Chapter 2 - 06 - Understand Wireless Network-specific Attacks - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician

Exam 212-82

Information Security Attacks

Module Flow
Understand Information

Understand Social Engineering

Security Attacks

Attacks

Describe Hacking Methodologies
and Frameworks

Understand Wireless Network-

specific Attacks

Understand Network-level
Attacks

Understand IoT, OT, and
Cloud Attacks

Understand Applicationlevel and OS-level Attacks

Attacks

Understand Cryptographic

Copyright © by EC

L Al Rights Reserved. Reproduction
is Strictly Prohibited.

|
|

Understand Wireless Network-specific Attacks
To secure wireless networks, a security professional needs to understand the various possible

weaknesses of encryption algorithms, which may lure attackers. The wireless network can be at
risk to various types of attacks. This section discusses different types of wireless networkspecific attacks.

Module 02 Page 319

Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.

Certified Cybersecurity Technician
Information Security Attacks

Exam 212-82

Rogue AP Attac
Attackk
A rogue wireless AP

placed into an 802.11
network can be used to
hijack the
the connection
connections
of-legitimat
of legitimatee

network users

When the user turns on

the computer, the rogue
wireless AP will offer to
connect with the

All the traffic the user

enters will pass through the
rogue AP, thus enabling a
form of wi
i
[] I]"

v

oul
otl

User Connecting

to Rogue Access
Point

I

My SSID is
certifiedhacker,
Connect to me

o)
[~
Attacker

Legit Company
Company Wi-Fi Network
Legit
SSID: certifiedhacker
Wi-Fi Channel: 6

Rogue AP Attack

APs connect to client NICs by authenticating with the help of SSIDs. Unauthorized
(or rogue)
APs can allow anyone with an 802.11-equipped device to connect to a corpora
te network. An
unauthorized AP can give an attacker access to the network.
With the help of wireless sniffing tools, the following can be determined from APs:
authorized
MAC

addresses, the vendor name, and security configurations. An attacker can
then create a

list of MAC addresses of authorized APs on the target LAN and crosscheck this list
with the list
of MAC addresses found by sniffing. Subsequently, an attacker can create a rogue AP
and place
it near the target corporate network. Attackers use rogue APs placed in an 802.11
network to
hijack the connections of legitimate network users. When a user turns on a
computer, the
rogue AP will offer to connect with the network user’s NIC. The attacker
lures the user to
connect to the rogue AP by sending the SSID. If the user connects to the rogue AP
under the
impression that it is a legitimate AP, all the traffic from the user passes through
the rogue AP,
enabling a form of wireless packet sniffing. The sniffed packets may even contain
usernames
and passwords.

Module 02 Page 320

Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

fiormation Se
curity Attac

-

T T wieey

Exam 212.g8>

Exam

User Connecting
Ogue Access
Point

—~
-

My SSID is

certifiedhacker,
Connect to me

(.----u--

g

2

(]

n

\/
/

e,.)
Company wi.fj
Network

SSID: certifiedhacier
Wi-Fi Channe
l:
6

Figure 2.55. Ro
gue AP attack

e 02 page 35,
Module 02 Page
321

Certified Cvbersecurlt
y Technician Copyright
© by Eppe....

meRnnsIan
decuUritS y At
Information Securi
ty Attacktas cks
Exam

212-82

Exam 212-82

©

Hacker spoofs the
MAC address of WL
AN client
equipment to mas
k as an authorize
d client
© Attacker connec
ts to AP as an aut
horized client
andandeavesdrops on
authoriz
eavesdyg Ps onsensitive inform
eq client
sensitive nforation
Feee i,
mation.
A

V

Dev
Devi
ceicewithwitMAC
h MACaddr
add
regs.-..
ess:
-0FIC-F1
-5BEOO-00
6.98
DCSGAD.4p
o~
Production o
b.4 o
Deduct
pamn
DPro
enl
lor:
Partmen
Accoun ting
Acr.ountlng
8="
/Depanme
Department
n!
s
"
-

CLSE

V

\L&

;

W)

Y

[

:

}septl on
<

-

v
v

}

:

:

Only computers

Only v computers
from
comp on
ucti
fromthetheprod
Pro

beestsoensessessansas..

duction
depa
deprtme
artnt
men;cancan
con

B

nect to me
con
nect to me..........

