X hits on this document





5 / 12

Wireless Hacking Tools



One integrity attack is frame injection. This is when an attacker will inject their own Ethernet frames in the middle of the transmission. This can be used in a variety of ways to attack the user. The user can be misled into accepting frames that it did not intend. All the major Internet browsers were vulnerable to a frame injection attack. This vulnerability has been fixed, but it does give an example on how this can be used as an attack. An attacker could inject frames into a transmission to display their content with the legitimate outer web page frames of another company. For example, a user would access their banking web page and it would look like their legitimate web page, but the attacker has injected Ethernet frames so that even though the web page looks legitimate it is not. When the user attempts to login all the login information can be recorder by the attacker.

It is relatively easy to inject spoofed packets in a wireless network. When communicating with a web server there is a delay of tens of milliseconds while waiting for a reply. This is plenty of time for spoofed packets to be injected and the legitimate packets to be deleted. This is similar, but not exactly the same as the man in the middle attacks.

Packet injection can be used to generate a DoS attack as well. In 802.11, the AP and wireless device attempting to connect to it will trade associate and authenticate messages. When disconnecting, they will exchange deauthenticate messages. Packet injection tools can be used to issue deauthenticate messages for the IP addresses in the network, that could easily be obtain from sniffing the traffic. This would cause the valid device to be disconnected from the AP.

Similarly an attacker can delete or jam the data being transmitted. For example, an attacker could jam the wireless signal from reaching its intended target and also provide acknowledgments (ACKs) back to the source. The data would never reach the intended target, but the sender would have no idea, since it would see the ACKs.

Data replay is yet another attack on data integrity. This involves the attacker capturing authentication information and saving it for later use. This can be used for 802.1X Extensible Authentication Protocol (EAP) or for 802.1X Remote Authentication Dial-In User Service (RADIUS) authentications. Once the attacker has captured and saved the authentication information, it will monitor the traffic for another authentication. Then it will inject those frames instead of the legitimate authentication frames and essentially gaining access to a system.

3.1 Integrity Attack Tools

The list of integrity attack tools is not as extensive as the confidentiality attack tools. It is more common for sniffing and encryption cracking than it is for frame injection and replay attacks. Nonetheless, there are tools for frame manipulation (addition and deletion) and replay. .

Airpwn [19] is a wireless attack tool for 802.11 packet injection. It listens for specific patterns of the incoming packets. If there is a match with what is specified in the config file, then custom spoofed packets are injected from the AP. The valid packet that the spoofed packet replaced will be intercepted by airpwn and not allowed to reach the user.

File2air [20] is a similar injection tools except it allows the user to specify a file that will be used for the payload of the injected packets. It uses another tool called AirJack [21] to perform the actual frame injection. File2air runs on top of AirJack and reads in a binary file and transmits its contents onto a wireless network.

Simple-replay [22] is an attack tool that does exactly as the name implies. It allows for 802.11 packets that were previously captured to be injected back into the network.

Frame injection and frame replay tools can be used to attack the integrity of the data. Data integrity ensures that the transmitted data arrives at the destination unchanged. The attack tools focus on frame manipulation, so that an attacker can cause the user to receive the information it chooses.

Table 2 - Summary of integrity attack tools

5 of 12

12/19/2007 5:16 PM

Document info
Document views23
Page views23
Page last viewedThu Oct 27 07:46:25 UTC 2016