SlideShare a Scribd company logo

Ehternet Security "Unplugged" .pptx

Download as PPTX, PDF
T
Tony Lauro

A presentation I did for the IEEE / APS (Antenna Propagation Society) SMU school of Information Technology in Dallas, TX in October of 2003

Technology
1 of 32
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Ethernet Security “Unplugged” Anthony Lauro | Founder DFW Wireless Dot Org Anthony.Lauro@dfwwireless.org IEEE / APS 10/15/02
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Challenges with Wireless  Interference  Vendor Interoperability  Quality of Service  Security
8/9/2022 Copyright © 2002 DFW Wireless Dot Org The Threats Theft of proprietary information Sabotage (DOS) Attack Gateway (launching point) Industrial Espionage Terrorist Activity Abuse of network resources (spam, p0rn, illegal software)
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Security Measures And How They Fail…
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Information Security Begins With You...
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Fresnel Zone  The radius of the Fresnel Zone at its widest point can be calculated by the formula listed above, where d is the link distance in miles, f is the frequency in GHz, and r is the radius off of the center line of the link in feet. Typically, 20% Fresnel Zone blockage introduces little signal loss to the link. Beyond 40% blockage, signal loss will become significant.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Free Space Loss Free Space Loss = 20Log10(Frequency in MHz) + 20Log10 (Distance in Miles) + 36.6
8/9/2022 Copyright © 2002 DFW Wireless Dot Org 802.11 Frame Types  Data Frames - Carry user data  Control Frames - Used for lower layer MAC functions  Acknowledging frames (ACK Packet)  Determining if it’s ok to transmit data (RTS, CTS)  Management Frames - Used for managing membership to the BSS  Finding available access points  Joining and leaving the BSS
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Ministumbler Listens for Beacon probes and responses sent out from APs and records information contained in the Control Frame. Information can be exported from Ministumbler and imported into mapping programs to create detailed maps with an overlay of all AP information.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org How Does Dallas Stand Up?
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Statistics  Of the 2,454 APs surveyed only 859 were running encryption  Over 65% of access points in the Dallas area are running without encryption.  Over 56% of those access points are running with the default configurations. IS YOURS?
8/9/2022 Copyright © 2002 DFW Wireless Dot Org MAC Filtering Pros:  Allows control of what MAC addresses are allowed to associate with your network. Cons:  On most operating systems, MAC addresses can be easily spoofed.  An attacker can determine which MAC addresses are allowed by monitoring network traffic.  An attacker can still monitor communication on the network without associating to your access point.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Examples of Spoofed MAC Addresses ifconfig eth0 hw ether 01:02:03:04:05:06
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Closed Network Mode Pros:  Requires connecting clients to supply correct SSID and channel to associate to the AP.  Beacon Packets are not sent out to listening clients (will prevent “accidental associations” and casual stumblers) Cons:  Through sniffing probe request and response frames the AP can still be detected.  Traffic can still be monitored and captured.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Examples of Closed Network mode being Sniffed to find ESSID and other info.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Attacks Against Wireless Proof of concept code: Air-jack  wlan-jack  essid-jack  monkey-jack  kracker-jack abaddon@802.11ninja.net
8/9/2022 Copyright © 2002 DFW Wireless Dot Org WLAN-Jack- De-Authentication – DOS  Spoofs MAC address of Access Point  Send de-authenticate frames to all clients within radio range.  Sends continuously.  Can send to broadcast address or specific MAC  Users are unable to re-associate with Access Point
8/9/2022 Copyright © 2002 DFW Wireless Dot Org MonkeyJack - Man in the Middle Attack Attack takes place in layers 1 and 2 Attack machine sits between access point and victim. Deauthenticate victim from real Access Point  Send deauthenticate frames to the victim using the access point’s MAC address as the source Victim’s card scans channels searching for new AP  Victim’s 802.11 card associates with fake AP on the attack machine Fake AP is on a different channel than the real one  Attack machine’s fake AP is duplicating MAC address and ESSID of real AP  Attack machine associates with real AP  Attack machine duplicates MAC address of the victim’s machine.  Attack machine is now inserted and can pass frames through in a manner that is transparent to the upper level protocols
