Ethical Hacking CHAPTER 11 – EXPLOITING WIRELESS NETWORKS ERIC VANDERBRG
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 1/48
Ethical HackingCHAPTER 11 – EXPLOITING WIRELESS NETWORKS
ERIC VANDERBRG
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 2/48
O"#$cti%$&
E'(lain )i*$l$&& t$chn+l+g,
D$&c*i"$ )i*$l$&& n$t)+*king &tan-a*-&
D$&c*i"$ th$ (*+c$&& +. a/th$nticati+n
D$&c*i"$ )a*-*i%ing
D$&c*i"$ )i*$l$&& hacking an- t++l& /&$- ", hack$*& an-&$c/*it, (*+.$&&i+nal&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 3/48
n-$*&tan-ing Wi*$l$&& T$chn+l+g, +* a )i*$l$&& n$t)+*k t+ ./ncti+n2 ,+/ 3/&t ha%$ th$ *ig
ha*-)a*$ an- &+.t)a*$ Wi*$l$&& t$chn+l+g, i& (a*t +. +/* li%$&
Ba", 3+nit+*&
C$ll an- c+*-l$&& (h+n$&
Pag$*&
GPS
R$3+t$ c+nt*+l&
Ga*ag$ -++* +($n$*&
T)+4)a, *a-i+&
Wi*$l$&& PDA&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 4/48
C+3(+n$nt& +. a Wi*$l$&&N$t)+*k
A )i*$l$&& n$t)+*k ha& +nl, th*$$ "a&ic c+3(+n$nt& Acc$&& P+int 6AP7
Wi*$l$&& n$t)+*k int$*.ac$ ca*- 6WNIC7
Eth$*n$t ca"l$
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 5/48
Acc$&& P+int&
An acc$&& (+int 6AP7 i& a t*an&c$i%$* that c+nn$ct& t+ an
Eth$*n$t ca"l$ It "*i-g$& th$ )i*$l$&& n$t)+*k )ith th$ )i*$- n$t)+*k
N+t all )i*$l$&& n$t)+*k& c+nn$ct t+ a )i*$- n$t)+*k
9+&t c+3(ani$& ha%$ WLAN& that c+nn$ct t+ th$i* )i*$-n$t)+*k t+(+l+g,
Th$ AP i& )h$*$ chann$l& a*$ c+n:g/*$-
An AP $na"l$& /&$*& t+ c+nn$ct t+ a LAN /&ing )i*$l$&&t$chn+l+g,
An AP i& a%aila"l$ +nl, )ithin a -$:n$- a*$a
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 6/48
S$*%ic$ S$t I-$nti:$*&6SSID&7 Na3$ /&$- t+ i-$nti., th$ )i*$l$&& l+cal a*$a n$t)+*k
6WLAN7
Th$ SSID i& c+n:g/*$- +n th$ AP
ni</$ 14 t+ 0!4cha*act$* al(han/3$*ic na3$
Na3$ i& ca&$ &$n&iti%$
Wi*$l$&& c+3(/t$*& n$$- t+ c+n:g/*$ th$ SSID "$.+*$c+nn$cting t+ a )i*$l$&& n$t)+*k
SSID i& t*an&3itt$- )ith $ach (ack$t
I-$nti:$& )hich n$t)+*k th$ (ack$t "$l+ng&
Th$ AP /&/all, "*+a-ca&t& th$ SSID
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 7/48
S$*%ic$ S$t I-$nti:$*&6SSID&7 6c+ntin/$-7
9an, %$n-+*& ha%$ SSID& &$t t+ a -$.a/lt %al/$ thatc+3(ani$& n$%$* chang$
An AP can "$ c+n:g/*$- t+ n+t "*+a-ca&t it& SSID /ntil a.a/th$nticati+n
Wi*$l$&& hack$*& can att$3(t t+ g/$&& th$ SSID
V$*i., that ,+/* cli$nt& +* c/&t+3$*& a*$ n+t /&ing a -$.a
SSID
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 8/48
C+n:g/*ing an Acc$&& P+int
C+n:g/*ing an AP %a*i$& -$($n-ing +n th$ ha*-)a*$
