Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Attacking a Wireless Network via De-authentication by Dou Wang, Jiaying Shi, Ying Chen School of Computer Science University of Windsor November 2007.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Attacking a Wireless Network via De-authentication by Dou Wang, Jiaying Shi, Ying Chen School of Computer Science University of Windsor November 2007."— Presentation transcript:

1 1 Attacking a Wireless Network via De-authentication by Dou Wang, Jiaying Shi, Ying Chen School of Computer Science University of Windsor November 2007

2 2 Contents  Introduction  Related Works  Our Experiment  De-authentication attack of Denial of Service  Intrusion Detection System  Conclusion

3 3 Introduction  Wireless Local Area Network (WLAN)  A network connection not requiring wired Ethernet connection, is based on radio waves technology.  Operating standard -- 802.11 standard.  flexible setup  access mobility  low cost  easy to deploy

4 4 Introduction  Passive attacks focus on sniffing data sent on wireless signal.  Active attacks destroy the availability of the wireless networking infrastructure, or slow network performance.

5 5 Introduction  Open Systems Interconnection (OSI)  Application Layer  Presentation Layer  Session Layer  Transport Layer  Network Layer  Data Link Layer  Physical Layer

6 6 Introduction  802.11 protocol  Data Link Layer  Medium Access Control (MAC) sub-layer determines the way to send data and access the wireless medium.  Logical Link Control (LLC) sub-layer is responsible for the MAC addressing, framing, and error control.  Physical Layer takes care of transmitting raw bits through a communication channel.

7 7 Introduction  802.11 network configuration Figure 1: Infrastructure Network and Ad Hoc Network

8 8 Related works  Denial of Service A denial of service is “any action, or series of actions, that prevents any part of a system, or its resources, from functioning in accordance with its intended purpose”. Denial of service is the absence of availability. [2]

9 9 Related works  Resource allocation attacks makes the victim out of service temporarily by keeping sending association flood or authentication flood. The service will be restored to be normal once the resource allocation attack stops.  Resource destruction attacks disconnects the victim out of the network by exploiting vulnerabilities. The connection will be not restored immediately even though the attack stops.

10 10 1. Authentication 2. Association Connection established ! 1. Disassociation 2. Deauthentication Disconnected ! Ex periment

11 11 Ex periment Image from http://www.caip.rutgers.edu/~marsic/books/WN/book-WN_marsic.pdf

12 12 Ex periment

13 13 Ex periment  Key software Redhat Linux 9 with Kernel 2.4.20-8 Redhat Linux 9 with Kernel 2.4.20-8 Hostap 0.0.4 Hostap 0.0.4 Void11 0.2.0 Void11 0.2.0 Kismet 2006-04-R1 Kismet 2006-04-R1 Snort-wireless 2.4.3 with wireless patch Snort-wireless 2.4.3 with wireless patch

14 14  Attacker Laptop: Toshiba Satellite M30 LaptopToshiba Satellite M30 Laptop Hardware: Intel M 2.0GHz, RAM 512MB, 40GB Partition, SMC EliteConnection 2.4GHz 802.11b SMC2532W-B Hardware: Intel M 2.0GHz, RAM 512MB, 40GB Partition, SMC EliteConnection 2.4GHz 802.11b SMC2532W-B Software: Redhat Linux 9, kernel 2.4.20-8, Hostap 0.0.4, Void11 0.2.0 Software: Redhat Linux 9, kernel 2.4.20-8, Hostap 0.0.4, Void11 0.2.0 Role in the project: Attacker Role in the project: Attacker MAC: 00-04-e2-81-75-78 MAC: 00-04-e2-81-75-78 IP Address: none IP Address: none Ex periment

