vijay cybercrime
TRANSCRIPT
-
7/30/2019 Vijay Cybercrime
1/4
Attacking Wi-Fi Nets With Traffic Injection
Name- Vijay Kumar
Section- OE163
Roll No.- A53Reg. No-10906654
School of Electronics And Communication EngineeringLovely Professional University
Email: [email protected]
Abstract-In networks, nodes need to cooperativelyforward packets for each other. Without necessary
countermeasures, such networks are extremelyvulnerable to injecting traffic attacks, especially those
launched by insider attackers. Injecting an overwhelming
amount of traffic into the network can easily cause
network congestion and decrease the network lifetime. In
this paper, we focus on those injecting traffic attacks
launched by insider attackers. After investigating the
possible types of injecting traffic attacks, we have
proposed two sets of defence mechanisms to combat such
attacks. The first set of defence mechanisms is fully
distributed, while the second is centralized with
decentralized implementation. The detection performance
of the proposed mechanisms has also been formally
analyzed. Both theoretical analysis and experimental
studies have demonstrated that under the proposed
defence mechanisms, there is almost no gain to launch
injecting traffic attacks from the attacker's point of view.
I. INTRODUCTION
Wi-Fi, or Wireless Fidelity, is a term that is used
generically to refer to any product or service using any type
of 802.11 technology. Wi-Fi networks operate in theunlicensed 2.4 and 5 GHz radio bands, with an 11 Mbps
(802.11b) or 54 Mbps (802.11a) data rate, respectively.Wi-
Fi enabled devices (laptops or PDAs) can send and receivedata wirelessly from any location equipped with Wi-Fiaccess. How? Access points, installed within a Wi-Fi
location, transmit an RF signal to Wi-Fi enabled devicesthat are within range of the access point, which is about
300 feet. The speed of the transmission is governed by thespeed of the pipeline fed into the access point. T-Mobile
Hotspot service is unique in that every T-Mobile Hotspotservice location is equipped with a full T-1 connection
running to the access points.
II. TRAFFIC INJECTION
Traffic injection also know as Wi-Fi Injection used to hack
wi-fi system to access information on pc or attack the PCwith virus, or can access the internet from your wifi system
III.TRAFFIC INJECTION HAS CHANGED
THINGS1) Increase Dos capabilities2) Dramatically decreased WEP cracking achievement time
3) Allows station traffic attacking4) Allows station attacking
IV. WI-FI INJECTION BASICS
1) Load driver and activate adapter
2) Put adapter into monitor mode (real 802.11 mode)
3) Set appropriate channel
4) Open RAW socket on interface
5) Use your socket
-
7/30/2019 Vijay Cybercrime
2/4
V. ATTACKING WI-FI NETWORKS
1) Managing management traffic
2) Rogue APs
3) WEP cracking
4) Bypassing captive portals
5) Attacking stations
VI. MANAGING MANAGEMENT TRAFFICSuppose to control DSS state,
1) Management traffic is a regulation traffic that iscompletely unprotected.
2) Management traffic is extremely prone to spoofing.
A) Tampering management traffic: - Alter DSS current
state by tampering management traffic
1) Reject association requests
2) Inject disassociation frame
3) Inject fake associations
4) Wake up devices in sleep mode
5) Etc.
Rogue APs: - A rogue access point is a wireless accesspoint that has either been installed on a secure company
network without explicit authorization from a localnetworkadministrator, or has been created to allow a
hacker to conduct a man-in-the-middle attack. For APmode, we need to inject
1) Beacon frames
1) Associations requests answers
2) Management traffic
3) Data frames acking
VII. WEP CRACKING
Wired Equivalent Privacy is a security algorithm for IEEE
802.11 wireless networks its intention was to provide
data confidentiality comparable to that of a traditional
wired network.
WEP is RC4 based, which is XOR based
1) Clear text attacks (e.g. authentication challenge)
2) PRGA/IV couple table construction
3) Fluhrer, Mantin and Shamir attack based on firstbytes of key being weak (weak IVs)
4) Korek optimization of FMS attack based onsolved cases
VIII. WEP CRACKING TOOL
The current tools are Perl based, and are composed of thefollowing scripts:
1) WeakIVGen.pl:- This script allows a simple
emulation of IV/encrypted output that one might
observe with a WEP enable 802.11 Access Point.
The script generates IV combinations that can
weaken the secret key used to encrypt the WEP
traffic
2) Prism-getIV.pl:- This script relies on output from
Prism dump [or from Ethereal captures if libpcap
has been patched for 802.11 monitor mode], and
looks for IVs that match the pattern known toweakened secret keys. This script also captures the
1st byte of the encrypted output and places it and
the weak IVs in a log file.
