Page 242 - StudyBook.pdf
P. 242

226    Chapter 4 • Communication Security: Wireless

             equipment along with bad “features” within TCP/IP to cause a large number of
             hosts or devices to send an ICMP echo (ping) to a specified target.When the
             attack occurs, it uses a large portion of the resources of both the network connec-
             tion and the host being attacked.This makes it very difficult for valid end users to
             access the host for normal business purposes.
                 In a wireless network, several items can cause a similar disruption of service.
             Probably the easiest way to do this is through a conflict within the wireless spec-
             trum, caused by different devices attempting to use the same frequency. Many new
             wireless telephones use the same frequency as 802.11 networks.Through either
             intentional or unintentional uses of another device that uses the 2.4 GHz frequency,
             a simple telephone call can prevent all wireless users from accessing the network.
                 Another possible attack is through a massive number of invalid (or valid)
             authentication requests. If the AP is tied up with thousands of spoofed authentica-
             tion attempts, authorized users attempting to authenticate would have major diffi-
             culties in acquiring a valid session.
                 As demonstrated earlier, an attacker has many tools available to hijack network
             connections. If a hacker is able to spoof the machines of a wireless network into
             thinking that the attacker’s machine is their default gateway, not only will the
             attacker be able to intercept all traffic destined for the wired network, but they will
             also be able to prevent any of the wireless network machines from accessing the
             wired network.To do this, a hacker needs only to spoof the AP and not forward
             connections on to the end destination, preventing all wireless users from doing
             valid wireless activities.
                 Not much effort is needed to create a wireless DoS attack. In fact, many users
             create these situations with the equipment found in their homes and offices. In a
             small apartment building, you could find several APs as well as many wireless tele-
             phones, all of which transmit on the same frequency.These users could easily
             inadvertently create DoS attacks on their own networks as well as on those of
             their neighbors.
                 A hacker who wants to launch a DoS attack against a network with a flood of
             authentication strings also needs to be a well-skilled programmer.There are not
             many tools available for creating this type of attack, but (as discussed earlier
             regarding attempts to crack WEP) much of the programming required does not
             take much effort or time. In fact, a skilled hacker should be able to create such a
             tool within a few hours.Then this simple application, when used with standard
             wireless equipment, could render a wireless network unusable for the duration of
             the attack.




          www.syngress.com
   237   238   239   240   241   242   243   244   245   246   247