-
8/7/2019 wireless security1
1/6
Wireless Hacking: A Wi-Fi Hack
SAYYAD SAJID9021399298
Abstract Wireless Networks or WLANSis what everybody wants
today. Thesenetworks offer more mobility, moreflexibility and more
cost effectiveness thanthe traditional wired networks.
WirelessNetworks are getting used in houses,offices, organizations
and many more. Withthis huge demand many vendors arecoming forward
with new devices andsolutions. But are these networks offer
thelevel of security that is offered by the wirednetworks? This is
what is discussed in this
paper. Wireless networks have their ownand sometimes more
critical securityissues. So the main focus of this paper
isEthically Hacking the wireless networksand checking the
vulnerabilities present inthem. We will have a look at the
differenthacking tools like NetStumbler, cain andkismet, using them
ethically to protect our air privacy and making our network
moredifficult to attack.
Keywords - Wireless Hacking; WEP; Kismet;Cain; NetStumbler
I. INTRODUCTION
The Institute of Electrical and ElectronicsEngineers (IEEE)
provides 802.11 set of standards for WLANs. The wing ".11" refers
toa subset of the 802 group which is the wirelessLAN working group.
Many industry groups areinvolved in work with wireless
systems,however the IEEE 802.11 working group andthe Wi-Fi Alliance
came out as key troupes. Atpresent, Wi-Fi schemes shaped a demand
inthe market and they are in reality everywhere.But by this
augmented exposure comes theamplified risk, the extensive use of
wireless
systems has facilitated make them a hugetarget than the IEEE
ever negotiated for. (Notmany flaws such as the Wired
EquivalentPrivacy (WEP) [3] in the 802.11 wirelessnetwork protocol
help things, either. Throughthe expediency, cost reserves, and
efficiencygains of wireless networks raise security risks.
The regular security issues, like weak
passwords, spyware, and missing patches arenot the things that
are going to matter.Networking with no wires brings in an intactnew
set of vulnerabilities from an entirelydifferent point of view.
Here comes theconcept of ethical hacking. Ethical
hacking,occasionally called as white-hat hacking is theuse of
hacking to check and advance thedefenses against unethical hackers.
It may becompared to access testing and susceptibilitytesting, but
it goes even deeper. Ethicalhacking entails the usage of same tools
andpractices the bad guys make use of, however it also involves
wide range forefront planning,
a set of precise tools, multifaceted testingmethodologies, and
adequate report to fix anyproblems before the bad guys exploit our
privacy.
II. EXPLORING ETHICAL HACKING
Weve all heard of hackers. Many of us haveeven heard the
consequences of hacker actions. So who are these hackers? Why is
itimportant to know about them? First we willsee what is a Hacker
actually,
A. Defining hacker
Hacker is a word that has two meanings:Traditionally, a hacker
is someonewho likes to tinker with software or electronic systems.
Hackers enjoyexploring and learning how computer systems operate.
They lovediscovering new ways to workelectronically.Recently,
hacker has taken on a newmeaning that someone whomaliciously breaks
into systems for personal gain. Technically, thesecriminals are
crackers (criminal
hackers). Crackers break into (crack)systems with malicious
intent. Theyare out for personal gain: fame, profit,and even
revenge. They modify,delete, and steal critical information,often
making other people miserable.
B. Defining Ethical hacking
also known as penetration testing or white-hathacking involves
the same tools, tricks, and
-
8/7/2019 wireless security1
2/6
techniques that hackers use, but with onemajor difference:
Ethical hacking is legal.Ethical hacking is performed with the
targetspermission. The intent of ethical hacking is todiscover
vulnerabilities from a hackersviewpoint so systems can be better
secured.Its part of an overall information risk
management program that allows for ongoingsecurity improvements.
Ethical hacking canalso ensure that vendors claimsabout the
security of their products arelegitimate.