3) WEP Crack.pl:- This script uses data collected or
generated by WeakIVGen to attempt to determine thesecret key. It will work with either 40bit or 128bit
WEP. Bypassing captive portals: - A captive portal is aWeb page that the user of a public-access network is
obliged to view and interact with before access is
granted.
IX. COMMERCIAL PUBLIC INTERNET
ACCESS.
1) Captive portal based system
2) Authentication to billing system through Web portal
3) Authorization for Internet access5) Authorization tracking
http://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Local_networkhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Local_area_network -
7/30/2019 Vijay Cybercrime
3/4
MAC based authorization tracking: - Authorized clients are
identified by their MAC address
1) MAC address is easy to spoof2) No MAC layer conflict on Wi-Fi network
3) Just need a different IP
Recipe: spoof an authorized MAC address, get an IP andsurf
X. IP BASED AUTHORIZATION TRACKING-
Authorized clients are identified by their IP address
1) IP address are just a little more tricky to spoof2) ARP cache poisoning helps redirecting traffic
3) Traffic redirection allows IP spoofing
Recipe: ARP poison gateway for authorized IP, spoof and
surf
XI. MAC +IP BASED AUTHORIZATION
TRACKING: -
The smart way of tracking people
1) Previous technique wont help because of MAC address
checking2) Hint: IP layer does not care about MAC layer
3) ARP cache poisoning and IP spoofing4) Send traffic with spoofed MAC address
Recipe: Same as before, plus MAC spoofing, then surf
XI. CONFIGURATION BASED TRICKS: -
Some gateways are misconfigured
1) HTTP proxy left open on gateway
2) ESTABLISHED, RELATED -j ACCEPT preventsconnections drop when authorization expires on Linux
based systems
3) Administration network on the same VLAN,accessiblethrough Wi-Fi etc.
XII. ATTACKING STATIONS: -
Associated stations are almost naked
1) LAN attacks (ARP, DHCP, DNS, etc.)
2) Traffic interception tampering3) Direct station attack
Manufacturers provides so calledsolutions, mainly
station to station communication prevention systems (e.g.C***o PSPF)
XII. COMMUNICATION INJECTION
Send traffic directly to station without AP authorization
1) Allows PSPF bypass2) Allows communicating while AP out of reach3) Allows communication while AP refuses association
XIV. HOW WI-FI TAP WORKSSending traffic receiving traffic1) Read Ethernet from tuntap 1) Sniff 802.11 frame
2) Add 802.11 header 2) Remove wep layer ifneeded
3) Add BSSID, from DS 3) Remove 802.11 header4) Inject frame over WI-FI 4) Send Ethernet from tuntap
XV. WEPWEP has been extensively studied by many people fromacross the world, attacks have been implemented, some of
which have been available to the public and open- sourced.All that can be done is make the tools even easier to use
than they are now. Optimizations of the attacks are notreally necessary as a network can be compromised in just a
few minutes.
CONCLUSIONWi-Fi environnement are highly insecure and tough to
secure .so, we just cant cope with amateur style protection.
We should not use WEP anymore and avoid using opennetwork for public access. Old Wi-Fi products, still
occupying a large share of the network installations, are notby any means secure. Even equipment that can be
configured to be secure, are left unsecured, many times dueto the increased complexity of access point setups. The
attention vulnerable Wi-Fi networks receive from hackersis tremendous, vulnerabilities are not only discovered, but
they are refined by others and implemented and combinedby a whole on-line community. A compromised network is
a great utility for several parties. Neighbours get freebroadband access to the Internet, malicious hackers retain
strong anonymity, and mobile users get free Internet almost
anywhere. Malicious hackers can monitor the users of anetwork, giving the hackers many opportunities to causehavoc. The risk of getting a visit from someone with bad
intentions is currently fairly low, but as it is rather easy toobtain enough knowledge and equipment to compromise a
Wi-Fi network, the risks will only rise. The fact that more
and more networks become secure, means that theremaining insecure network, will be hunted down.
ACKNOWKEDGEMENT
-
7/30/2019 Vijay Cybercrime
4/4
I am really thankful to my teacher who gave me this topic
to learn about cyber crime and computer forensic.This topic gives me a lot of knowledge about
Attacking Wi-Fi nets with traffic injection. What are
the functions of it and what are the advantages anddisadvantages of this network I have learnt. At last
since this topic is very helpful in computer and cyber
crime field so due to assign of this topic to me I have
gained much knowledge from this topic.
REFERENCES[1] http://www.rstack.org/
[2] http://www.miscmag.com/
[3]http://www.frenchhoneynet.org/
4] http://asleap.sf.net/
http://www.rstack.org/http://www.miscmag.com/http://www.frenchhoneynet.org/http://www.rstack.org/http://www.miscmag.com/http://www.frenchhoneynet.org/