Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rogue Access Points attacks

Published byPhillip Welch Modified over 6 years ago

Similar presentations

Presentation on theme: "Rogue Access Points attacks"— Presentation transcript:

1 Rogue Access Points attacks
EVIL TWIN

2 What is a rogue access point (AP)
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker. Think setting up a router in your dorm room

3 Evil Twin

4 “Starbucks Wifi” Channel 6
Rogue Access Point “Starbucks WiFi”, Channel 6

5 “Starbucks Wifi” Channel 6
Rogue Access Point “Starbucks WiFi”, Channel 6

6 Man in the Middle

7 Advantages of Evil Twin Attacks
Relatively easy to perform Hard to Detect Targeted attack Doesn’t pwn everything in the area

8 Disadvantages of Evil Twin
Doesn’t work against protected network out of the box Workaround Listen for probe requests Identify ESSID and Channel of network that client have in common Spin up twin with ESSID and Channel Deauthorize secure network

9 Detecting Evil Twins with Whitelisting
Whitelist all legitimate access points by bssid and mac address Sniff continuously for probe responses If probe response of essid, and the bssid is not in the whitelist, then it’s a rogue AP Deauth rogue AP

10 “I have ESSID ‘Starbucks’”
Whitelist: 00:11:8A:B7:9F 22:33:44:55:66 99:99:99:99:66 Is 11:22:33:44:00 Allowed? IDS IDS No Whitelist: 00:11:8A:B7:9F 22:33:44:55:66 99:99:99:99:66 Deauth IDS Find a sys admin

11 Can spoof BSSID/mac Rouge AP can be set up with same BSSID and MAC.
For all intents and purposes looks exactly like legitimate AP

12 Other methods? Detect using varying signal strength.
Establish baseline and check if it varies much. Note if the hacker figures out the signal strength you can modify it on a wireless card “iwconfig wlan0 txpower 30”

13 Karma Attack Seeks out WiFi requests from nearby devices
Responds that it is the droid wireless signal they are looking for Pwns all nearby networks

14 Evil Twin DEMO

15 Wireshark Packet Sniffing
Uses PCAP files to see everything on the network “Just look at it”™ Reason 1 for not doing anything important on insecure WIFI

16 Wireshark Demo

Download ppt "Rogue Access Points attacks"

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Wireless Cracking By: Christopher Zacky.

Wireless Cracking By: Christopher Zacky.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless Packet Loss Rate Xiangzhou Chen Zhihan Xia.

Wireless Packet Loss Rate Xiangzhou Chen Zhihan Xia.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598.

Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
CSEE W4140 Networking Laboratory

CSEE W4140 Networking Laboratory
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

Similar presentations

Ads by Google