vijay cybercrime

7/30/2019 Vijay Cybercrime

1/4

Attacking Wi-Fi Nets With Traffic Injection

Name- Vijay Kumar

Section- OE163

Roll No.- A53Reg. No-10906654

School of Electronics And Communication EngineeringLovely Professional University

Email: [email protected]

Abstract-In networks, nodes need to cooperativelyforward packets for each other. Without necessary

countermeasures, such networks are extremelyvulnerable to injecting traffic attacks, especially those

launched by insider attackers. Injecting an overwhelming

amount of traffic into the network can easily cause

network congestion and decrease the network lifetime. In

this paper, we focus on those injecting traffic attacks

launched by insider attackers. After investigating the

possible types of injecting traffic attacks, we have

proposed two sets of defence mechanisms to combat such

attacks. The first set of defence mechanisms is fully

distributed, while the second is centralized with

decentralized implementation. The detection performance

of the proposed mechanisms has also been formally

analyzed. Both theoretical analysis and experimental

studies have demonstrated that under the proposed

defence mechanisms, there is almost no gain to launch

injecting traffic attacks from the attacker's point of view.

I. INTRODUCTION

Wi-Fi, or Wireless Fidelity, is a term that is used

generically to refer to any product or service using any type

of 802.11 technology. Wi-Fi networks operate in theunlicensed 2.4 and 5 GHz radio bands, with an 11 Mbps

(802.11b) or 54 Mbps (802.11a) data rate, respectively.Wi-

Fi enabled devices (laptops or PDAs) can send and receivedata wirelessly from any location equipped with Wi-Fiaccess. How? Access points, installed within a Wi-Fi

location, transmit an RF signal to Wi-Fi enabled devicesthat are within range of the access point, which is about

300 feet. The speed of the transmission is governed by thespeed of the pipeline fed into the access point. T-Mobile

Hotspot service is unique in that every T-Mobile Hotspotservice location is equipped with a full T-1 connection

running to the access points.

II. TRAFFIC INJECTION

Traffic injection also know as Wi-Fi Injection used to hack

wi-fi system to access information on pc or attack the PCwith virus, or can access the internet from your wifi system

III.TRAFFIC INJECTION HAS CHANGED

THINGS1) Increase Dos capabilities2) Dramatically decreased WEP cracking achievement time

3) Allows station traffic attacking4) Allows station attacking

IV. WI-FI INJECTION BASICS

1) Load driver and activate adapter

2) Put adapter into monitor mode (real 802.11 mode)

3) Set appropriate channel

4) Open RAW socket on interface

5) Use your socket


2/4

V. ATTACKING WI-FI NETWORKS

1) Managing management traffic

2) Rogue APs

3) WEP cracking

4) Bypassing captive portals

5) Attacking stations

VI. MANAGING MANAGEMENT TRAFFICSuppose to control DSS state,

1) Management traffic is a regulation traffic that iscompletely unprotected.

2) Management traffic is extremely prone to spoofing.

A) Tampering management traffic: - Alter DSS current

state by tampering management traffic

1) Reject association requests

2) Inject disassociation frame

3) Inject fake associations

4) Wake up devices in sleep mode

5) Etc.

Rogue APs: - A rogue access point is a wireless accesspoint that has either been installed on a secure company

network without explicit authorization from a localnetworkadministrator, or has been created to allow a

hacker to conduct a man-in-the-middle attack. For APmode, we need to inject

1) Beacon frames

1) Associations requests answers

2) Management traffic

3) Data frames acking

VII. WEP CRACKING

Wired Equivalent Privacy is a security algorithm for IEEE

802.11 wireless networks its intention was to provide

data confidentiality comparable to that of a traditional

wired network.

WEP is RC4 based, which is XOR based

1) Clear text attacks (e.g. authentication challenge)

2) PRGA/IV couple table construction

3) Fluhrer, Mantin and Shamir attack based on firstbytes of key being weak (weak IVs)

4) Korek optimization of FMS attack based onsolved cases

VIII. WEP CRACKING TOOL

The current tools are Perl based, and are composed of thefollowing scripts:

1) WeakIVGen.pl:- This script allows a simple

emulation of IV/encrypted output that one might

observe with a WEP enable 802.11 Access Point.

The script generates IV combinations that can

weaken the secret key used to encrypt the WEP

traffic

2) Prism-getIV.pl:- This script relies on output from

Prism dump [or from Ethereal captures if libpcap

has been patched for 802.11 monitor mode], and

looks for IVs that match the pattern known toweakened secret keys. This script also captures the

1st byte of the encrypted output and places it and

the weak IVs in a log file.

