Security Fundamentals
Reconnaissance

Wireless attack methods can be broken up into three categories:

  1. Reconnaissance
  2. Access attack
  3. Denial of Service (DoS)

Reconnaissance
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and it usually precedes an actual access or DoS attack.

Reconnaissance is similar to a thief scouting a neighborhood for unsecure homes. In many cases, the intruders go as far as testing the door handle to discover vulnerable areas, which they can exploit at a later time. Performing reconnaissance involves the use of common commands or utilities to learn as much as possible about the victim site.

Wireless snooping and packet sniffing are common terms for eavesdropping. The information gathered by eavesdropping can be used for future access or DoS attacks to the network. Using encryption and avoiding protocols that are easily eavesdropped can combat eavesdropping. Commercial wireless protocol analyzers like AiroPeek, AirMagnet, or Sniffer Wireless can be used to eavesdrop on WLANs. Free protocol analyzers like Ethereal or tcpdump fully support wireless eavesdropping under Linux. Wireless eavesdropping can be used to view network traffic and discover the SSIDs in use, validate MAC addresses, or determine if encryption is being used.

Wireless reconnaissance is often called wardriving. Utilities used to scan for wireless networks can be active or passive. Passive tools, like Kismet, transmit no information while they are detecting wireless networks. A Kismet screen is shown in Figure . Active utilities, like NetStumbler, transmit requests for additional information about a wireless network, once it is discovered. The Windows XP operating system is wireless-aware. Windows XP performs active scanning. It will try to automatically connect to a discovered WLAN. Some people using WLAN tools are interested in collecting information about the use of wireless security. Others are interested in finding WLANs that offer free Internet access or an easy backdoor into a corporate network.


Web Links