Wireless attack methods can be broken up into three categories:
- Reconnaissance
- Access attack
- Denial of Service (DoS)
Reconnaissance
Reconnaissance is the unauthorized discovery
and mapping of systems, services, or vulnerabilities. It is also known as
information gathering and it usually precedes an actual access or DoS attack.
Reconnaissance is similar to a thief scouting a neighborhood for
unsecure homes. In many cases, the intruders go as far as testing the door
handle to discover vulnerable areas, which they can exploit at a later time.
Performing reconnaissance involves the use of common commands or utilities to
learn as much as possible about the victim site.
Wireless snooping and
packet sniffing are common terms for eavesdropping. The information gathered by
eavesdropping can be used for future access or DoS attacks to the network.
Using encryption and avoiding protocols that are easily eavesdropped can combat
eavesdropping. Commercial wireless protocol analyzers like AiroPeek, AirMagnet,
or Sniffer Wireless can be used to eavesdrop on WLANs. Free protocol analyzers
like Ethereal or tcpdump fully support wireless eavesdropping under Linux.
Wireless eavesdropping can be used to view network traffic and discover the
SSIDs in use, validate MAC addresses, or determine if encryption is being used.
Wireless reconnaissance is often called wardriving. Utilities used to
scan for wireless networks can be active or passive. Passive tools, like
Kismet, transmit no information while they are detecting wireless networks. A
Kismet screen is shown in Figure
. Active
utilities, like NetStumbler, transmit requests for additional information about
a wireless network, once it is discovered. The Windows XP operating system is
wireless-aware. Windows XP performs active scanning. It will try to
automatically connect to a discovered WLAN. Some people using WLAN tools are
interested in collecting information about the use of wireless security. Others
are interested in finding WLANs that offer free Internet access or an easy
backdoor into a corporate network.