Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

Published byAlexina Charles Modified over 8 years ago

Similar presentations

Presentation on theme: "Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information."— Presentation transcript:

1 Ethical Hacking Defeating Wireless Security

2 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information Technology City College San Francisco City College San Francisco Email: sbowne@ccsf.edu Email: sbowne@ccsf.edu Web: samsclass.info Web: samsclass.info

3 3 Two Hacking Classes CNIT 123: Ethical Hacking and Network Defense Has been taught since Spring 2007 (four times) Face-to-face and Online sections available Fall 2008 CNIT 124: Advanced Ethical Hacking Taught for the first time in Spring 2008

4 4 Certified Ethical Hacker Those two classes prepare students for CEH Certification Those two classes prepare students for CEH Certification

5 5 Certificate in Network Security

6 6 Associate of Science Degree

7 Equipment Wireless Network Interface Cards (NICs) and Drivers

8 8 The Goal All wireless NICs can connect to an Access Point All wireless NICs can connect to an Access Point But hacking requires more than that, because we need to do But hacking requires more than that, because we need to do Sniffing – collecting traffic addressed to other devices Sniffing – collecting traffic addressed to other devices Injection – transmitting forged packets which will appear to be from other devices Injection – transmitting forged packets which will appear to be from other devices

9 9 Windows v. Linux The best wireless hacking software is written in Linux The best wireless hacking software is written in Linux The Windows tools are inferior, and don't support packet injection The Windows tools are inferior, and don't support packet injection But all the wireless NICs are designed for Windows But all the wireless NICs are designed for Windows And the drivers are written for Windows And the drivers are written for Windows Linux drivers are hard to find and confusing to install Linux drivers are hard to find and confusing to install

10 Wireless Security

11 11 Three Security Settings No security No security WEP (Wired Equivalent Privacy) WEP (Wired Equivalent Privacy) Old and broken Old and broken Easily hacked Easily hacked WPA and WPA2 (Wi-Fi Protected Access) WPA and WPA2 (Wi-Fi Protected Access) Very secure Very secure The only significant vulnerability is to a dictionary attack, if the key is a common word The only significant vulnerability is to a dictionary attack, if the key is a common word

12 Wireless Security in San Francisco Measured by CCSF students on Nov 18, 2008 Measured by CCSF students on Nov 18, 2008 WEP is the most popular security technique! WEP is the most popular security technique! 12

13 Cracking WEP Tools and Principles

14 14 A Simple WEP Crack The Access Point and Client are using WEP encryption The Access Point and Client are using WEP encryption The hacker device just listens The hacker device just listens Hacker Listening WEP- Protected WLAN

15 15 Listening is Slow You need to capture 50,000 to 200,000 "interesting" packets to crack a 64-bit WEP key You need to capture 50,000 to 200,000 "interesting" packets to crack a 64-bit WEP key The "interesting" packets are the ones containing Initialization Vectors (IVs) The "interesting" packets are the ones containing Initialization Vectors (IVs) Only about ¼ of the packets contain IVs Only about ¼ of the packets contain IVs So you need 200,000 to 800,000 packets So you need 200,000 to 800,000 packets It can take hours or days to capture that many packets It can take hours or days to capture that many packets

16 16 Packet Injection A second hacker machine injects packets to create more "interesting packets" A second hacker machine injects packets to create more "interesting packets" Hacker Listening and Injecting WEP- Protected WLAN

17 17 Injection is MUCH Faster With packet injection, the listener can collect 200 IVs per second With packet injection, the listener can collect 200 IVs per second 5 – 10 minutes is usually enough to crack a 64-bit key 5 – 10 minutes is usually enough to crack a 64-bit key Cracking a 128-bit key takes an hour or so Cracking a 128-bit key takes an hour or so Link l_14r Link l_14r

18 Cracking WEP The Attack

19 19 Airodump Sniffs packets to find networks Sniffs packets to find networks

20 20 Aireplay Finds an ARP packet and replays it to make cracking faster Finds an ARP packet and replays it to make cracking faster

21 21 Data This makes the #Data value go up much faster This makes the #Data value go up much faster We need at least 50,000 Data (IVs) to crack WEP We need at least 50,000 Data (IVs) to crack WEP

22 22 Aircrack The captured IVs make the keyspace much smaller The captured IVs make the keyspace much smaller Aircrack performs a brute-force attack on all remaining keys Aircrack performs a brute-force attack on all remaining keys

Download ppt "Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information."

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Wireless Cracking By: Christopher Zacky.

Wireless Cracking By: Christopher Zacky.
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Similar presentations

Ads by Google