WiFi networks & RAW SOCKETS IL-HACK2009 Eddie Harari.

Slides:



Advertisements
Similar presentations
MultiNet: Connecting to Multiple IEEE Networks Using a Single Radio Ranveer Chandra, Cornell University joint work with: Victor Bahl (MSR) and Pradeep.
Advertisements

Overview How to crack WEP and WPA
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Internet Technology: A Sampler Ramesh Johari Massachusetts Institute of Technology
IEEE Wireless Local Area Networks (WLAN’s).
Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Security and Wireless LANs Or Fun and Profit With Your Neighbor’s Bandwidth Chris Murphy MIT Information Systems.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
MIS Week 11 Site:
WLAN What is WLAN? Physical vs. Wireless LAN
DSL 305 Series ADSL Modem. Types of DSL305 series DSL305E ADSL Modem  PPP Half-Bridge (Default)  Transparent Bridge DSL305EU ADSL Router/Modem.
CS252: Systems Programming Ninghui Li Final Exam Review.
1 UNIX Networking. 2 Section Overview TCP/IP Basics TCP/IP Configuration TCP/IP Network Testing Dynamic Host Config Protocol (DHCP) Wireless Networking.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
IIT Indore © Neminath Hubballi
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.
COEN 252 Computer Forensics
Wireless Security: A Search for Public and Secure Wireless networks Kory Kirk.
BitTorrent How it applies to networking. What is BitTorrent P2P file sharing protocol Allows users to distribute large amounts of data without placing.
Socket Lab Info. Computer Network. Requirement Use TCP socket to implement a pair of programs, containing a server and a client. The server program shall.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
COEN 252 Computer Forensics Collecting Network-based Evidence.
Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Project Idea #1 Project: Simulation in NS Learn how to use NS-2 Examine 2-3 papers that do benchmark studies Implement a simulation of the Drexel TAARP.
FORESEC Academy FORESEC Academy Security Essentials (III)
Raw Sockets Vivek Ramachandran. A day in the life of Network Packet.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Hands-On Ethical Hacking and Network Defense Lecture 14 Cracking WEP Last modified
Linux Networking and Security
Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright
CHAPTER 9 Sniffing.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Network Attacks CS432 - Security in Computing
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
The Consolidated Protocols Maribor Meeting October 2013 Anartz Nuin & David Remón.
0x440 Network Sniffing.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
NIC Local Area Network (LAN) NT Ethernet Card MBA-613 – Mobilizing Technology in the Modern Business Environment Copyright 2001, Dr. Brian Reithel (with.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
WLAN Security1 Security of WLAN Máté Szalay
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
COMP2322 Lab 1 Introduction to Wireless LAN Weichao Li Apr. 8, 2016.
Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Anonymous Data Broadcasting by Misuse of Satellite ISPs
An Introduction To ARP Spoofing & Other Attacks
Security in the layers 8: Network Security.
Advanced Penetration testing
Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.
Wireless Security Ian Bodley.
Topic 5: Communication and the Internet
Advanced Penetration testing
Advanced Penetration testing
Packet Sniffing and Spoofing
Advanced Penetration testing
Presentation transcript:

WiFi networks & RAW SOCKETS IL-HACK2009 Eddie Harari

Sniffing WiFi  Managed mode VS Monitor mode  Promiscuous mode is driver/Firmware dependent.  Driver and Firmware for each NIC.  can we sniff with any card ???  Monitor mode, IT IS !!!

Data frames Frame Control [2] Duration ID [2] Address I [6] Address II [6] Address III [6] SEQ_CONTROL [2] Address IV [OPTIONAL 6] FRAME BODY [ DATA ]  Frame size is not fixed !   Encapsulation is (inside body).  Some networks use QOS ( Extra 2 bytes).  Is it so important ?

Sniffing in promiscuous mode  Ethernet II frame “EMULATION”

MITM Implementation  “Clear text” Networks.  “WEP” based Networks.  Shared & non shared keys.  famous last words: “ I surf through my neighbors WIFI connection.”

Monitor VS Managed  Monitor mode sniffs everything.  Monitor mode is undetectable.  Packet injection is hard…  A word about WIFI encryption.  Managed mode is “Dream environment” for packet injection.

So which one is it ?

Pre implementation considerations  SCAPY is for script kiddies !? (SCAPY is good solution for certain things…)  MITM network attack must win RACE conditions.  What are the attacks that can take place here ?

Thinking of an attack  Don’t you hate when your WIFI bandwidth is low cause everyone else is using the AP ?  RESET any TCP -SYN request ! From all machines but ours…  Why cant you reset “MS” SYN request on the client side …

MITM implementation  LibPcap is the best tool to use on this scenario.  Ability to sniff & inject packets.  Support all common DLT.  Supports Managed and monitor modes.  In monitor mode you can get RADIO headers…(FREAKY).

Code & Implementation  EXAMPLE I – RESETCON CODE  RESETCON POC CODE

Some ideas of what can be done…  MSN contact stealer…  DNS Spoofing…  FILE DOWNLOAD Injection…  ANY MITM ATTACK

Important things to remember…  headers are not fixed.  RADIO TAP headers are not fixed.  Code must win race conditions.  Packet format is important.  Detectable !? How to avoid that…

THANK YOU !!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.