9+&t -$%ic$& all+) acc$&& th*+/gh an, W$" "*+)&$*
St$(& .+* c+n:g/*ing a D4Link )i*$l$&& *+/t$*
Ent$* IP a--*$&& +n ,+/* W$" "*+)&$* an- (*+%i-$ ,+/* /&$*l+g+n na3$ an- (a&&)+*-
A.t$* a &/cc$&&./l l+g+n ,+/ )ill &$$ th$ -$%ic$?& 3ain )in-+
Click +n Wi*$l$&& "/tt+n t+ c+n:g/*$ AP +(ti+n& SSID
Wi*$- E</i%al$nt P*i%ac, 6WEP7 k$,&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 9/48
C+n:g/*ing an Acc$&& P+int6c+ntin/$-7
St$(& .+* c+n:g/*ing a D4Link )i*$l$&& *+/t$* 6c+ntin/$-7 T/*n + SSID "*+a-ca&t
Di&a"ling SSID "*+a-ca&t i& n+t $n+/gh t+ (*+t$ct ,+/*WLAN
+/ 3/&t al&+ chang$ ,+/* SSID
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 10/48
Wi*$l$&& NIC&
+* )i*$l$&& t$chn+l+g, t+ )+*k2 $ach n+-$ +* c+3(/t$* 3/&tha%$ a )i*$l$&& NIC
NIC?& 3ain ./ncti+n
C+n%$*ting th$ *a-i+ )a%$& it *$c$i%$& int+ -igital &ignal& th$c+3(/t$* /n-$*&tan-&
Th$*$ a*$ 3an, )i*$l$&& NIC& +n th$ 3a*k$t
Ch++&$ ,+/*& -$($n-ing +n h+) ,+/ (lan t+ /&$ it
S+3$ t++l& *$</i*$ c$*tain &($ci:c "*an-& +. NIC&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 11/48
n-$*&tan-ing Wi*$l$&& N$t)+*kStan-a*-&
A &tan-a*- i& a &$t +. */l$& .+*3/lat$- ", an +*ganiati+n
In&tit/t$ +. El$ct*ical an- El$ct*+nic& Engin$$*& 6IEEE7
D$:n$& &$%$*al &tan-a*-& .+* )i*$l$&& n$t)+*k&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 12/48
In&tit/t$ +. El$ct*ical an-El$ct*+nic& Engin$$*& 6IEEE7
Stan-a*-&
W+*king g*+/( 6WG7
A g*+/( +. ($+(l$ .*+3 th$ $l$ct*ical an- $l$ct*+nic& in-/&t*that 3$$t t+ c*$at$ a &tan-a*-
S(+n&+* E'$c/ti%$ C+33itt$$ 6SEC7
G*+/( that *$%i$)& an- a((*+%$& (*+(+&al& +. n$) &tan-a*-c*$at$- ", a WG
Stan-a*-& R$%i$) C+33itt$$ 6R$%C+37
R$c+33$n-& (*+(+&al& t+ "$ *$%i$)$- ", th$ IEEE Stan-a*B+a*-
IEEE Stan-a*-& B+a*-
A((*+%$& (*+(+&al& t+ "$c+3$ n$) &tan-a*-&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 13/48
Th$ >!11 Stan-a*-
Th$ :*&t )i*$l$&& t$chn+l+g, &tan-a*-
D$:n$- )i*$l$&& c+nn$cti%it, at 1 9"(& an- ! 9"(& )ithin a LAN
A((li$- t+ la,$*& 1 an- ! +. th$ OSI 3+-$l
Wi*$l$&& n$t)+*k& cann+t -$t$ct c+lli&i+n&
Ca**i$* &$n&$ 3/lti(l$ acc$&&Fc+lli&i+n a%+i-anc$ 6CS9AFCA7 i& /&$-
in&t$a- +. CS9AFCD Wi*$l$&& LAN& -+ n+t ha%$ an a--*$&& a&&+ciat$- )ith a (h,&ica
l+cati+n
An a--*$&&a"l$ /nit i& call$- a &tati+n 6STA7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 14/48
Th$ Ba&ic A*chit$ct/*$ +. >!11
>!11 /&$& a "a&ic &$*%ic$ &$t 6BSS7 a& it& "/il-ing "l+ck
C+3(/t$*& )ithin a BSS can c+33/nicat$ )ith $ach +th$*&
