198    Chapter 4 • Communication Security: Wireless

             ceed further with other attacks. Furthermore, if a network is using WEP, given
             enough time the attacker can capture a sufficient amount of traffic to crack the
             encryption.
                 NetStumbler works on networks that are configured as open systems.This means
             that the wireless network indicates that it exists and will respond with the value of
             its SSID to other wireless devices when they send out a radio beacon with an
             “empty set” SSID. However, this does not mean that a wireless network can be
             easily compromised if other security measures have been implemented.
                 To defend against the use of NetStumbler and other programs that detect a
             wireless network easily, administrators should configure the wireless network as a
             closed system.This means that the AP will not respond to “empty set” SSID beacons
             and will consequently be “invisible” to programs such as NetStumbler, which rely
             on this technique to discover wireless networks. However, it is still possible to cap-
             ture the “raw” 802.11b frames and decode them using programs such as Wireshark
             (formerly Ethereal) and Wild Packet’s AiroPeek to determine the information. RF
             spectrum analyzers can also be used to discover the presence of wireless networks.
             Notwithstanding this weakness of closed systems, administrators should choose wire-
             less APs that support this feature.

             Active Attacks on Wireless Networks

             Once an attacker has gained sufficient information from a passive attack, they can
             launch an active attack against the network.There are a potentially large number of
             active attacks that can be launched against a wireless network. For the most part,
             these attacks are identical to the kinds of active attacks encountered on wired net-
             works.These include, but are not limited to, unauthorized access, spoofing, Denial
             of Service (DoS), and flooding attacks, as well as the introduction of malware (mali-
             cious software) and the theft of devices.With the rise in popularity of wireless net-
             works, new variations of traditional attacks specific to wireless networks have
             emerged along with specific terms to describe them, such as “drive-by spamming”
             in which a spammer sends out hundreds of thousands of spam messages using a
             compromised wireless network.
                 Because of the nature of wireless networks and the weaknesses of WEP, unau-
             thorized access and spoofing are the most common threats to wireless networks.
             Spoofing occurs when an attacker is able to use an unauthorized station to imper-
             sonate an authorized station on a wireless network.A common way to protect a
             wireless network against unauthorized access is to use MAC filtering to allow only
             clients that possess valid MAC addresses access to the wireless network.The list of




          www.syngress.com