A

[ LT

:

L

:

H
:

:

lam MAaC
00-0C-F156-98-AD

Hadzerspooflng(heMA

Caddress.........-.....................................................................................................................................................................................................:.........
Copyright © by
ECCiL Al Rights Rese
rved. Reproduction
is Strictly Prohibit
ed

{

©

Hacker spoofs the
MAC address of WLA
e MAC add
N client
ipment to mas
©qequ
uipm
ent to mask k as an res
autshorofizewi
d an
cliecli
nt ent
as an aut
hor
ize
cker
d
© ® AttAtta
con
cli
nects to AP as an
ent
acker €onnec
ts to Ap a¢ an authorized client
esd
rop
aut
andand€a€av
vesdrops soy on sensitive infhor
ormize
atiqon client
sensitive lnlorm.
atinn

Device

Production
Production
Department
Department

Device witwith
h MAMAC
Cadd
reros
add
ss;s:......
¥V
’ 0000................
-0C-0C.."..ResRese
F1F1ryes
-56.56ripyee
9g.98.5,Ap
'fi
-

¥ End
[

i

Ac::ounling
Acmunling
Departmeny
Department
-2

L4

-Recept
L] ion
= k)

y

v

|

!

A

v

Only computers
Only Omputers

J

from the production
from
the Production

|

Seesrtnnntnneernenns.

B,

'

rtment can
dodepa
pmme
nl can

conconn
nec ect

R

;
§
8

t to me

to me. LT......................................
@!

W

—

lam mac
lam MAc
00-0C-Fy.

00-0C-F1-

56-98-Ap

56-98-AD.
:—
Wil

\/

L

]1

/ LN
")

S —

P

—~——
g

Hacker spoofi
the MAC add
Hacker spong
ofing
the MAC res
s
s

Module 02 Pa
2
Module 02 gePag32
e 322

Figure 2.56: Ap MA
C spoofing

s

Certified Cybersecu
rlty Technician
Copyright ® by ECAll Rights Re
Coun

Certified Cybersecurity Technician

Exam 212-82

Information Security Attacks

WarDriving
Register with WiGLE (https://wigle.net) and download the map packs of your area to
view the plotted APs on a geographical map

Connect the antenna or GPS device to the laptop via a USB serial adapter and board a car

Install and launch NetStumbler and WIGLE client software, and turn on the GPS device

Drive the car at speeds of 35 mph or below (at higher speeds, the Wi-Fi antenna will not
be able to detect Wi-Fi spots)

Capture and save the NetStumbler log files, which contain the GPS coordinates of the APs

Upload this log file to WiGLE, which will then automatically plot the points onto a map
Copyright © by EC-Council.

All Rights Reserved. Reproduction
Is Strictly Prohibited

WarDriving
In a wardriving attack, WLANSs are detected either by sending probe requests over a connection
or by listening to web beacons. An attacker who discovers a penetration point can launch
further attacks on the LAN. Some of the tools that the attacker may use to perform wardriving
attacks are KisMAC and NetStumbler.
WarDriving can be used to discover Wi-Fi networks with the following procedure.
=

Register with WIGLE (https://wigle.net) and download map packs of the target area to
view the plotted APs on a map.

=

Connect the laptop to an antenna and a GPS device via a USB serial adapter and board a
car.

=

|nstall and launch NetStumbler and WIGLE client software and turn on the GPS device.

=

Drive the car at speeds of 35 mph or below (at higher speeds, the Wi-Fi antenna will not
be able to detect Wi-Fi networks).

=

Capture and save the NetStumbler log files that contain the GPS coordinates of the APs.

=

Upload this log file to WiGLE, which automatically plots the points on a map.

Module 02 Page 323

Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.