15 15 Ex periment  Intrusion Detetion Laptop IBM Thinkpad R50IBM Thinkpad R50 Hardware: 1829-5GC, Intel M 1.5GHz, RAM 256MB, 10GB Partition, SMC EliteConnection 2.4GHz 802.11b SMC2532W-BHardware: 1829-5GC, Intel M 1.5GHz, RAM 256MB, 10GB Partition, SMC EliteConnection 2.4GHz 802.11b SMC2532W-B Software: Redhat Linux 9, Kernel 2.4.20-8, Hostap 0.0.4, Kismet 2006.04.R1, Snort-wireless 2.4.3 Alpha 04 (Build 26) Software: Redhat Linux 9, Kernel 2.4.20-8, Hostap 0.0.4, Kismet 2006.04.R1, Snort-wireless 2.4.3 Alpha 04 (Build 26) Role in the project: Sniffer, Intrusion Detection, frame capture Role in the project: Sniffer, Intrusion Detection, frame capture MAC: 00-04-e2-91-78-07 MAC: 00-04-e2-91-78-07 IP Address: 192.168.1.162 IP Address: 192.168.1.162

16 16 Ex periment  Victim Laptop ASUS M3NP LaptopASUS M3NP Laptop Hardware: Intel M 2.0GHz, RAM 1GB, 80GB Partition, NETGEAR Wireless PC Card 32-bit CardBus WG511 Hardware: Intel M 2.0GHz, RAM 1GB, 80GB Partition, NETGEAR Wireless PC Card 32-bit CardBus WG511 Software: Windows 2003 Server, Microsoft IIS Software: Windows 2003 Server, Microsoft IIS Role in the project: Victim Role in the project: Victim MAC: 00-09-5b-83-f8-9c MAC: 00-09-5b-83-f8-9c IP Address: 192.168.1.101 IP Address: 192.168.1.101

17 17 Ex periment  Service Requestor IBM Thinkpad T61IBM Thinkpad T61 Hardware: 7662-CT0, Intel Core 2 Duo 2.2GHz, RAM 2GB, 100GB Partition, Intel 8459 AGN Wireless NICHardware: 7662-CT0, Intel Core 2 Duo 2.2GHz, RAM 2GB, 100GB Partition, Intel 8459 AGN Wireless NIC Software: Windows Vista Home Edition Software: Windows Vista Home Edition Role in the project: Service Requestor, test for DoS Role in the project: Service Requestor, test for DoS IP Address: 192.168.1.103 IP Address: 192.168.1.103

18 18 Ex periment  Access Point & NICs (our heroes) Wireless Access PointWireless Access Point 802.11g/2.4GHz Wireless Router D-Link DI-524802.11g/2.4GHz Wireless Router D-Link DI-524 MAC Address: 00:11:95:75:23:9A MAC Address: 00:11:95:75:23:9A IP Address: 192.168.1.3 IP Address: 192.168.1.3 SSID: wang1124 SSID: wang1124

19 19 Ex periment  Attacking Tool: void11 based on hostap  IDS Tool: kismet based on hostap  Analysis Tool: snort-wireless

20 20 Ex periment  Assumptions: Attacker has root privilege on that laptop Attacker has root privilege on that laptop Attacker knows the MAC addresses of both AP and victim Attacker knows the MAC addresses of both AP and victim The wireless network is based on 802.11b protocol The wireless network is based on 802.11b protocol

21 21 Ex periment  Attacking #void11-penetration wlan0 –t 1 –s 00:09:5b:83:f8:9c –B 00:11:95:75:23:9a –d 1000

22 22 Ex periment  Attacking – cont’ #void11-penetration wlan0 –t 1 –s 00:09:5b:83:f8:9c –B 00:11:95:75:23:9a –d 120000

