1 Attacking a Wireless Network via De-authentication by Dou Wang, Jiaying Shi, Ying Chen School of Computer Science University of Windsor November 2007.

Slides:

Advertisements

Similar presentations

Wi-Fi Technology.

Advertisements

Ethical Hacking Module XV Hacking Wireless Networks.

Wireless LAN Security Understanding and Preventing Network Attacks.

Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.

BZUPAGES.COM BSIT BZUPAGES.COM BSIT ON.

Information Networking Security and Assurance Lab National Chung Cheng University Kai, 2004 INSA1 Using Kismet to enhance the security level in enterprise.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.

Attacking and Detection: Deny of Service in Wireless Network by Injecting Disassociation Frames through Data Link Layer Yufei Xu, Xin Wu, Da Teng.

Security Awareness Chapter 5 Wireless Network Security.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

1-1 Introduction to Computer Networks and Data Communications.

Data Communications & Computer Networks, Second Edition 1 Chapter 1 The Big Picture Introduction to Computer Networks and Data Communications.

Handoff Delay for b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 1: Internetworking.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

THE OSI REFERENCE MODEL Open Systems Interconnection Reference Model.

Wireless Networking 102.

Introducing Network Standards Open Systems Interconnection (OSI) Model IEEE 802.x Standard Device Drivers and OSI 1.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

CWNA Guide to Wireless LANs, Second Edition Chapter Five IEEE Media Access Control and Network Layer Standards.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.

IEEE Project started by IEEE for setting standard for LAN. This project started in (1980, February), Name given to project is year and month.

ITED 328 Lecture 4 12 Feb 2004 Loosely covering Chapter 5 Internet and LAN Technology.

Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.

Chapter 1 Introduction to Computer Networks and Data Communications Data Communications and Computer Networks: A Business User’s Approach.

CWNA Guide to Wireless LANs, Second Edition

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Chapter 7 Low-Level Protocols

Computer Concepts 2014 Chapter 5 Local Area Networks.

Chapter One Introduction to Computer Networks and Data Communications Data Communications and Computer Networks: A Business User's Approach Eighth Edition.

MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.

Presented by: Dr. Munam Ali Shah

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Wireless standards Unit objective Compare and contrast different wireless standards Install and configure a wireless network Implement appropriate wireless.

Project Idea #1 Project: Simulation in NS Learn how to use NS-2 Examine 2-3 papers that do benchmark studies Implement a simulation of the Drexel TAARP.

Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.

Data Transmission Basics for Digital Investigations.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Chapter 7.

HNC COMPUTING - Network Concepts 1 Network Concepts Devices Introduction into Network Devices.

DoS Attacks On Wireless Voice Over IP Systems By Brendon Wesley Supervisor- Noria Foukia.

CS 447 Networks and Data Communication ARP (Address Resolution Protocol) for the Internet Department of Computer Science Southern Illinois University Edwardsville.

Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.

McGraw-Hill©The McGraw-Hill Companies, Inc. Chapter 9 Local Area Networks Part I: Basic Concepts and Wired Ethernet LANs.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

First, by sending smaller individual pieces from source to destination, many different conversations can be interleaved on the network. The process.

20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.

Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.

LO2 Understand the key components used in networking.

IEEE Wireless LAN Standard

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Wireless LANs.

Module 1: Understanding Local Area Networks

Wireless Network Security

Introduction to Data-Link Layer

The OSI 7 Layer Model.

Wireless Mesh Networks

Wireless LAN Security 4.3 Wireless LAN Security.

Seminar class presentation Student: Chuming Chen & Xinliang Zheng

Wi-Fi Technology By : Pranav Mandora Rikin Mistry LDRP-EC.

