- Slides: 8
Wireless LANs and footprinting ü Wireless LANs l ü see basic concepts Linux versus Windows footprinting l l l you need a card that works with the tools need to make the card work in promiscuous mode (sniffing) many cards and few chipsets
Building a war-drive kit ü Footprinting : locating APs l l ü Equipment l l l ü passive: listening to AP broadcasts active: transmitting client beacons in search of AP responses cards (802. 11. b, 11. g) -- choose the software first Antennas (e. g. Hyper. Link Tech) GPS Software (Windows and Mac) – Net. Spot Download and You. Tube review. – in. SSID er Download and You. Tube overview
More in footprinting software ü Linux l l l Kismet : both war-drive and sniffer. Uses passive mode (counter-measures difficult). See a You. Tube of Kismet in Kali Linux. Gis. Kismet: GISKismet is a visualization tool to represent Kismet data. It currently uses SQLite for the database and Google. Earth / KML files for graphing. It is a tool in Kali Linux. Wash: A Kali tool that checks if an Access Point is using WPS, the weak and vulnerable security protocol.
Wireless Scanning and Enumeration ü Packet-Capture and Analysis l l Review of sniffing: FAQ, tools, concept. Key tool l ü Wireshark available for Linux, Windows and Macs. channel scanning, decryption of WEP (needs key) provides a Peer Map view of hosts found What you are looking for l l l SSID -- APs respond to a client ANY SSID with their SSID, and you are in if no username and password required. MAC access control – Wireshark and Omni. Peek maps MAC addresses WEP - war-drive tools indicate if used (e. g. Net. Spot).
Gaining access in 802. 11 SSID l easy to setup from the ward-drive information l just create a profile ü MAC Access Control l use the sniff information to identify valid MAC addresses. l spoof the MAC address of your wireless card (Read this article for counter -measures). ü WEP (Wired Equivalent Privacy) l protects data from eavesdropping, not authentication l uses key between AP and card transmissions l brute-force, key and packet cracking off-line (e. g. Aircrack-ng) ü EAP (Extensible Authentication Protocol) Methods l A client finds an AP and is prompted for a username and password l Keys are create dynamically after login ü ü SXSW: 'Hot-spot honeypot' hacker's heaven
Kali Linux – Wireless Attacks 4 How to install Kali Linux in a Laptop VM – Download and install VMware Player – Download Kali Linux VM for the Player – Start the Player and open the downloaded VM in the player as shown here. 4 There are many attack tools as shown in this other image. – Use Kismet, only, if you do not have authorization to test the WLAN. – Only use the other tools if you have authorization to test the WLAN because they are invasive, cracking password, etc. , tools. See a list of the “top 10” Kali wireless attack tools.
Counter measures ü Some basic ideas: l l ü State-of-the-art solutions l l 4 recommendations to secure a WLAN. suggestions to minimize WLAN threats. overview of weakness and solutions for WLANs (old, but good). some commercial solutions: Air. Defense, Mojo, Smart. Pass. WPA and WPA 2: review and Windows Using a Radius server for authentication l The IAS Radius service in Windows. l Free. Radius home page and tutorial Some WLAN security guides. • George Ou guide • NIST SP 800 -53