Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Backdoors and cracks > Crack attack - Pg. 133

112 CHAPTER 4 Low tech wireless hacking Now, let's look at my lazy low tech hijacking. We have a similar scenario but a much less motivated hacker and the singular goal of a DoS. Lazy Lenny takes his laptop, and depending on how much Mountain Dew he's had, he may choose to just use the wireless management tools that came with his operating system or he may install the same free software Ed was using. He's okay downloading and installing the software maybe, but he doesn't feel like configuring anything. Lenny's not going to launch a payload attack and he doesn't care if the victims actually have Internet or not. He don't need no stinkin' DHCP server here. Lenny just tells his laptop to broadcast the same SSID as the coffee shop's and he sits, waits, and watches as the unsuspecting little lambs of coffee shop clientele pass in and out, befuddled as to why the wireless isn't working. It's not the sexiest attack in the world, and I sure hate to ugly-up a perfectly beau- tiful automated attack, but sometimes we make sacrifices in the name of low tech. This attack could be pulled off with any device that can broadcast an SSID and has a stronger signal than the resident AP. Attacks like this would probably be caught first by complaining users and second by your wireless monitoring system. Half-hearted attempts at an evil twin attack may be a little more obvious. If Lenny was so lazy he set up an ad hoc network with a spoofed SSID, the victim laptops would certainly identify and display it as an ad hoc (versus AP), but that doesn't necessarily keep anyone from connecting to it. BACKDOORS AND CRACKS There are a variety of attacks that take aim at passwords and encryption keys. Some of these attacks require a little more packet savvy than others, but almost every type of cipher or key attack has an automated tool available online. Other backdoor attacks make use of the wired infrastructure or additional wireless networks that may be more easily accessible to an attacker. Access to one less secured network is usually a nice backdoor to the juicy stuff. Crack attack · Sniffers and automated online tools for preshared key (PSK) cracks Low Tech Level 4 I'm giving this hack a Low Tech Level 4 rating right out of the gate. The underlying algorithms and behind-the-scenes processes are rather complex, but the application is on the Internet and readily available to hackers of all levels. Although I admire the cryptographic genius behind the attack, it loses cool points for being a relatively trite hack. Unless you've been hiding under a rock for the last few years, you already know that WEP and other PSK encryption schemes are broken. If this is your first time hearing the news, then I send my condolences and suggest maybe you skip this chapter and move on to the next one; you'll find it less disturbing.