3) WEP Crack.pl:- This script uses data collected or

generated by WeakIVGen to attempt to determine thesecret key. It will work with either 40bit or 128bit

WEP. Bypassing captive portals: - A captive portal is aWeb page that the user of a public-access network is

obliged to view and interact with before access is

granted.

IX. COMMERCIAL PUBLIC INTERNET

ACCESS.

1) Captive portal based system

2) Authentication to billing system through Web portal

3) Authorization for Internet access5) Authorization tracking
http://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Local_area_network


3/4

MAC based authorization tracking: - Authorized clients are

identified by their MAC address

1) MAC address is easy to spoof2) No MAC layer conflict on Wi-Fi network

3) Just need a different IP

Recipe: spoof an authorized MAC address, get an IP andsurf

X. IP BASED AUTHORIZATION TRACKING-

Authorized clients are identified by their IP address

1) IP address are just a little more tricky to spoof2) ARP cache poisoning helps redirecting traffic

3) Traffic redirection allows IP spoofing

Recipe: ARP poison gateway for authorized IP, spoof and

surf

XI. MAC +IP BASED AUTHORIZATION

TRACKING: -

The smart way of tracking people

1) Previous technique wont help because of MAC address

checking2) Hint: IP layer does not care about MAC layer

3) ARP cache poisoning and IP spoofing4) Send traffic with spoofed MAC address

Recipe: Same as before, plus MAC spoofing, then surf

XI. CONFIGURATION BASED TRICKS: -

Some gateways are misconfigured

1) HTTP proxy left open on gateway

2) ESTABLISHED, RELATED -j ACCEPT preventsconnections drop when authorization expires on Linux

based systems

3) Administration network on the same VLAN,accessiblethrough Wi-Fi etc.

XII. ATTACKING STATIONS: -

Associated stations are almost naked

1) LAN attacks (ARP, DHCP, DNS, etc.)

2) Traffic interception tampering3) Direct station attack

Manufacturers provides so calledsolutions, mainly

station to station communication prevention systems (e.g.C***o PSPF)

XII. COMMUNICATION INJECTION

Send traffic directly to station without AP authorization

1) Allows PSPF bypass2) Allows communicating while AP out of reach3) Allows communication while AP refuses association

XIV. HOW WI-FI TAP WORKSSending traffic receiving traffic1) Read Ethernet from tuntap 1) Sniff 802.11 frame

2) Add 802.11 header 2) Remove wep layer ifneeded

3) Add BSSID, from DS 3) Remove 802.11 header4) Inject frame over WI-FI 4) Send Ethernet from tuntap

XV. WEPWEP has been extensively studied by many people fromacross the world, attacks have been implemented, some of

which have been available to the public and open- sourced.All that can be done is make the tools even easier to use

than they are now. Optimizations of the attacks are notreally necessary as a network can be compromised in just a

few minutes.

CONCLUSIONWi-Fi environnement are highly insecure and tough to

secure .so, we just cant cope with amateur style protection.

We should not use WEP anymore and avoid using opennetwork for public access. Old Wi-Fi products, still

occupying a large share of the network installations, are notby any means secure. Even equipment that can be

configured to be secure, are left unsecured, many times dueto the increased complexity of access point setups. The

attention vulnerable Wi-Fi networks receive from hackersis tremendous, vulnerabilities are not only discovered, but

they are refined by others and implemented and combinedby a whole on-line community. A compromised network is

a great utility for several parties. Neighbours get freebroadband access to the Internet, malicious hackers retain

strong anonymity, and mobile users get free Internet almost

anywhere. Malicious hackers can monitor the users of anetwork, giving the hackers many opportunities to causehavoc. The risk of getting a visit from someone with bad

intentions is currently fairly low, but as it is rather easy toobtain enough knowledge and equipment to compromise a

Wi-Fi network, the risks will only rise. The fact that more

and more networks become secure, means that theremaining insecure network, will be hunted down.

ACKNOWKEDGEMENT


4/4

I am really thankful to my teacher who gave me this topic

to learn about cyber crime and computer forensic.This topic gives me a lot of knowledge about

Attacking Wi-Fi nets with traffic injection. What are

the functions of it and what are the advantages anddisadvantages of this network I have learnt. At last

since this topic is very helpful in computer and cyber

crime field so due to assign of this topic to me I have

gained much knowledge from this topic.

REFERENCES[1] http://www.rstack.org/

[2] http://www.miscmag.com/

[3]http://www.frenchhoneynet.org/

4] http://asleap.sf.net/
http://www.rstack.org/http://www.miscmag.com/http://www.frenchhoneynet.org/http://www.rstack.org/http://www.miscmag.com/http://www.frenchhoneynet.org/

vijay cybercrime

Documents