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Code presented by Robert Baird & Mike Lynn @ Blackhat 2002
8/9/2022 Copyright © 2002 DFW Wireless Dot Org IP Level Countermeasures Pros  SSL, SSH, IPSec/VPN etc encrypts data being sent to and from wireless nodes  Additional levels of authentication can be used to provide access controls to your wired network Cons  Big overhead for software based encryption  Attackers may still have access to attack wireless clients
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Rouge Client Access
8/9/2022 Copyright © 2002 DFW Wireless Dot Org "We've had audits of customer sites that have turned up 50, sometimes 100, rogue access points they didn't know about," -Dave Safford, manager of the global security analysis lab at IBM Research in Hawthorne, N.Y.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Rouge Client Scenarios
8/9/2022 Copyright © 2002 DFW Wireless Dot Org RF Signal Surveying  Test signal strength through walls of building and verify how far beyond physical boundaries of your building your wireless signal can be monitored.  All it takes is 30% signal strength to establish and maintain a connection.
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Mobilized Menace or Attacker?
8/9/2022 Copyright © 2002 DFW Wireless Dot Org
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Port Scanning, On the go….  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:771,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:1460,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:120,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:1389,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:430,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:749,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:430,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:749,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:601,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:726,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:655,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:3086,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:113,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:73,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:1375,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:914,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:6145,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:765,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:491,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:2012,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:967,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:564,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:216,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:770,TCP (flags:S)  2002/06/04,11:26:52 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:601,TCP (flags:S)  2002/06/04,11:26:52 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:726,TCP (flags:S)
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Discovery Tools Netstumbler AP Sniff AP Tools Airopeek Sniffer Pro WlanDump AirTraf Kismet Dstumbler PrismDump AirSnort MiniStumbler CEniffer VXSniffer
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Attack Tools  BSD Air-Tools dstumbler v1.0 dweputils v0.1 prism2ctl v0.1 prism2dump v0.01 bsd source-mods v0.2  wlan-jack  essid-jack  monkey-jack  kracker-jack  WEP Crack  AirSnort
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Security Measures  LEAP (Radius) Authentication  TKIP (Temporal Key Integrity Protocol)  EAP/TLS  SSH / SSL  AES (Advanced Encryption Standard)  VPN  PSPF (Publicly Secure Packet Forwarding)  Restrict Beacon and Probe responses  WEP Plus (Weak IV-Solution)  Broadcast Key Rotation  RF Radiation Monitoring  MAC address filtering  Appropriate antenna placement and signal strength
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Conclusions  Use 802.11b security safeguards but do not rely on them  Treat your wireless network as fully untrusted  Use strong mutual authentication  Use pass-through auth. devices whenever possible  Restrict access by MAC address  Enable WEP - Wired equivalent privacy  With Key rotation if hardware supports it  Use VPN technology  Disable broadcast of ESSID  Use crypto accordingly  Block null ESSID connection
8/9/2022 Copyright © 2002 DFW Wireless Dot Org Questions? Comments?  AirJack- Alpha http://802.11ninja.net  Agere Orinoco – WEP Plus http://www.orinocowireless.com/upload/documents/WEPplusWhitepaper.pdf  AirSnort http://airsnort.shmoo.com/  AirTraf http://airtraf.sourceforge.net  CEniffer http://www.epiphan.com/products_ceniffer.html  Cisco – PSPF http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350brdgs/brscg/br350ch1.htm  Dachb0den Labs – Air Tools http://www.dachb0den.com/projects/bsd-airtools.html  Internet Security Systems – (Wireless LAN Security FAQ) http://documents.iss.net/whitepapers/wireless_LAN_security.pdf  Marius Milner –MiniStumbler http://home.pacbell.net/mariusm/ and http://www.netstumbler.com  NetStumbler http://www.netstumbler.com