Presentation transcript:

1 Attacking a Wireless Network via De-authentication by Dou Wang, Jiaying Shi, Ying Chen School of Computer Science University of Windsor November 2007

2 Contents  Introduction  Related Works  Our Experiment  De-authentication attack of Denial of Service  Intrusion Detection System  Conclusion

3 Introduction  Wireless Local Area Network (WLAN)  A network connection not requiring wired Ethernet connection, is based on radio waves technology.  Operating standard standard.  flexible setup  access mobility  low cost  easy to deploy

4 Introduction  Passive attacks focus on sniffing data sent on wireless signal.  Active attacks destroy the availability of the wireless networking infrastructure, or slow network performance.

5 Introduction  Open Systems Interconnection (OSI)  Application Layer  Presentation Layer  Session Layer  Transport Layer  Network Layer  Data Link Layer  Physical Layer

6 Introduction  protocol  Data Link Layer  Medium Access Control (MAC) sub-layer determines the way to send data and access the wireless medium.  Logical Link Control (LLC) sub-layer is responsible for the MAC addressing, framing, and error control.  Physical Layer takes care of transmitting raw bits through a communication channel.

7 Introduction  network configuration Figure 1: Infrastructure Network and Ad Hoc Network

8 Related works  Denial of Service A denial of service is “any action, or series of actions, that prevents any part of a system, or its resources, from functioning in accordance with its intended purpose”. Denial of service is the absence of availability. [2]

9 Related works  Resource allocation attacks makes the victim out of service temporarily by keeping sending association flood or authentication flood. The service will be restored to be normal once the resource allocation attack stops.  Resource destruction attacks disconnects the victim out of the network by exploiting vulnerabilities. The connection will be not restored immediately even though the attack stops.

10 1. Authentication 2. Association Connection established ! 1. Disassociation 2. Deauthentication Disconnected ! Ex periment

11 Ex periment Image from

12 Ex periment

13 Ex periment  Key software Redhat Linux 9 with Kernel Redhat Linux 9 with Kernel Hostap Hostap Void Void Kismet R1 Kismet R1 Snort-wireless with wireless patch Snort-wireless with wireless patch

14  Attacker Laptop: Toshiba Satellite M30 LaptopToshiba Satellite M30 Laptop Hardware: Intel M 2.0GHz, RAM 512MB, 40GB Partition, SMC EliteConnection 2.4GHz b SMC2532W-B Hardware: Intel M 2.0GHz, RAM 512MB, 40GB Partition, SMC EliteConnection 2.4GHz b SMC2532W-B Software: Redhat Linux 9, kernel , Hostap 0.0.4, Void Software: Redhat Linux 9, kernel , Hostap 0.0.4, Void Role in the project: Attacker Role in the project: Attacker MAC: e MAC: e IP Address: none IP Address: none Ex periment

15 Ex periment  Intrusion Detetion Laptop IBM Thinkpad R50IBM Thinkpad R50 Hardware: GC, Intel M 1.5GHz, RAM 256MB, 10GB Partition, SMC EliteConnection 2.4GHz b SMC2532W-BHardware: GC, Intel M 1.5GHz, RAM 256MB, 10GB Partition, SMC EliteConnection 2.4GHz b SMC2532W-B Software: Redhat Linux 9, Kernel , Hostap 0.0.4, Kismet R1, Snort-wireless Alpha 04 (Build 26) Software: Redhat Linux 9, Kernel , Hostap 0.0.4, Kismet R1, Snort-wireless Alpha 04 (Build 26) Role in the project: Sniffer, Intrusion Detection, frame capture Role in the project: Sniffer, Intrusion Detection, frame capture MAC: e MAC: e IP Address: IP Address:

16 Ex periment  Victim Laptop ASUS M3NP LaptopASUS M3NP Laptop Hardware: Intel M 2.0GHz, RAM 1GB, 80GB Partition, NETGEAR Wireless PC Card 32-bit CardBus WG511 Hardware: Intel M 2.0GHz, RAM 1GB, 80GB Partition, NETGEAR Wireless PC Card 32-bit CardBus WG511 Software: Windows 2003 Server, Microsoft IIS Software: Windows 2003 Server, Microsoft IIS Role in the project: Victim Role in the project: Victim MAC: b-83-f8-9c MAC: b-83-f8-9c IP Address: IP Address:

17 Ex periment  Service Requestor IBM Thinkpad T61IBM Thinkpad T61 Hardware: 7662-CT0, Intel Core 2 Duo 2.2GHz, RAM 2GB, 100GB Partition, Intel 8459 AGN Wireless NICHardware: 7662-CT0, Intel Core 2 Duo 2.2GHz, RAM 2GB, 100GB Partition, Intel 8459 AGN Wireless NIC Software: Windows Vista Home Edition Software: Windows Vista Home Edition Role in the project: Service Requestor, test for DoS Role in the project: Service Requestor, test for DoS IP Address: IP Address:

18 Ex periment  Access Point & NICs (our heroes) Wireless Access PointWireless Access Point g/2.4GHz Wireless Router D-Link DI g/2.4GHz Wireless Router D-Link DI-524 MAC Address: 00:11:95:75:23:9A MAC Address: 00:11:95:75:23:9A IP Address: IP Address: SSID: wang1124 SSID: wang1124

19 Ex periment  Attacking Tool: void11 based on hostap  IDS Tool: kismet based on hostap  Analysis Tool: snort-wireless

20 Ex periment  Assumptions: Attacker has root privilege on that laptop Attacker has root privilege on that laptop Attacker knows the MAC addresses of both AP and victim Attacker knows the MAC addresses of both AP and victim The wireless network is based on b protocol The wireless network is based on b protocol

21 Ex periment  Attacking #void11-penetration wlan0 –t 1 –s 00:09:5b:83:f8:9c –B 00:11:95:75:23:9a –d 1000

22 Ex periment  Attacking – cont’ #void11-penetration wlan0 –t 1 –s 00:09:5b:83:f8:9c –B 00:11:95:75:23:9a –d

23 Ex periment  Sniffing

24 Ex periment  Analysis Result =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/30-22:09: Deauthent. 0:9:5B:83:F8:9C -> 0:11:95:75:23:9A bssid: 0:9:5B:83:F8:9C Flags: Re 0x0000: C0 08 3A A B 83 F8 9C..:....u#...[... 0x0010: B 83 F8 9C 80 4E [....N.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/30-22:09: Deauthent. 0:9:5B:83:F8:9C -> 0:11:95:75:23:9A bssid: 0:9:5B:83:F8:9C Flags: 0x0000: C0 00 3A A B 83 F8 9C..:....u#...[... 0x0010: B 83 F8 9C A0 4E [....N.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

25 Conclusions  Simulate wireless attack on data-link layer by generating control frames to perform de-authentication flood to a single target.  Intrusion Detection System is able to detect out the attack and capture the packets.  The attack and detection tools are based on Prism Chipset wireless network cards, hostap need to be installed on Linux kernel 2.4.x.  Different rate (frame per second/millisecond) of attack can cause different scenarios, higher rate of attack can cause the access point remove the MAC address of victim computer from its cache immediately.  D-Link DI524 has self-protection from association flood and authentication flood.

26 Acknowledgement  Yufei Xu, Da Teng and Xin Wu  Dr. Akshai Aggarwal  IT Service staff

27 References  [1] Allison H. Scogin, “Disabling a Wireless Network via Denial of Service”, Technical Report MSU  [2] S. Harris, CISSP Certification, 2nd Edition, McGraw-Hill/Osborne, Emeryville, CA, 2003, p  [3] Basic Digital Forensic Investigation Concepts, org/di_basics.html (current Mar 1, 2007).  [4] M. S. Gast, Wireless Networks: The Definitive Guide, 2nd Edition, O’Reilly Media, Inc., Sebastopol, California,  [5] R. Power, “2000 CSI/FBI Computer Crime and Security Survey,” Computer  Security Journal, vol. 16, no. 2, 2000, pp  [6] A. S. Tanenbaum, Computer Networks, 4th Edition, Prentice Hall, Upper Saddle River, New Jersey,  [7] for hostap installation  [8] for void11 installation

28 ?