T+ c+nn$ct t)+ BSS&2 >!11 *$</i*$& a -i&t*i"/ti+n &,&t$3 6DS7a& an int$*3$-iat$ la,$*
An acc$&& (+int 6AP7 i& a &tati+n that (*+%i-$& acc$&& t+ th$ DS
Data 3+%$& "$t)$$n a BSS an- th$ DS th*+/gh th$ AP
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 15/48
Th$ Ba&ic A*chit$ct/*$ +. >!116c+ntin/$-7
IEEE >!11 al&+ -$:n$& th$ +($*ating .*$</$nc, *ang$ +. >!1
In th$ nit$- Stat$&2 it i& !5 t+ !5>08 GH
Each .*$</$nc, "an- c+ntain& chann$l&
A chann$l i& a .*$</$nc, *ang$
Th$ >!11 &tan-a*- -$:n$& =@ chann$l&
I. chann$l& +%$*la(2 int$*.$*$nc$ c+/l- +cc/*
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 16/48
Th$ Ba&ic A*chit$ct/*$ +. >!116c+ntin/$-7
Oth$* t$*3&
Wa%$l$ngth
*$</$nc,
C,cl$
H$*t +* c,cl$& ($* &$c+n-
Ban-&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 17/48
An O%$*%i$) +. Wi*$l$&& T$chn+l+gi$& In.*a*$- 6IR7
In.*a*$- light can?t "$ &$$n ", th$ h/3an $,$
IR t$chn+l+g, i& *$&t*ict$- t+ a &ingl$ *++3 +* lin$ +. &ight
IR light cann+t ($n$t*at$ )all&2 c$iling&2 +* ++*&
Na**+)"an-
&$& 3ic*+)a%$ *a-i+ "an- .*$</$nci$& t+ t*an&3it -ata
P+(/la* /&$&
C+*-l$&& (h+n$&
Ga*ag$ -++* +($n$*&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 18/48
An O%$*%i$) +. Wi*$l$&& T$chn+l+gi$& 6c+ntin/$-7
S(*$a- S($ct*/3
9+-/lati+n -$:n$& h+) -ata i& (lac$- +n a ca**i$* &ignal Data i& &(*$a- ac*+&& a la*g$4.*$</$nc, "an-)i-th in&t$a-
t*a%$ling ac*+&& #/&t +n$ .*$</$nc, "an-
9$th+-&
Frequency-hopping spread spectrum (FHSS)
Direct sequence spread spectrum (DSSS)
Orthogonal frequency division multiplexing (OFDM)
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 19/48
IEEE A--iti+nal >!11 P*+#$ct&
>!11a C*$at$- in 1@@@
O($*ating .*$</$nc, *ang$ chang$- .*+3 !5 GH t+ 8 GH
Th*+/gh(/t inc*$a&$- .*+3 11 9"(& t+ 85 9"(&
Ban-& +* .*$</$nci$&
L+)$* "an-818 t+ 8!8 GH 9i--l$ "an-8!8 t+ 808 GH
(($* "an-8=8 t+ 8>8 GH
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 20/48
IEEE A--iti+nal >!11 P*+#$ct&6c+ntin/$-7
>!11" O($*at$& in th$ !5 GH *ang$
Th*+/gh(/t inc*$a&$- .*+3 1 +* ! 9"(& t+ 11 9"(&
Al&+ *$.$**$- a& Wi4i 6)i*$l$&& :-$lit,7
All+)& .+* 11 chann$l& t+ (*$%$nt +%$*la((ing &ignal&
E$cti%$l, +nl, th*$$ chann$l& 612 ;2 an- 117 can "$ /&$- in c+3"inati+n)ith+/t +%$*la((ing
Int*+-/c$- Wi*$- E</i%al$nt P*i%ac, 6WEP7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 21/48
IEEE A--iti+nal >!11 P*+#$ct&6c+ntin/$-7
>!11$ It ha& i3(*+%$3$nt& t+ a--*$&& th$ (*+"l$3 +. int$*.$*$nc$
Wh$n int$*.$*$nc$ i& -$t$ct$-2 &ignal& can #/3( t+ an+th$* .*$</$nc,3+*$ </ickl,
>!11g
