Rogue Access Points attacks

Slides:

Advertisements

Similar presentations

Overview How to crack WEP and WPA

Advertisements

Wireless Cracking By: Christopher Zacky.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless Packet Loss Rate Xiangzhou Chen Zhihan Xia.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.

CSEE W4140 Networking Laboratory

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

Securing a Wireless Network

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

Wireless Security: A Search for Public and Secure Wireless networks Kory Kirk.

Ft. Smith Evil Twin Access Points: For fun but no profit.

WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Wireless II. Frames Frames – Notes 3 Frame type ▫Management  Beacons  Probes  Request  Response  Associations  Request  Response  Disassociate.

Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.

Firewall Security.

.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Wireless Security A lab that actually works! Anne Hewitt Oscar Salazar A lab that actually works! Anne Hewitt Oscar Salazar.

KSU 2015-Summer Cyber Security | Group 1 | Seul Alice Bang Get a Wifi Password.

A Study of Secure Communications in WiFi Networks Bumjo Park 1 and Namgi Kim 11 1 Dept. Of Computer Science, Kyonggi Univ. San 94-1, Iui, Yeongtong, Suwon,

1 Company Confidential Fluke Networks OptiView Wireless Network Analyzer Bringing the power of OptiView to Wireless LANS.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.

Securing A Wireless Home Network. Simple home wired LAN.

Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.

Exploits Data Communications Benjamin W. Siegel VCU Information Systems.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.

Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York ATTACK TOOLS & SECURITY POLICIES Shambhu Upadhyaya 1.

Module 48 (Wireless Hacking)

An Introduction To ARP Spoofing & Other Attacks

Re-evaluating the WPA2 Security Protocol

CompTIA Security+ Study Guide (SY0-401)

Penetration Testing: Concepts,Attacks and Defence Stratagies

OSA vs WEP WPA and WPA II Tools for hacking

Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00

Only For Education Purpose

Wireless Hacking.

Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.

CompTIA Security+ Study Guide (SY0-501)

Digital Pacman: Firewall Edition

Wireless LAN Security 4.3 Wireless LAN Security.

Wi-Fi Technology By : Pranav Mandora Rikin Mistry LDRP-EC.

EVAPI - Enumeration Auburn Hacking club

Advanced Penetration testing

Presentation transcript:

Rogue Access Points attacks EVIL TWIN

What is a rogue access point (AP) A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker. Think setting up a router in your dorm room

Evil Twin

“Starbucks Wifi” Channel 6 Rogue Access Point “Starbucks WiFi”, Channel 6

“Starbucks Wifi” Channel 6 Rogue Access Point “Starbucks WiFi”, Channel 6

Man in the Middle

Advantages of Evil Twin Attacks Relatively easy to perform Hard to Detect Targeted attack Doesn’t pwn everything in the area

Disadvantages of Evil Twin Doesn’t work against protected network out of the box Workaround Listen for probe requests Identify ESSID and Channel of network that client have in common Spin up twin with ESSID and Channel Deauthorize secure network

Detecting Evil Twins with Whitelisting Whitelist all legitimate access points by bssid and mac address Sniff continuously for probe responses If probe response of essid, and the bssid is not in the whitelist, then it’s a rogue AP Deauth rogue AP

“I have ESSID ‘Starbucks’” Whitelist: 00:11:8A:B7:9F 22:33:44:55:66 99:99:99:99:66 Is 11:22:33:44:00 Allowed? IDS IDS No Whitelist: 00:11:8A:B7:9F 22:33:44:55:66 99:99:99:99:66 Deauth IDS Find a sys admin

Can spoof BSSID/mac Rouge AP can be set up with same BSSID and MAC. For all intents and purposes looks exactly like legitimate AP

Other methods? Detect using varying signal strength. Establish baseline and check if it varies much. Note if the hacker figures out the signal strength you can modify it on a wireless card “iwconfig wlan0 txpower 30”

Karma Attack Seeks out WiFi requests from nearby devices Responds that it is the droid wireless signal they are looking for Pwns all nearby networks

Evil Twin DEMO

Wireshark Packet Sniffing Uses PCAP files to see everything on the network “Just look at it”™ Reason 1 for not doing anything important on insecure WIFI

Wireshark Demo