Wireless Hacking Tools
Having strong network security does not mean one can prevent the network from being attacked. It simply means that the security mechanisms implemented are just that secure and have not been broken yet. Computer and network security is constantly evolving. Strong security mechanisms must also evolve. As older mechanisms are broken or cracked, new ones must be developed.
1.1 Wireless Attack Tools
Many of the wireless attack tools are developed to compromise 802.11 networks. The popularity and widespread use of Wi-Fi gives the attacker a platform in which they can cause the most disruption. As other technologies gain popularity and usefulness, the more attack tools are developed for those technologies.
The wireless attack tools can be categorized, for the most part, as one that attacks the confidentiality, integrity, or availability of a network. This paper is organized as follows: first confidentiality attacks will be discussed and examples of wireless hacking tools will be given in section two. Then integrity attacks and availability attacks will follow in sections three and four. Specific Bluetooth attacks and hacking tools will be discussed in section five.
Back to Table of Contents
2.0 Confidentiality Attacks
The confidentiality attacks attempt to gather private information by intercepting it over the wireless link. This is true whether the data is encrypted or sent in the clear. If the data is encrypted, these attacks would include breaking the encryption and finding the key. Additionally, eavesdropping, key cracking, access point (AP) phishing, and man in the middle attacks are including in this category.
Eavesdropping is intercepting or sniffing the transmitted network traffic. This is capturing the bits transmitted on the physical layer, but many commercial programs will format the data into a user friendly way. This makes understanding the data much easier. If encryption is used, one will only see the encrypted data while sniffing. There are other tools available to crack certain encryption techniques. These tools also are considered confidentiality attack tools.
Beyond simply capturing and displaying the packets from the physical layer, many of the sniffing programs have filters and plugins installed that have the ability to manipulate the data creating a man in the middle attack. For example, a sniffing program can have a filter running that will replace the https (secure website) with http (non-secure). As a result, the victim's authentication would appear in the clear across the physical layer. The eavesdropper would be able to see both the username and password for the login.
Another example of a man in the middle attack would be to downgrade the encryption used. It is possible to rollback the Microsoft Challenge-handshake Authentication Protocol (MSCHAP2) encryption to MSCHAP1, which is a weaker encryption, and then rollback further to plain text for Microsoft's Point to Point Tunneling Protocol over a Virtual Private Network. This involves using a man in the middle attack tools to alter the handshake messages between the client and server. 
2 of 12
12/19/2007 5:16 PM