O($*at$& in th$ !5 GH *ang$
&$& OD9 .+* 3+-/lati+n
Th*+/gh(/t inc*$a&$- .*+3 11 9"(& t+ 85 9"(&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 22/48
IEEE A--iti+nal >!11 P*+#$ct&6c+ntin/$-7
>!11i Int*+-/c$- Wi4i P*+t$ct$- Acc$&& 6WPA7
C+**$ct$- 3an, +. th$ &$c/*it, %/ln$*a"iliti$& +. >!11"
>!18
A--*$&&$& n$t)+*king -$%ic$& )ithin +n$ ($*&+n?& )+*k&(ac$
Call$- )i*$l$&& ($*&+nal a*$a n$t)+*k 6WPAN7 Bl/$t++th i& a c+33+n $'a3(l$
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 23/48
IEEE A--iti+nal >!11 P*+#$ct&6c+ntin/$-7
>!1; A--*$&&$& th$ i&&/$ +. )i*$l$&& 3$t*+(+litan a*$a n$t)+*k& 69AN&7
D$:n$& th$ Wi*$l$&&9AN Ai* Int$*.ac$
It )ill ha%$ a *ang$ +. /( t+ 0 3il$&
Th*+/gh(/t +. /( t+ 1! 9"(&
>!! A--*$&&$& )i*$l$&& 9AN& .+* 3+"il$ /&$*& )h+ a*$ &itting in t*ain&2
&/")a,&2 +* ca*& t*a%$ling at &($$-& /( t+ 18 3il$& ($* h+/*
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 24/48
IEEE A--iti+nal >!11 P*+#$ct&6c+ntin/$-7
Bl/$t++th D$:n$& a 3$th+- .+* int$*c+nn$cting (+*ta"l$ -$%ic$& )ith+/t )i*$&
9a'i3/3 -i&tanc$ all+)$- i& 1 3$t$*&
It /&$& th$ !58 GH .*$</$nc, "an-
Th*+/gh(/t +. /( t+ 1! 9"(&
Hi($*LAN! E/*+($an WLAN &tan-a*-
It i& n+t c+3(ati"l$ )ith >!11 &tan-a*-&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 25/48
n-$*&tan-ing A/th$nticati+n
An +*ganiati+n that int*+-/c$& )i*$l$&& t$chn+l+g, t+ th$ 3i'inc*$a&$& th$ (+t$ntial .+* &$c/*it, (*+"l$3&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 26/48
Th$ >!1X Stan-a*-
D$:n$& th$ (*+c$&& +. a/th$nticating an- a/th+*iing /&$*& +n aWLAN
A--*$&&$& th$ c+nc$*n& )ith a/th$nticati+n
Ba&ic c+nc$(t&
P+int4t+4P+int P*+t+c+l 6PPP7
E't$n&i"l$ A/th$nticati+n P*+t+c+l 6EAP7
Wi*$- E</i%al$nt P*i%ac, 6WEP7
Wi4i P*+t$ct$- Acc$&& 6WPA7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 27/48
P+int4t+4P+int P*+t+c+l 6PPP7
9an, ISP& /&$ PPP t+ c+nn$ct -ial4/( +* DSL /&$*& PPP han-l$& a/th$nticati+n ", *$</i*ing a /&$* t+ $nt$* a %ali-
/&$* na3$ an- (a&&)+*-
PPP %$*i:$& that /&$*& att$3(ting t+ /&$ th$ link a*$ in-$$- )h+th$, &a, th$, a*$
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 28/48
E't$n&i"l$ A/th$nticati+n P*+t+c+6EAP7
EAP i& an $nhanc$3$nt t+ PPP All+)& a c+3(an, t+ &$l$ct it& a/th$nticati+n 3$th+-
C$*ti:cat$&
K$*"$*+&
C$*ti:cat$
R$c+*- that a/th$nticat$& n$t)+*k $ntiti$& It c+ntain& X8@ in.+*3ati+n that i-$nti:$& th$ +)n$*2 th$ c$*ti:cat
a/th+*it, 6CA72 an- th$ +)n$*?& (/"lic k$,
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 29/48
