Ft. Smith 2600. Evil Twin Access Points: For fun but no profit.

Slides:



Advertisements
Similar presentations
Overview How to crack WEP and WPA
Advertisements

Wireless LAN Security Understanding and Preventing Network Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University Kai, 2004 INSA1 Using Kismet to enhance the security level in enterprise.
“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
System Security Scanning and Discovery Chapter 14.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Wireless Weaponry The Shmoo Group. Intro a.k.a. WTF is Shmoo? Howdy! Who’s who up here? What the hell are we gabbing about? “Who’s Shmoo?” takes too long.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
Computer Networks IGCSE ICT Section 4.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.
Securing a Wireless Network
Wireless Hotspot Security
MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University
Confidential and Proprietary Capturing Air: Tools and Methods to Make Wireless Assessments a Breeze Leo Walsh, GSNA Professional Jefferson Wells.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Steps To Set Up Your Home Wireless Network You can use a wireless network to share Internet access, files, printers, and more. Or you can use it to surf.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Copyright Security-Assessment.com 2005 Wireless Security by Nick von Dadelszen.
Getting Started. Searching The best way to find information on the web: googling What search engines are there?
Hands-On Ethical Hacking and Network Defense Lecture 14 Cracking WEP Last modified
Copyright Security-Assessment.com 2004 Security-Assessment.com Wireless Security By Nick von Dadelszen.
Wireless Network Hacking.  Authentication Techniques  1. Open System: no security techniques  2. Shared-Key: uses hashed string challenge with WEP.
Wireless Networking & Security Greg Stabler Spencer Smith.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Wireless Security on the Philippine Setting. Introduction: WHOAMI What’s this all about?
KSU 2015-Summer Cyber Security | Group 1 | Seul Alice Bang Get a Wifi Password.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Brianne Stewart.   A wireless network is any computer network that is not connected with a cable  Many homes use this type of internet access  Less.
Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
It's Everywhere Point of Sale attacks ● The free WiFi is connected to the same DSL or cable service as the PoS computers ● Depending if this free WiFi.
Chapter3 Wireless how safe it is NOT! By: Brett Hoff.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Rogue Access Points attacks
CSCE 548 Student Presentation By Manasa Suthram
Wifi Hacking Wifi Protection
Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.
Digital Pacman: Firewall Edition
Presentation transcript:

Ft. Smith 2600

Evil Twin Access Points: For fun but no profit

What is it? An “Evil Twin” access point is a rogue access point* set up intentionally to trick users into connecting to it rather than the legitimate access point

Rouge Access Point Definition Rouge access point (rap) - an unauthorized access point. They are not always someone with ill intent. ex: A rap may be a employee who has set up a linksys router without permission or enabled proper encryption, in his/her cubicle, by doing this he/she may have bypassed all of the company’s security policies and maybe broadcasting said company’s confidential data in clear text for anyone to see.

Why does it work? Primarily because many end users (CEO’s, employees, home users, etc.) don’t think that they may be a target

Who is vulnerable? Too many home users Many small businesses Quite a few bigger institutions (Schools and corporate entities)

Vulnerable hardware Gray area : remember, your primarily tricking users, not the access points, but you may have to take the AP out in order to do so.

How does it work? Mac’s and PC’s because both automatically scan for preferred networks on startup. Some user-friendly Linux distros do this too! it probes for preferred networks when it does so, it sends the AP mac address as part of the probe packet. In comes Hotspotter or Karma!

How can I make it work? There are several ways to go about it:  Walled Garden type (fake hotspot pages like T-mobile, Starbucks, McDonald’s, etc.)  Flooding with fake SSID’s to confuse the user and have them connect to one of the many SSID’s that route back to you  Completely knocking their access point out by an association flood (or other method), and sliding in yours

Tools Auditor – bootable Linux distro for pen testing Void11 – Mainly used for de-auth attacks and to generate traffic (Prism II chipset only) Airsnarf – My fav tool for Walled Garden type attacks (they say you can use Atheros chipset but I cant) Hotspotter or Karma – common tools for forging SSID’s

Scenario 1 You are in a coffee shop in a major-metropolitan area (New York City, for example) with paid, monitored, or even encrypted WiFi Many users have laptops, PDA’s, etc. Perform a de-authentication attack to force everyone off of their network or an association flood to crash the router. Slip your evil twin in the mix with an SSID like “$.99Wifi”, “ Un-monitored Wifi”, or even the same SSID as the encrypted WiFi just not encrypted  Make sure your running dhcpd to assign ip addresses automatically Hopefully, people will try to reconnect see that your access point is cheaper, un-monitored, or not encrypted and connect to it instead Have a convincing “Walled Garden” type login page

Scenario 1 (cont.) In this scenario the attacker can collect a variety of data  Legitimate credentials (used to login to the AP later)  Credit card numbers for “$.99wifi”  Since the users are on your network browse any shares they may have. You may get private corporate data from the business man in the corner.  People’s names and addresses

Scenario 2 You’re on a flight to L.A. Again, business men are working on their notebooks. Since XP and Macs (and Linux too!) are so friendly, they will announce their presence and look for preferred networks. Run Karma or Hotspotter to fake them out

Scenario 2 (cont) Use nmap to scan the host using (p0f OS detection) and use the –sV for services and version Fire up Metasploit and drop a reverse shell (provided they were running vulnerable services, of course) The system is backdoored. Now you can drop a rootkit and have it scan its entire netmask when it gets back and have it it to you … or something (/)\/\/N3[) !!!1!s

Oopps. My bad. I meant to have a live demo of one of these attacks but I got too busy and didn’t get it together in time. maybe next time.

Conclusion The world is a dangerous place. An informed user may or may not be a safe user. Only try this at home. Be good, pass it on.

Credits/Props Simple Nomad – Hacking the Friendly Skies (great read) The Shmoo shmoo.com (airsnarf) Remote-exploit.org (auditor and backtrack) KoreK (chop-chop attack on WEP and cool ass name) Fresh BeanZ ( venue for this talk and meetings ) 2600.com ( the original hacker panel )

Counter Measures Kismet set to filter out known ssid’s For windows Netstumbler can do that too Airsnare for windows Snort for Linux Document all of your wireless access points The normal stuff (use wpa, change key at reg. intervals, etc.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.