- Feb 3, 2009
Wireless networks can be open to active and also passive attacks. These types of attacks include DoS, MITM, spoofing, jamming, war driving, network hijacking, packet sniffing, and many more. Passive attacks that take place on wireless networks are common and are difficult to detect since the attacker usually just collects information. This is the type of attack that google was criticized for doing during its google maps data tours. Active attacks happen when a hacker has gathered information about the network after a successful passive attack.
Hackers can download freely available war-driving software. Including a program called NetStumbler. These programs help launch passive attacks on a wireless networks. Hackers will use this software to detect an insecure wireless network which has poor security.
The hacker will place a rogue access point in the range of the existing wireless network. The wireless network users are then not aware that they are connecting to rogue access points, and give over their personal data. Some hackers have even been known to use access points close to a building from their car.
WEP standard is vulnerable to these attacks since it uses the RC4 encryption algorithm. In WEP authentication, the initial verification text is sent in plain text. The RC4 encryption algorithm uses a stream cipher and is known for its vulnerability. It uses a 24-bit IV for both 40- and 128-bit encryption, which is easy to predict. WEP encryption keys can easily be cracked using tools including WEPCrack and AirSnort.
Packet sniffing and eavesdropping
These two common techniques are used to launch attacks on wireless networks. Sniffing is the act of monitoring the network traffic using legitimate network analysis tools. Hackers can use monitoring tools, including AiroPeek, Ethereal, or TCPDump, to monitor the wireless networks. These tools allow hackers to find an unprotected network that they can hack. Your wireless network can be protected against this type of attack by using strong encryption and authentication methods.
Jamming is the flooding of radio frequencies with an undesired signal. It results in the unavailability of the required signal to the wireless devices. Since there is so much noise in the air, the valid user cannot pick up the correct signal.
Network hijacking is when a users active session on the wireless network is taken control of by a hacker. The hacker can insert himself between the network server and the wireless client and from then on any communication that takes place between the hijacker and the client or the server is intercepted.
Denial of Service (DoS)
A DoS attack happens when the legitimate client is stopped from accessing the network resources due to unavailability of the services. This type of attack is normally the work of a collection of bots, or a number of users repeatedly using programs to bombard the website.
Hackers can also flood a wireless network using attack methods including ICMP flooding (Ping flooding) and SYN flooding. These just overload the wireless network with data, and then the user can't find a space to squeeze in..
Protecting wireless networks from attacks
Network administrators can take steps to help protect their wireless networks from outside threats and attacks. Some protective measures include some basic common sense, like keeping the drivers of all the software and hardware up to date. Most hackers will be posting details of any loops or exploits online, and once a security hole is found, they will come in bunches to test your network with it. Always change your
SSID from the default, before you actually connect the wireless router of the access point. WEP should always be used for wireless networks. Wireless adapters and AP devices should always support 128-bit WEP, MAC filtering, and the disabling of SSID broadcasts. If an SSID broadcast is not disabled on an access point, the use of a DHCP server to automatically assign IP addresses to wireless clients should not be used, Since
wardriving software can easily detect your internal IP addressing if the SSID broadcasts are enabled and the DHCP is being used.
If you use Static WEP keys, they should be frequently rotated to so that they are not compromised. The wireless network should be located in a separate network segment. If possible also create a separate perimeter network, sometimes called a Wireless Demilitarized Zone, which is separate from the main network.
Make sure you take site surveys at every corner and the perimeter of your building . This will help detect any other APs near your wireless network. Place any access points in the center of the building; avoid placing them near windows and doors.