Wireless Sniffer NETWORKING LAB Outline Network environment WiredWireless
Wireless Sniffer 실습 NETWORKING LAB.
Outline • Network environment – Wired/Wireless • Packet Capturing – Data Link Layer의 동작 • Wireless LAN Security – Hacking Episode – Weakness – War Driving • FON Community • Traffic Analyzer 사용법 • 실습
Wired LAN Environment Internet Gateway Router Dummy HUB PC A PC D PC B PC C
Wireless LAN Environment Internet Laptop A AP Laptop B의 전파 범위 Laptop C Laptop D
Data Link Layer Procedure • Wired LAN – Promiscuous mode – Non-promiscuous mode Upper Layer MAC address 일치 Data Link Layer • Wireless LAN – Normal mode – Monitoring mode Physical Layer MAC address 불일치 Data Link Layer에서의 동작
Wireless LAN Security - Hacking Episode(1/3) • The Parking Lot Attacker A Firewall Attacker B Intra Network
Wireless LAN Security - Hacking Episode(2/3) • Up in the air Packet 수집 Attacker WEP Key 추출
Wireless LAN Security - Hacking Episode(3/3) • Accidental Tourist Attacker Public Network Company Network
Wireless LAN Weakness • 취약점 – 물리적인 보안이 이루어지지 않는다 – WEP(Wired Equivalent Privacy)의 취약성 • 100 MB에서 1 GB 분량의 packet 수집시 key 추출 가능 • 다수의 hacking utility – Airsnort : http: //airsnort. shmoo. com – WEPCrack : http: //sourceforge. net/projects/wepcrack • 대안 – IEEE 802. 1 x – IPSEC
War Driving(2/3) • 방법 – Active Probing • Probe Request • Probe Response – ESSID – Etc – Passive Probing • RFMON(Radio Frequency Monitoring) Passive Probing
War Driving(3/3) • Cantenna – 내장된 antenna는 넓은 범위의 미세한 신호를 수신하기에 부적합 – 외장 antenna 필요 • 참조 – http: //www. oreillynet. com/cs/weblog/ view/wlg/448 – http: //www. radioactive. net. au/web/80211/pringles. htm l – http: //www. radioactive. net. au/web/80211/betterpringl es. html – http: //www. turnpoint. net/wireless/has. html – http: //me. jeremiahwhite. com/pringles. html
Tools Introduction(1/2) • Win. PCAP(Windows Packet CAPture library) – Win 32 platform용 packet capture tool – Network analyze library – 오픈 소스 – lib. PCAP(UNIX library)의 windows 버전 – http: //www. winpcap. org
Tools Introduction(2/2) • Ethereal – – – 가장 대표적인 Network Analyzer IEEE 802. 11 abg 지원 오픈 소스 강력한 필터 기능이 특징 Win. PCAP library와 driver 이용 http: //www. ethereal. com • Airo. Peek(Omni. Peek) – – – Wireless traffic analyzer로 유명하다 IEEE 802. 11 abgn, Vo. IP 지원 GUI와 graphic indicator로 사용법이 쉽다 Win. PCAP library와 driver 이용 http: //www. wildpackets. com
Wireless Packet Capture Non-promiscuous mode로 capture해야함 Interface 관련 설정 Capture시 적용 filter Capture를 저장할 파일 Capture 종료 컨디션 <Capture Options 설정화면>
- Slides: 17