E't$n&i"l$ A/th$nticati+n P*+t+c+6EAP7 6c+ntin/$-7
EAP 3$th+-& t+ i3(*+%$ &$c/*it, +n a )i*$l$&& n$t)+*k& E't$n&i"l$ A/th$nticati+n P*+t+c+l4T*an&(+*t La,$* S$c/*it, 6EAP4TLS
P*+t$ct$- EAP 6PEAP7
9ic*+&+.t PEAP
>!1X c+3(+n$nt&
S/((licant A/th$nticat+*
A/th$nticati+n &$*%$*
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 30/48
Wi*$- E</i%al$nt P*i%ac, 6WEP7
Pa*t +. th$ >!11" &tan-a*- It )a& i3(l$3$nt$- &($ci:call, t+ $nc*,(t -ata that t*a%$*&$- a
)i*$l$&& n$t)+*k
WEP ha& 3an, %/ln$*a"iliti$&
W+*k& )$ll .+* h+3$ /&$*& +* &3all "/&in$&&$& )h$n c+3"in$-)ith a Vi*t/al P*i%at$ N$t)+*k 6VPN7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 31/48
Wi4i P*+t$ct$- Acc$&& 6WPA7
S($ci:$- in th$ >!11i &tan-a*-
It i& th$ *$(lac$3$nt .+* WEP
WPA i3(*+%$& $nc*,(ti+n ", /&ing T$3(+*al K$, Int$g*it,P*+t+c+l 6TKIP7
TKIP i& c+3(+&$- +. .+/* $nhanc$3$nt&
9$&&ag$ Int$g*it, Ch$ck 69IC7
C*,(t+g*a(hic 3$&&ag$ int$g*it, c+-$
9ain (/*(+&$ i& t+ (*$%$nt .+*g$*i$&
E't$n-$- Initialiati+n V$ct+* 6IV7 )ith &$</$ncing */l$&
I3(l$3$nt$- t+ (*$%$nt *$(la,&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 32/48
Wi4i P*+t$ct$- Acc$&& 6WPA76c+ntin/$-7
TKIP $nhanc$3$nt& 6c+ntin/$-7 P$*4(ack$t k$, 3i'ing
It h$l(& -$.$at )$ak k$, attack& that +cc/**$- in WEP
9AC a--*$&&$& a*$ /&$- in c*$ating an int$*3$-iat$ k$,
R$k$,ing 3$chani&3
It (*+%i-$& .*$&h k$,& that h$l( (*$%$nt attack& that *$li$- +n *$/&ing +l-
k$,&
WPA al&+ a--& an a/th$nticati+n 3$chani&3 i3(l$3$nting>!1X an- EAP
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 33/48
n-$*&tan-ing Wa*-*i%ing
Hack$*& /&$ )a*-*i%ing D*i%ing a*+/n- )ith in$'($n&i%$ ha*-)a*$ an- &+.t)a*$ that $na"l$
th$3 t+ -$t$ct acc$&& (+int& that ha%$n?t "$$n &$c/*$-
Wa*-*i%ing i& n+t ill$gal
B/t /&ing th$ *$&+/*c$& +. th$&$ n$t)+*k& i& ill$gal
Wa*,ing
Va*iant )h$*$ an ai*(lan$ i& /&$- in&t$a- +. a ca*
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 34/48
H+) It W+*k&
An attack$* +* &$c/*it, t$&t$* &i3(l, -*i%$& a*+/n- )ith th$.+ll+)ing $</i(3$nt
La(t+( c+3(/t$*
Wi*$l$&& NIC
An ant$nna
S+.t)a*$ that &can& th$ a*$a .+* SSID&
N+t all )i*$l$&& NIC& a*$ c+3(ati"l$ )ith &canning (*+g*a3&
Ant$nna (*ic$& %a*, -$($n-ing +n th$ </alit, an- th$ *ang$ th$can c+%$*
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 35/48
H+) It W+*k& 6c+ntin/$-7
Scanning &+.t)a*$ can i-$nti., Th$ c+3(an,?& SSID
Th$ t,($ +. &$c/*it, $na"l$-
Th$ &ignal &t*$ngth
In-icating h+) cl+&$ th$ AP i& t+ th$ attack$*
