Wireless Hacking Tools
Type of Attack
Generate thousands of 802.11 beacon signals.
Can be used to execute deauthenticate, authenticate, and association flooding attack.
Jams the RF signal so that it cannot be distinguished by a legitimate device.
is another flooding attack tool. It has the ability to implement three different flooding attacks: deauthenticate clients, authentication flood, and association flood. The deauthenticate attack floods the WLAN with deauthenticate packets for random MACs. Those legitimate users connected with matching MAC address will close their connection upon receiving the deauthenticate packet. The authentication attack again floods the network with authentication packets so legitimate user cannot connect. The same is with the association packets.
There are a variety of availability attacks. All of them implement a DoS attack of some sort whether it is radio frequency (RF) jamming or network flooding. There also are many different flooding attacks with just a few examples given here. Flooding attacks promote the vulnerabilities of the protocols.
Table 3 - Summary of availability attack tools
Back to Table of Contents
Many commercial tools available
5.0 Bluetooth Attacks
Recently more Bluetooth attacks have emerged with Bluetooth technology gaining popularity. The two most well known attacks are DoS, bluesnarfing, and a key bump attack. The key bump attack involves obtaining the pairing key and then having full access to the victim's system.
One Bluetooth DoS attack involves a device that is not part of a piconet disrupting the established piconet of other devices. A Bluetooth piconet is the ad hoc network created with two or more Bluetooth devices that includes one master device and a number of slaves. The attacking device that is not participating in the piconet spoofs a slave out of the piconet and then contacts the master of the piconet. This will confuse the master device and lead to a disruption of the piconet.
Another DoS attack on Bluetooth devices involves a buffer overrun. This is when data is copied into a buffer, but the amount of data copied into the buffer exceeds the size of the buffer. This will cause the data to be copied into memory where it is not intended. The resulting status of the system depends on where in memory the data is copied.
Bluesnarfing is a term that means an attacker has obtained unauthorized information through a Bluetooth connection. The Object Exchange (OBEX) Push Profiler (OPP) has been identified as an easy mechanism for exchange of business cards, calendar entries, and other similar items. In most cases it does not require authentication. Bluesnarfing involves connecting to the OBEX Push target and issuing an OBEX GET request for common known filenames. In some cases, depending on the victim device's firmware, the attacker will be able to obtain all the files that were requested.
In the key bump attack the attacker gets the victim to accept a connection for some trivial data transfer, such as a picture, calendar notice, or a business card on a PDA. After the data is sent, the attacker keeps the connection open. This allows the attacker to request a key regeneration after the victim has deleted the pairing between the two
8 of 12
12/19/2007 5:16 PM