170 likes | 302 Views
Exploring the Effectiveness of Wireless Based Attacks. BY: DILLON KORMAN. Introduction. A Wireless Local Area Network (WLAN) is local area network that wirelessly connects two or more devices, typically through a wireless access point (WAP).
E N D
Exploring the Effectiveness of Wireless Based Attacks BY: DILLON KORMAN
Introduction • A Wireless Local Area Network (WLAN) is local area network that wirelessly connects two or more devices, typically through a wireless access point (WAP). • The IEEE 802.11 standard is used in nearly all WLANs and is commonly known as Wi-Fi, as denoted by the Wi-Fi Alliance. • WLANs are used in homes, small businesses, enterprises, hotels, airports, and elsewhere by millions everyday. • Wi-Fi is inherently difficult to secure and the IEEE has added amendments to improve security since the start of 802.11. • Wireless security can quickly become tough to manage, as it takes time for improved security to become widespread while the attackers exploit systems using the latest techniques.
Hypothesis • To identify the effectiveness of wireless based attacks, I hypothesize that an attacker will be able to launch an effective attack (regardless of time or notability, so long as a simple end goal is completed) within a local area network or nearby 802.11 network without complete protection. Materials • Hardware based materials include: Wi-Fi Pineapple Mark V, Pelican 1120 case with 12 volt battery, Alfa AWUS036H WNIC, Alfa AWUS036NHR WNIC, laptop with Windows 7, D-Link DIR-628 router, Belkin F7D4302 router, and various client-type devices. • Software based materials include: virtual machines with Kali Linux & Windows XP and common penetration testing tools such as ettercap, nmap, metasploit, SSLstrip, aircrack-ng, and Wireshark.
Procedures • Set up a realistic attack environment, which may have the attacker already within the network or just outside the target’s access points and devices or systems. • Configure and launch an attack with no defenses actively in place and determine if the attack was ultimately successful. • Configure and implement countermeasures against the attack if possible and identify if those countermeasures were successful in detecting/preventing the attack. • Assess if an attacker would have difficulty achieving his end goal both with and without defenses in place.
Observations • The experiment tested a total of 21 attacks categorized by those ran internally vs externally and three major groups – aggressive, information gathering, and tactical. • I launched the attacks with Kali Linux or the Wi-Fi Pineapple, two platforms designed with penetration testing in mind. • Of all the attacks, 15 were highly reliable/successful, 4 were moderately reliable, and 2 were rarely reliable. • My hypothesis was generally correct, though a few attacks by themselves had reliability issues in my environment, as noted. • These attacks nearly always worked against undefended targets, so the effectiveness or success typically depends on how security-conscious the target user or administrator is.
Discussion • This experiment shows the validity of wireless and network based attacks as an effective attack vector. • Novel and advanced techniques are always in development and represent an ever-looming threat. • Millions of wireless access points and devices all over the world are vulnerable by default to these types of attacks. • Manufactures should follow a security by design product development process, network administrators need to secure their networks and systems, and the general public must be wary of common attacks against their devices. • Defenses are available – they just need to be implemented.
Data Types of Attacks • Internal • Takes place inside of a network. • External • Attacker is outside nearby network. • Aggressive • Gain access, compromise, or DoS. • Information Gathering • Obtain valuable intelligence. • Tactical • Assist other attacks, provide distractions, or trick other systems or users.
Results ** Easy if a VPN or encryption is used. ***Easy if possible to disable. *Original defense is inherently flawed, making it very difficult to improve its security.
Wi-Fi Pineapple Wi-Fi Pineapple as Operated In Case with Battery Exterior of Complete Case
Alfa AWUS036H Alfa AWUS036NHR D-Link DIR-628 Router Belkin F7D4302 Router
Ettercap ARP Spoofing MITM VPN Defense
DNS Spoofing Code Injection All photos, screenshots, graphs, and tables were prepared by the student researcher.
SSLstrip WPS Cracking
Data Title Results Port Scan Screenshot Alfa & Router Photos Introduction Pineapple Pictures Ettercap Screenshot Hypothesis Materials Observations Discussion Exploitation Screenshot Procedures DHCP Screenshot SSLstrip Screenshot DNS Spoof Screenshot