III. DANGERS OF HACKING
Just going deep into the ethical-hackingprocess, we should know
a couple of termswe'll be using throughout this paper. They
are,Threat: A threat is a sign of target to causedisturbance within
an information system. Afew paradigms of threat agents are
hackers,annoyed employees, and malware such asviruses or spyware
that can inflict disorder ona wireless network.Vulnerability: It is
a flaw inside an informationsystem that can be browbeaten by a
threat.We'll be seeking out Wireless networkvulnerabilities all
through this paper. Goingfurther than these nuts and bolts,
precisethings can happen when vulnerabilities havebeen exploited by
a threat. This state is calledrisk. Risks allied with vulnerable
wirelessnetworks comprise,
Full access to files Stolen passwords Wired network back door
entry points DoS attacks causing productivity losses Violation of
laws and regulations relating toprivacy,corporate fmancial
reporting, and more Zombies: A hacker attacks other networksusing
our system making us look like bad guys
IV. TOOLS TO BE USED
As with any project, if you dont have the right
tools for ethical hacking, Accomplishing thetask effectively is
difficult. Having said that,just because you use the right tools
doesntmean that you will discover all vulnerabilities.Know the
personal and technical limitations.Many security-assessment tools
generatefalse positives and negatives (incorrectlyidentifying
vulnerabilities). Others may missvulnerabilities. If youre
performing tests suchas social engineering or
physical-securityassessments, you may miss weaknesses.
Many tools focus on specific tests, but no onetool can test for
everything. For the samereason that you wouldnt drive in a nail
with ascrewdriver, you shouldnt use a wordprocessor to scan your
network for open ports.This is why you need a set of specific
toolsthat you can call on for the task at hand. The
more tools you have, the easier your ethicalhacking efforts are.
Make sure you that youreusing the right tool for the task:
To crack passwords, you need acracking tool such as LC4, John
theRipper, or pwdump.A general port scanner, such asSuperScan, may
not crack passwords.For an in-depth analysis of a Webapplication, a
Web-applicationassessment tool (such as Whisker or WebInspect) is
more appropriate thana network analyzer (such as Ethereal).
Some other popular tools
are,NmapEtherPeekSuperScanQualysGuardWebInspectLC4 (formerly called
L0phtcrack)LANguard Network Security Scanner Network Stumbler
ToneLoc
V. SOMETHING IMPORTANT
Before starting the Ethical Hacking processthere are some
measures that we should takecare of like:
Acquiring permission from our boss or project sponsor or client
to carry outour testsOver viewing testing objectivesReconciling
what tests to runGrasping the ethical hackingtechniques
beforecarrying out our tests.
VI. ATTACKS CARRIED OUT BYETHICAL HACKERS
A. Access control attacks[1]
These attacks attempt to penetrate a networkby using wireless or
evading WLAN accesscontrol measures, like AP MAC filters and802.1X
port access controls.
-
8/7/2019 wireless security1
3/6
Typ e of Attack
Descri p tion Methods andT ools
War Driving
Discoveringwireless LANsby listening tobeacons or
sending proberequests,therebyproviding launchpoint for further
attacks.
Airmon-ng,DStumbler,KisMAC,MacStumbler,NetStumbler,Wellenreiter,WiFiFoFum
Ro gueAccessPo ints
Installing anunsecured APinside firewall,creating openbackdoor
intotrusted network.
Any hardwareor software AP
MACSpoof ing
Reconfiguringan attacker'sMAC address topose as anauthorized
APor station.
MacChanger,
SirMACsAlot,SMAC,Wellenreiter,wicontrol
B . Confidentialit y attacks
These attacks attempt to intercept privateinformation sent over
wireless associations,whether sent in the clear or encrypted
by802.11 or higher layer protocols.
Typ e of Attack Descri p tion
Methodsand T ools
Eavesdr o pping
Capturinganddecodingunprotectedapplicationtraffic
toobtainpotentiallysensitiveinformation.
bsd-airtools,Ettercap,Kismet,Wireshark,commercialanalyzers
WEP KeyCracking
Capturingdata torecover aWEP keyusingpassive or
activemethods.
Aircrack-ng,airoway,AirSnort,chopchop,dwepcrack,WepAttack,WepDecrypt,WepLab,wesside
Man in the Running dsniff,
Middle traditionalman-in-the-middle attacktools on anevil twin
APto interceptTCP
sessions or SSL/SSHtunnels.
Ettercap-NG, sshmitm
C. Integrit y attacks
These attacks send forged control,management or data frames over
wireless tomislead the recipient or facilitate another typeof
attack (e.g., DoS).
Typ e of Attack Descri p tion
Methods andT ools
802.11FrameInjecti o n
Crafting andsending forged802.11 frames.
Airpwn,
File2air,libradiate,void11,WEPWedgie,wnetdinject/reinject
802.1XR ADIUSR eplay
CapturingRADIUSAccess-Acceptor Rejectmessages for later
replay.
EthernetCapture +Injection Toolsbetween AP
andauthenticationserver
D. Authentication attacks
Intruders use these attacks to steal legitimateuser identities
and credentials to accessotherwise private networks and
services.