Recommended

Wireless hacking
Wireless hackingWireless hacking
Wireless hackingarushi bhatnagar
 
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSA COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSijwmn
 
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSA COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSijwmn
 
D2 d wifi
D2 d wifiD2 d wifi
D2 d wifibrkavyashree
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingMihir Shah
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networksWestermo Network Technologies
 
Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...
Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...
Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...Cohesive Networks
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesJohn Rhoton
 

Recommended

Wireless hacking
Wireless hackingWireless hacking
Wireless hackingarushi bhatnagar
 
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSA COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSijwmn
 
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSA COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOS
A COMPREHENSIVE SECURE PROTOCOL FOR ALL D2D SCENARIOSijwmn
 
D2 d wifi
D2 d wifiD2 d wifi
D2 d wifibrkavyashree
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingMihir Shah
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networksWestermo Network Technologies
 
Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...
Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...
Chris Swan's CloudExpo Europe presentation "Keeping control when moving appli...Cohesive Networks
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesJohn Rhoton
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...dhorvath
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxadolphoyonker
 
Security Evaluation of Z-Wave_WP
Security Evaluation of Z-Wave_WPSecurity Evaluation of Z-Wave_WP
Security Evaluation of Z-Wave_WPBehrang Fouladi
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
 
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONESSIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONESIJCNCJournal
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Building Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustBuilding Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustMahesh Patil
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationDr. Edwin Hernandez
 
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportROHIT SAGAR
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAAiman Hud
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

More Related Content

Similar to Ehternet Security "Unplugged" .pptx

The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...dhorvath
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxadolphoyonker
 
Security Evaluation of Z-Wave_WP
Security Evaluation of Z-Wave_WPSecurity Evaluation of Z-Wave_WP
Security Evaluation of Z-Wave_WPBehrang Fouladi
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
 
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONESSIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONESIJCNCJournal
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Building Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustBuilding Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustMahesh Patil
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationDr. Edwin Hernandez
 
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportROHIT SAGAR
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAAiman Hud
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 

Similar to Ehternet Security "Unplugged" .pptx (20)

The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
 
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
202209 QSO Today Virtual Ham Introduction to Software Defined Radio with emph...
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKL
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docx
 
Security Evaluation of Z-Wave_WP
Security Evaluation of Z-Wave_WPSecurity Evaluation of Z-Wave_WP
Security Evaluation of Z-Wave_WP
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless Security
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
 
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONESSIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
SIGNALING PROTOCOLS FOR LOCAL AREA NETWORKS OF DRONES
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Building Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero TrustBuilding Cloud Applications Based On Zero Trust
Building Cloud Applications Based On Zero Trust
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and Virtualization
 
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-report
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Ehternet Security "Unplugged" .pptx

