to a freely accessible remote share called IPC$, providing read and write access with Windows NT/2000 and read access with Windows XP and 2003.[citation needed]

After authenthication as a legitimate user, access to an entire network may not yet be achieved. To break into still secured parts of the network, the hacker may use password crackers.

Further reading

  • Wireless Attacks and Penetration Testing by Jonathan Hassell, 2004 or later.

Detection

When a hacker scans the radio channels destined for wireless networks for activity, this cannot be detected because the scanner only listens for signals. Only when the hacker inserts packets into the network he or she can be detected and his or her location can be investigated.

A hacker can only obtain limited information from sniffing a network. To gain more information he or she must start probing the network, making detection possible.[3]

Further reading

Prevention

An unprotected wireless network is extremely insecure. From anywhere within broadcast range, someone can eavesdrop or start using the network. Therefore, the IEEE 802.11 standard for wireless networks was accompanied with Wired Equivalent Privacy (WEP). This security protocol takes care of the following:

  • authentication: assurance that all participants are who they state they are, and are authorized to use the network
  • confidentiality: protection against eavesdropping
  • integrity: assurance of data being unaltered

WEP has been criticized by security experts. Most experts regard it as ineffective by now.

In 2004 a draft for a better security protocol appeared, and it was included in the IEEE 802.11 standard in 2007. This new protocol, WPA2, uses an AES block cipher instead of the RC4 algorithm and has better procedures for authentication and key distribution. WPA2 is much more secure than WEP, but WEP was still in wide use in 2009.

Many wireless routers also support controlling the MAC addresses of computers that are authorized to use a wireless network. This measure can effectively stop a neighbour from using the network, but experienced intruders will not be stopped.[5] MAC filtering can be attacked because a MAC address can be faked easily.

In the past, turning off the broadcasting of the SSID has also been thought to give security to a wireless network. This is not the case however. Freely available tools exist that quickly discover an SSID that is not broadcast. Microsoft has also determined that switching off the broadcasting of the SSID leads to less security. Details can be found in Non-broadcast Wireless Networks with Microsoft Windows.

Returning to encryption, the WEP specification at any encryption strength is unable to stand determined hacking. Therefore, Wi-Fi Protected Access (WPA) was derived from WEP. Software upgrades are often available. The latest devices that conform to the 802.11g or 802.11n standards also support WPA2. (WPA uses the TKIP encryption, WPA2 uses the stronger AES method.) It is recommended to use only hardware that supports WPA or WPA2.[6]

Further reading

Beyond cracking

The ultimate gratification for a network intruder always is to obtain administrator privileges for a network. When an intruder is inside, one of his or her first undertakings is often to install a so called rootkit on a target computer. This is a collection of programs to facilitate durable influence on a system. Some of these programs are used to compromise new user accounts or new computers on the network. Other programs are to obscure the presence of the intruder. These obscuring programs may include false versions of standard network utilities such as netstat, or programs that can remove all data from the log files of a computer that relate to the intruder. Yet other programs of a rootkit may be used to survey the network or to overhear more passwords that are travelling over it. Rootkits may also give the means to change the very operating system of the computer it is installed on.

The network intruder then proceeds with creating one or more so called back doors. These are access provisions that are hard to find for system administrators, and they serve to prevent the logging and monitoring that results from normal use of the network. A back door may be a concealed account or an account of which the privileges have been escalated. Or it may be a utility for remote access, such as Telnet, that has been configured to operate with a port number that is not customary.

The network intruder then proceeds with stealing files, or stealing credit card information, or preparing a computer to send spam emails at will. Another goal is to prepare for the next intrusion. A cautious intruder is protective against discovery of his or her location. The method of choice is to use a computer that already has been attacked as an intermediary. Some intruders use a series of intermediate computers, making it impracticable to locate them.[7]

Further reading

Theoretical information

Theoretical information may be gathered from the following documents.

Practical information

Books

Articles

Internet pages

Commercial information

Databases

Software

Legality

The Netherlands

Making use of someone else's wireless access point or wireless router to connect to the internet -- without the owner's consent in any way -- is not punishable by criminal law in The Netherlands. This is true even if the device uses some form of access protection. To penetrate someone else's computer without the owner's consent is punishable by criminal law though.[10][11]

Related articles

Cracking of wireless networks is opposed to securing them, causing the following articles to be related.

Cracking of wireless networks can result from several intentions, causing the following articles to be related.

Cracking of wireless networks can be specialized in several ways, causing the following articles to be related.

References

  1. ^ Default Passwords by CIRT.net
  2. ^ Default Password List by phenoelit-us.org
  3. ^ Hacking Techniques in Wireless Networks by Prabhaker Mateti, 2005, sections 3.5, 5, and 5.3.
  4. ^ Hacking Techniques in Wireless Networks by Prabhaker Mateti, 2005, reference 3. (This reference proves that the date is 2003.)
  5. ^ Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 161-162.
  6. ^ Upgrading and repairing PC's, 19th edition, by Scott Mueller, Pearson Education Inc., 2010, pages 900-901.
  7. ^ Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 87, 275, 376-377, 385.
  8. ^ Linux Magazine (Dutch computer magazine), issue 04 of 2011, page 60.
  9. ^ BackTrack Howtos by BackTrack Linux
  10. ^ PC Plus (Dutch computer magazine), issue 04/2011, page 60.
  11. ^ Dutch courts: Wi-Fi 'hacking' is not a crime by John Leyden, 2011.

Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Wireless security — An example wireless router, that can implement wireless security features Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Many laptop computers have wireless cards pre installed. The… …   Wikipedia

  • Wireless hacking — In security breaches, wireless hacking is the unauthorized use or penetration of a wireless network. A wireless network can be penetrated in a number of ways. There are methods ranging from those that demand a high level of technological skill… …   Wikipedia

  • Wireless-Fidelity — Wi Fi Le logo Wi Fi Pile de protocoles 7 • …   Wikipédia en Français

  • Wireless fidelity — Wi Fi Le logo Wi Fi Pile de protocoles 7 • …   Wikipédia en Français

  • Network encryption cracking — is the breaching of network encryptions (e.g., WEP, WPA, ...), usually through the use of a special encryption cracking software. It may be done through a range of attacks (active and passive) including injecting traffic, decrypting traffic, and… …   Wikipedia

  • WarXing — WarXing, NetStumbling or WILDing [ [http://www.bawug.org WILDing] ] is the activity of detecting publicly accessible computer systems or (wireless) networks. The X may be replaced by a more specific activity to give the following… …   Wikipedia

  • Wired Equivalent Privacy — (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks. When introduced in 1999, WEP was intended to provide… …   Wikipedia

  • Raymond Kurzweil — Infobox Person name = Raymond Kurzweil image size = 250px caption = Raymond Kurzweil birth date = Birth date and age|1948|2|12|mf=y birth place = Queens, New York, United States death date = death place = height = 5 7 weight = 145 lbs occupation …   Wikipedia

  • Monitor mode — Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (NIC) to monitor all traffic received from the wireless network. Unlike promiscuous mode, which is also used for packet sniffing …   Wikipedia

  • PBKDF2 — (Password Based Key Derivation Function) is a key derivation function that is part of RSA Laboratories Public Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force s RFC 2898. It… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”