Typ e of Attack
Descri p tion Methodsand T ools
Shared KeyGuessing
Attempting802.11 SharedKeyAuthenticationwith guessed,vendor
default or cracked WEPkeys.
WEPCrackingTools
PSK Cracking
Recovering aWPA/WPA2 PSKfrom capturedkey handshake
coWPAtty,genpmk,KisMAC,wpa_crack
-
8/7/2019 wireless security1
4/6
frames using adictionary attacktool.
Applicati o n
Lo gin The f t
Capturing user credentials (e.g.,e-mail addressand password)from
cleartextapplicationprotocols.
AcePasswordSniffer,
Dsniff,PHoss,WinSniffer
E . Availabilit y attacks
These attacks impede delivery of wirelessservices to legitimate
users, either by denyingthem access to WLAN resources or
bycrippling those resources.
Typ e of
Attack Descri p tion
Methods
and T ools
AP The f t
Physicallyremoving an APfrom a publicspace.
"Five finger discount"
QueenslandDo S
Exploiting theCSMA/CAClear ChannelAssessment(CCA)mechanism
tomake a channelappear busy.
An adapter that supportsCW Txmode, with alow-levelutility
toinvokecontinuoustransmit
802.1XEAPLengthAttacks
Sending EAPtype-specificmessages withbad lengthfields to try
tocrash an AP or RADIUS server.
QACafe,File2air,libradiate
VII. FINDING THE REASONS FORWEAK SECURITY
A. They know but...
Many times what happens is networkadministrators know the risks
but they fail toimplement necessary things about security.After all
everybody wants to get the networkworking as soon as possible. So
theadministrators dont think that they will gethacked or they just
ignore the necessarysecurity precautions.
B. Default passwords
All the vendors provide some default Ids andpasswords with their
devices for initial securitypurpose. A lot of times these Ids
andpasswords remain unchanged. That meansany hacker can make use of
these easily
known passwords and gain access to thewireless device.
C. No use of encryption
Every WLAN device comes with some built inencryption technology
like WEP or WPA. Butmany times people never implement them!What a
nice way to secure your network!
D. Weak passwords
Sometimes it very easy for hackers to get thesocial information
about individuals and applysimple password guessing attack. There
isneed of considerable efforts to make peopleknow and implement use
of good passwords.
VIII. IMPROVING SECURITY OFWIRELESS NETWORKS
Many folks setting up wireless home networksrush through the job
to get their Internetconnectivity working as quickly as
possible.That's totally understandable. It's also quiterisky as
numerous security problems canresult. Today's Wi-Fi networking
products don'talways help the situation as configuring their
security features can be time-consuming andnon-intuitive. The
recommendations belowsummarize the steps you should take toimprove
the security of your home wirelessnetwork.
A. Change Default AdministratorPasswords (and Usernames)
At the core of most Wi-Fi home networks is anaccess point or
router. To set up these piecesof equipment, manufacturers provide
Webpages that allow owners to enter their networkaddress and
account information. These Webtools are protected with a login
screen(username and password) so that only therightful owner can do
this. However, for anygiven piece of equipment, the logins
providedare simple and very well-known to hackers onthe Internet.
Change these settingsimmediately.
-
8/7/2019 wireless security1
5/6
B . Turn on (Compatible) WPA / WEPEncryption
All Wi-Fi equipment supports some form of encryption. Encryption
technology scramblesmessages sent over wireless networks so
thatthey cannot be easily read by humans.
Several encryption technologies exist for Wi-Fitoday. Naturally
you will want to pick thestrongest form of encryption that works
withyour wireless network. However, the waythese technologies work,
all Wi-Fi devices onyour network must share the identicalencryption
settings.
C. Change the Default SSID
Access points and routers all use a networkname called the SSID.
Manufacturers normallyship their products with the same SSID
set.For example, the SSID for Linksys devices isnormally "linksys."
True, knowing the SSIDdoes not by itself allow your neighbors
tobreak into your network, but it is a start. Moreimportantly, when
someone finds a defaultSSID, they see it is a poorly
configurednetwork and are much more likely to attack it.Change the
default SSID immediately whenconfiguring wireless security on your
network.
D. Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a uniqueidentifier called the
physical address or MACaddress. Access points and routers keep
trackof the MAC addresses of all devices thatconnect to them. Many
such products offer theowner an option to key in the MAC
addressesof their home equipment, that restricts thenetwork to only
allow connections from thosedevices. Do this, but also know that
the featureis not so powerful as it may seem. Hackersand their
software programs can fake MACaddresses easily.