  • 1. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Ethernet Security “Unplugged” Anthony Lauro | Founder DFW Wireless Dot Org Anthony.Lauro@dfwwireless.org IEEE / APS 10/15/02
  • 2. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Challenges with Wireless  Interference  Vendor Interoperability  Quality of Service  Security
  • 3. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org The Threats Theft of proprietary information Sabotage (DOS) Attack Gateway (launching point) Industrial Espionage Terrorist Activity Abuse of network resources (spam, p0rn, illegal software)
  • 4. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Security Measures And How They Fail…
  • 5. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Information Security Begins With You...
  • 6. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Fresnel Zone  The radius of the Fresnel Zone at its widest point can be calculated by the formula listed above, where d is the link distance in miles, f is the frequency in GHz, and r is the radius off of the center line of the link in feet. Typically, 20% Fresnel Zone blockage introduces little signal loss to the link. Beyond 40% blockage, signal loss will become significant.
  • 7. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Free Space Loss Free Space Loss = 20Log10(Frequency in MHz) + 20Log10 (Distance in Miles) + 36.6
  • 8. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org 802.11 Frame Types  Data Frames - Carry user data  Control Frames - Used for lower layer MAC functions  Acknowledging frames (ACK Packet)  Determining if it’s ok to transmit data (RTS, CTS)  Management Frames - Used for managing membership to the BSS  Finding available access points  Joining and leaving the BSS
  • 9. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Ministumbler Listens for Beacon probes and responses sent out from APs and records information contained in the Control Frame. Information can be exported from Ministumbler and imported into mapping programs to create detailed maps with an overlay of all AP information.
  • 10. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org How Does Dallas Stand Up?
  • 11. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Statistics  Of the 2,454 APs surveyed only 859 were running encryption  Over 65% of access points in the Dallas area are running without encryption.  Over 56% of those access points are running with the default configurations. IS YOURS?
  • 12. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org MAC Filtering Pros:  Allows control of what MAC addresses are allowed to associate with your network. Cons:  On most operating systems, MAC addresses can be easily spoofed.  An attacker can determine which MAC addresses are allowed by monitoring network traffic.  An attacker can still monitor communication on the network without associating to your access point.
  • 13. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Examples of Spoofed MAC Addresses ifconfig eth0 hw ether 01:02:03:04:05:06
  • 14. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Closed Network Mode Pros:  Requires connecting clients to supply correct SSID and channel to associate to the AP.  Beacon Packets are not sent out to listening clients (will prevent “accidental associations” and casual stumblers) Cons:  Through sniffing probe request and response frames the AP can still be detected.  Traffic can still be monitored and captured.
  • 15. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Examples of Closed Network mode being Sniffed to find ESSID and other info.
  • 16. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Attacks Against Wireless Proof of concept code: Air-jack  wlan-jack  essid-jack  monkey-jack  kracker-jack abaddon@802.11ninja.net
  • 17. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org WLAN-Jack- De-Authentication – DOS  Spoofs MAC address of Access Point  Send de-authenticate frames to all clients within radio range.  Sends continuously.  Can send to broadcast address or specific MAC  Users are unable to re-associate with Access Point
  • 18. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org MonkeyJack - Man in the Middle Attack Attack takes place in layers 1 and 2 Attack machine sits between access point and victim. Deauthenticate victim from real Access Point  Send deauthenticate frames to the victim using the access point’s MAC address as the source Victim’s card scans channels searching for new AP  Victim’s 802.11 card associates with fake AP on the attack machine Fake AP is on a different channel than the real one  Attack machine’s fake AP is duplicating MAC address and ESSID of real AP  Attack machine associates with real AP  Attack machine duplicates MAC address of the victim’s machine.  Attack machine is now inserted and can pass frames through in a manner that is transparent to the upper level protocols
  • 19. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Code presented by Robert Baird & Mike Lynn @ Blackhat 2002
  • 20. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org IP Level Countermeasures Pros  SSL, SSH, IPSec/VPN etc encrypts data being sent to and from wireless nodes  Additional levels of authentication can be used to provide access controls to your wired network Cons  Big overhead for software based encryption  Attackers may still have access to attack wireless clients
  • 21. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Rouge Client Access
  • 22. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org "We've had audits of customer sites that have turned up 50, sometimes 100, rogue access points they didn't know about," -Dave Safford, manager of the global security analysis lab at IBM Research in Hawthorne, N.Y.
  • 23. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Rouge Client Scenarios
  • 24. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org RF Signal Surveying  Test signal strength through walls of building and verify how far beyond physical boundaries of your building your wireless signal can be monitored.  All it takes is 30% signal strength to establish and maintain a connection.
  • 25. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Mobilized Menace or Attacker?
  • 26. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org
  • 27. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Port Scanning, On the go….  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:771,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:1460,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:120,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:1389,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:430,TCP (flags:S)  2002/06/04,11:26:40 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:749,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:430,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:749,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:601,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:726,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:655,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:3086,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:113,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:73,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:1375,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:914,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:6145,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:765,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:491,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:2012,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:967,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:564,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:216,TCP (flags:S)  2002/06/04,11:26:46 -5:00 GMT,X.41.35.XX:49059,4.41.34.111:770,TCP (flags:S)  2002/06/04,11:26:52 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:601,TCP (flags:S)  2002/06/04,11:26:52 -5:00 GMT,X.41.35.XX:49060,4.41.34.111:726,TCP (flags:S)
  • 28. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Discovery Tools Netstumbler AP Sniff AP Tools Airopeek Sniffer Pro WlanDump AirTraf Kismet Dstumbler PrismDump AirSnort MiniStumbler CEniffer VXSniffer
  • 29. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Attack Tools  BSD Air-Tools dstumbler v1.0 dweputils v0.1 prism2ctl v0.1 prism2dump v0.01 bsd source-mods v0.2  wlan-jack  essid-jack  monkey-jack  kracker-jack  WEP Crack  AirSnort
  • 30. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Security Measures  LEAP (Radius) Authentication  TKIP (Temporal Key Integrity Protocol)  EAP/TLS  SSH / SSL  AES (Advanced Encryption Standard)  VPN  PSPF (Publicly Secure Packet Forwarding)  Restrict Beacon and Probe responses  WEP Plus (Weak IV-Solution)  Broadcast Key Rotation  RF Radiation Monitoring  MAC address filtering  Appropriate antenna placement and signal strength
  • 31. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Conclusions  Use 802.11b security safeguards but do not rely on them  Treat your wireless network as fully untrusted  Use strong mutual authentication  Use pass-through auth. devices whenever possible  Restrict access by MAC address  Enable WEP - Wired equivalent privacy  With Key rotation if hardware supports it  Use VPN technology  Disable broadcast of ESSID  Use crypto accordingly  Block null ESSID connection
  • 32. 8/9/2022 Copyright © 2002 DFW Wireless Dot Org Questions? Comments?  AirJack- Alpha http://802.11ninja.net  Agere Orinoco – WEP Plus http://www.orinocowireless.com/upload/documents/WEPplusWhitepaper.pdf  AirSnort http://airsnort.shmoo.com/  AirTraf http://airtraf.sourceforge.net  CEniffer http://www.epiphan.com/products_ceniffer.html  Cisco – PSPF http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350brdgs/brscg/br350ch1.htm  Dachb0den Labs – Air Tools http://www.dachb0den.com/projects/bsd-airtools.html  Internet Security Systems – (Wireless LAN Security FAQ) http://documents.iss.net/whitepapers/wireless_LAN_security.pdf  Marius Milner –MiniStumbler http://home.pacbell.net/mariusm/ and http://www.netstumbler.com  NetStumbler http://www.netstumbler.com