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 36/48
N$tSt/3"l$*
Sha*$)a*$ t++l )*itt$n .+* Win-+)& that $na"l$& ,+/ t+
-$t$ct WLAN& S/((+*t& >!11a2 >!11"2 an- >!11g &tan-a*-&
N$tSt/3"l$* )a& (*i3a*il, -$&ign$- t+
V$*i., ,+/* WLAN c+n:g/*ati+n
D$t$ct +th$* )i*$l$&& n$t)+*k&
D$t$ct /na/th+*i$- AP&
N$tSt/3"l$* i& ca(a"l$ +. int$*.ac$ )ith a GPS
Ena"ling a &$c/*it, t$&t$* +* hack$* t+ 3a( +/t l+cati+n& +.all th$ WLAN& th$ &+.t)a*$ -$t$ct&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 37/48
N$tSt/3"l$* 6c+ntin/$-7
N$tSt/3"l$* l+g& th$ .+ll+)ing in.+*3ati+n
SSID
9AC a--*$&& +. th$ AP
9an/.act/*$* +. th$ AP
Chann$l +n )hich it )a& h$a*-
St*$ngth +. th$ &ignal
Enc*,(ti+n Attack$*& can -$t$ct AP& )ithin a 084.++t *a-i/&
B/t )ith a g++- ant$nna2 th$, can l+cat$ AP& a c+/(l$ +.3il$& a)a,
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 38/48
Ki&3$t
An+th$* (*+-/ct .+* c+n-/cting )a*-*i%ing attack& W*itt$n ", 9ik$ K$*&ha)
R/n& +n Lin/'2 BSD2 9AC OS X2 an- Lin/' PDA&
Ki&3$t i& a-%$*ti&$- al&+ a& a &ni$* an- IDS
Ki&3$t can &ni >!11"2 >!11a2 an- >!11g t*ac
Ki&3$t .$at/*$& Eth$*$al4 an- Tc(-/3(4c+3(ati"l$ -ata l+gging
Ai*Sn+*t c+3(ati"l$
N$t)+*k IP *ang$ -$t$cti+n
i 6 i -7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 39/48
Ki&3$t 6c+ntin/$-7
Ki&3$t .$at/*$& 6c+ntin/$-7 Hi--$n n$t)+*k SSID -$t$cti+n
G*a(hical 3a((ing +. n$t)+*k&
Cli$nt4&$*%$* a*chit$ct/*$
9an/.act/*$* an- 3+-$l i-$nti:cati+n +. AP& an- cli$nt&
D$t$cti+n +. kn+)n -$.a/lt acc$&& (+int c+n:g/*ati+n&
X9L +/t(/t
S/((+*t& ! ca*- t,($&
- t -i Wi l H ki
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 40/48
n-$*&tan-ing Wi*$l$&& Hacking
Hacking a )i*$l$&& n$t)+*k i& n+t 3/ch -i$*$nt .*+3 hacking a)i*$- LAN
T$chni</$& .+* hacking )i*$l$&& n$t)+*k&
P+*t &canning
En/3$*ati+n
T l . th T -
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 41/48
T++l& +. th$ T*a-$
E</i(3$nt La(t+( c+3(/t$*
A )i*$l$&& NIC
An ant$nna
Sni$*&
Wi*$l$&& *+/t$*& that ($*.+*3 DHCP ./ncti+n& can (+&$ a "ig&$c/*it, *i&k
T++l& .+* c*acking WEP k$,&
Ai*Sn+*t
WEPC*ack
Ai S t
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 42/48
Ai*Sn+*t
C*$at$- ", J$*$3, B*/$&tl$ an- Blak$ H$g$*l$ It i& th$ t++l 3+&t hack$*& )anting t+ acc$&& WEP4$na"l$- WLAN
/&$
Ai*Sn+*t li3itati+n&
R/n& +nl, +n Lin/'
R$</i*$& &($ci:c -*i%$*&
N+t all )i*$l$&& NIC& ./ncti+n )ith Ai*Sn+*t
WEPC k
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 43/48
WEPC*ack