E. Disable SSID B roadcast
In Wi-Fi networking, the wireless access pointor router
typically broadcasts the networkname (SSID) over the air at regular
intervals.This feature was designed for businesses andmobile
hotspots where Wi-Fi clients may roamin and out of range. In the
home, this roamingfeature is unnecessary, and it increases
thelikelihood someone will try to log in to your home network.
Fortunately, most Wi-Fi accesspoints allow the SSID broadcast
feature to bedisabled by the network administrator.
F. Do Not Auto-Connect to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such asa free wireless
hotspot or your neighbor'srouter exposes your computer to security
risks.Although not normally enabled, most
computers have a setting available allowingthese connections to
happen automaticallywithout notifying you (the user). This
settingshould not be enabled except in temporarysituations.
G . Assign Static IP Addresses toDevices
Most home networkers gravitate toward usingdynamic IP addresses.
DHCP technology isindeed easy to set up. Unfortunately,
thisconvenience also works to the advantage of network attackers,
who can easily obtain validIP addresses from your network's DHCP
pool.Turn off DHCP on the router or access point,set a fixed IP
address range instead, thenconfigure each connected device to
match.Use a private IP address range (like 10.0.0.x)to prevent
computers from being directlyreached from the Internet.
H . Enable Firewalls On EachComputer and the Router
Modern network routers contain built-in firewallcapability, but
the option also exists to disablethem. Ensure that your router's
firewall isturned on. For extra protection, consider installing and
running personal firewallsoftware on each computer connected to
therouter.
I. Position the Router or AccessPoint Safely
Wi-Fi signals normally reach to the exterior of a home. A small
amount of signal leakageoutdoors is not a problem, but the further
this
signal reaches, the easier it is for others todetect and
exploit. Wi-Fi signals often reachthrough neighboring homes and
into streets,for example. When installing a wireless homenetwork,
the position of the access point or router determines its reach.
Try to positionthese devices near the center of the homerather than
near windows to minimize leakage.
-
8/7/2019 wireless security1
6/6
J . Turn Off the Network DuringExtended Periods of Non -Use
The ultimate in wireless security measures,shutting down your
network will most certainlyprevent outside hackers from breaking
in!While impractical to turn off and on the devices
frequently, at least consider doing so duringtravel or extended
periods offline. Computer disk drives have been known to suffer
frompower cycle wear-and-tear, but this is asecondary concern for
broadband modemsand routers.
IX. CONCLUSION
Wireless networks like Wi-Fi being the mostspread technology
over the world is vulnerableto the threats of Hacking. It is very
important toprotect a network from the hackers in order toprevent
exploitation of confidential data. Thebetter way to do this is,
just think like a hacker.At a glance, we've talked about the
wholeprocess of Ethical Hacking in this paper. Allthis is made only
to figure out the necessity ingetting touch with some of the
scanning toolslike NetStumbler, Cain, Kismet, MiniStumbler etc to
survey the Wireless locality. The toolsthat have been stated will
give us the ability tobreak our own Wireless protection and thismay
be the time to go to the next rank of security, the WPA. Let us try
to hack all the
standards of Wireless networks ethically inorder to make a
system very protected.
REFERENCES
[1] Liza phifer, List of wireless networks
attacks, available
athttp://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1167611,00.html[2]
Bradley Mitchell,10 tips for wirelessnetwork security, available
at,http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm[3]
S Vinjosh Reddy , K Rijutha, K SaiRamani, SkMohammad Ali, CR.
Pradeep Reddy, " WirelessHacking - A Wi-Fi Hack By Cracking WEP,
201O2nd International Conference on EducationTechnology and
Computer (ICETC)[4] Ankit Fadia, "The Ethical Hacking Guide
ToCorporate Security," January 2005.[5] Stuart Mcclure, Joel
Scambray, GeorgeKurtz, "Hacking Exposed 6: NetworkSecurity Secrets
& Solutions," 2009.[6] Michael Roche ,"Wireless Hacking
Tools,"available
athttp://www.cse.wustl.edul-jain/cse571-07/ftp/wireless_hackingl[7]
IEEE 802 standards,http://standards.ieee.org/getieeeS02[8] WiFi
-Windows,http://www.oxid.it (Cain &
Able)http://www.NetStumbler.com
