Page 233 - StudyBook.pdf
P. 233
Communication Security: Wireless • Chapter 4 217
available. Some brands of wireless equipment, such as those made by Lucent, have
been known to broadcast the SSID in cleartext even when WEP and closed net-
work options are enabled. Using tools such as Wireshark (www.wireshark.org) and
TCPDump (www.tcpdump.org) allows attackers to sniff traffic and analyze it for
any cleartext hints they may find.
As a last option, attackers might go directly after the equipment or install their
own.The number of laptops or accessories stolen from travelers is rising each year.
Criminals simply looking to sell the equipment perpetrated these thefts at one
time, but as criminals become more savvy, they also go after the information con-
tained within the machines.Access to the equipment allows for the determination
of valid MAC addresses that can access the network, the network SSID, and the
secret keys to be used.
An attacker does not need to become a burglar in order to acquire this infor-
mation.A skilled attacker can utilize new and specially designed malware and net-
work tricks to determine the information needed to access the wireless network.A
well-scripted Visual Basic script, which could arrive in e-mail (targeted spam) or
through an infected Web site, can extract the information from the user’s machine
and upload it to the attacker’s.
With the size of computers so small today, it would not take much for an
attacker to create a small AP of their own that could be attached to a building or
office, and which looks just like another telephone box. Such a device, if placed
properly, will attract much less attention than someone camping in a car in the
parking lot will.
Sniffing
Originally conceived as a legitimate network and traffic analysis tool, sniffing remains
one of the most effective techniques in attacking a wireless network, whether it is to
map the network as part of a target reconnaissance, to grab passwords, or to capture
unencrypted data.
Sniffing is the electronic form of eavesdropping on the communications that
computers transmit across networks. In early networks, the equipment that con-
nected machines allowed every machine on the network to see the traffic of all
others.These devices, repeaters and hubs, were very successful in connecting
machines, but allowed an attacker easy access to all traffic on the network because
the attacker only needed to connect to one point to see the entire network’s traffic.
Wireless networks function similarly to the original repeaters and hubs. Every
communication across a wireless network is viewable to anyone who happens to be
www.syngress.com