An+th$* +($n4&+/*c$ t++l /&$- t+ c*ack WEP $nc*,(ti+n WEPC*ack )a& *$l$a&$- a"+/t a )$$k "$.+*$ Ai*Sn+*t
It al&+ )+*k& +n NIX &,&t$3&
WEPC*ack /&$& P$*l &c*i(t& t+ ca**, +/t attack& +n )i*$l$&&&,&t$3&
/t/*$ %$*&i+n& a*$ $'($ct$- t+ incl/-$ .$at/*$& .+* attack$*& t+
c+n-/ct "*/t$4.+*c$ attack&
C t . Wi l
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 44/48
C+/nt$*3$a&/*$& .+* Wi*$l$&&Attack&
C+n&i-$* /&ing anti4)a*-*i%ing &+.t)a*$ t+ 3ak$ it 3+*$ -ic/lt.+* attack$*& t+ -i&c+%$* ,+/* )i*$l$&& LAN
H+n$,(+t&
ak$a(
Black Alch$3, ak$ AP
Li3it th$ /&$ +. )i*$l$&& t$chn+l+g, t+ ($+(l$ l+cat$- in ,+/*
.acilit, All+) +nl, (*$-$t$*3in$- 9AC a--*$&&$& an- IP a--*$&&$& t+
ha%$ acc$&& t+ th$ )i*$l$&& LAN
C+/nt$*3$a&/*$& .+* Wi*$l$&&
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 45/48
C+/nt$*3$a&/*$& .+* Wi*$l$&&Attack& 6c+ntin/$-7
C+n&i-$* /&ing an a/th$nticati+n &$*%$* in&t$a- +. *$l,ing +n a)i*$l$&& -$%ic$ t+ a/th$nticat$ /&$*&
C+n&i-$* /&ing EAP2 )hich all+)& -i$*$nt (*+t+c+l& t+ "$ /&$-that $nhanc$ &$c/*it,
C+n&i-$* (lacing th$ AP in th$ -$3ilita*i$- +n$ 6D97
I. ,+/ /&$ WEP2 c+n&i-$* /&ing 154"it $nc*,(ti+n *ath$* than 5
"it $nc*,(ti+n A&&ign &tatic IP a--*$&&$& t+ )i*$l$&& cli$nt& in&t$a- +. /&ing
DHCP
S/33a*,
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 46/48
S/33a*,
IEEE?& 3ain (/*(+&$ i& t+ c*$at$ &tan-a*-& .+* LAN& an-WAN&
>!11 i& th$ IEEE &tan-a*- .+* )i*$l$&& n$t)+*king
Wi*$l$&& t$chn+l+g, -$:n$& h+) an- at )hat .*$</$nc, -t*a%$l& +%$* ca**i$* &+/n- )a%$&
Th*$$ 3ain c+3(+n$nt& +. a )i*$l$&& n$t)+*k
Acc$&& P+int& 6AP&7
Wi*$l$&& n$t)+*k int$*.ac$ ca*-& 6WNIC&7
Eth$*n$t ca"l$&
S/33a*, 6c+ntin/$-7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 47/48
S/33a*, 6c+ntin/$-7
A &$*%ic$ &$t i-$nti:$* 6SSID7 a&&ign$- t+ an AP
R$(*$&$nt& th$ )i*$l$&& &$g3$nt +. a n$t)+*k .+* )hich th$ A*$&(+n&i"l$
Data 3/&t "$ 3+-/lat$- +%$* ca**i$* &ignal&
DSSS2 HSS2 an- OD9 a*$ th$ 3+&t c+33+n 3+-/lati+n& .+)i*$l$&& n$t)+*k&
Wa*-*i%ing an- )a*,ing
WLAN& can "$ attack$- )ith 3an, +. th$ &a3$ t++l& /&$-hacking )i*$- LANS
S/33a*, 6c+ntin/$-7
7/23/2019 Ethicalhacking Chapter11 Exploitingwirelessnetworks 140925143449 Phpapp01
http://slidepdf.com/reader/full/ethicalhacking-chapter11-exploitingwirelessnetworks-140925143449-phpapp01 48/48
S/33a*, 6c+ntin/$-7
C+/nt$*3$a&/*$& incl/-$
Di&a"ling SSID "*+a-ca&t R$na3ing -$.a/lt SSID&
&ing an a/th$nticati+n &$*%$*
Placing th$ AP in th$ D9
&ing a *+/t$* t+ :lt$* an, /na/th+*i$- 9AC an- IP a--*$&&.*+3 n$t)+*k acc$&&