23 23 Ex periment  Sniffing

24 24 Ex periment  Analysis Result =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/30-22:09:48.627250 Deauthent. 0:9:5B:83:F8:9C -> 0:11:95:75:23:9A bssid: 0:9:5B:83:F8:9C Flags: Re 0x0000: C0 08 3A 01 00 11 95 75 23 9A 00 09 5B 83 F8 9C..:....u#...[... 0x0010: 00 09 5B 83 F8 9C 80 4E 02 00..[....N.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/30-22:09:48.650280 Deauthent. 0:9:5B:83:F8:9C -> 0:11:95:75:23:9A bssid: 0:9:5B:83:F8:9C Flags: 0x0000: C0 00 3A 01 00 11 95 75 23 9A 00 09 5B 83 F8 9C..:....u#...[... 0x0010: 00 09 5B 83 F8 9C A0 4E 02 00..[....N.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

25 25 Conclusions  Simulate wireless attack on data-link layer by generating control frames to perform de-authentication flood to a single target.  Intrusion Detection System is able to detect out the attack and capture the packets.  The attack and detection tools are based on Prism Chipset wireless network cards, hostap need to be installed on Linux kernel 2.4.x.  Different rate (frame per second/millisecond) of attack can cause different scenarios, higher rate of attack can cause the access point remove the MAC address of victim computer from its cache immediately.  D-Link DI524 has self-protection from association flood and authentication flood.

26 26 Acknowledgement  Yufei Xu, Da Teng and Xin Wu  Dr. Akshai Aggarwal  IT Service staff

27 27 References  [1] Allison H. Scogin, “Disabling a Wireless Network via Denial of Service”, Technical Report MSU-070424.  [2] S. Harris, CISSP Certification, 2nd Edition, McGraw-Hill/Osborne, Emeryville, CA, 2003, p. 873.  [3] Basic Digital Forensic Investigation Concepts, http://www.digitalevidence. org/di_basics.html (current Mar 1, 2007).  [4] M. S. Gast, 802.11 Wireless Networks: The Definitive Guide, 2nd Edition, O’Reilly Media, Inc., Sebastopol, California, 2005.  [5] R. Power, “2000 CSI/FBI Computer Crime and Security Survey,” Computer  Security Journal, vol. 16, no. 2, 2000, pp. 33-49.  [6] A. S. Tanenbaum, Computer Networks, 4th Edition, Prentice Hall, Upper Saddle River, New Jersey, 2003.  [7] http://salis.iisc.ernet.in/soho/hostap_documentation1.htm, 2007 for hostap installation http://salis.iisc.ernet.in/soho/hostap_documentation1.htm  [8]http://www.wirelessdefence.org/Contents/Void11Installation.htm, 2007 for void11 installation

28 28 ?

Download ppt "1 Attacking a Wireless Network via De-authentication by Dou Wang, Jiaying Shi, Ying Chen School of Computer Science University of Windsor November 2007."

Similar presentations

Wi-Fi Technology.

Wi-Fi Technology.
Ethical Hacking Module XV Hacking Wireless Networks.

Ethical Hacking Module XV Hacking Wireless Networks.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.

Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.
BZUPAGES.COM BSIT 07-11. BZUPAGES.COM BSIT 07-11 ON.

BZUPAGES.COM BSIT BZUPAGES.COM BSIT ON.
Information Networking Security and Assurance Lab National Chung Cheng University Kai, 2004 INSA1 Using Kismet to enhance the security level in enterprise.

Information Networking Security and Assurance Lab National Chung Cheng University Kai, 2004 INSA1 Using Kismet to enhance the security level in enterprise.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Attacking and Detection: Deny of Service in Wireless Network by Injecting Disassociation Frames through Data Link Layer Yufei Xu, Xin Wu, Da Teng.

Attacking and Detection: Deny of Service in Wireless Network by Injecting Disassociation Frames through Data Link Layer Yufei Xu, Xin Wu, Da Teng.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
1-1 Introduction to Computer Networks and Data Communications.

1-1 Introduction to Computer Networks and Data Communications.
Data Communications & Computer Networks, Second Edition 1 Chapter 1 The Big Picture Introduction to Computer Networks and Data Communications.

Data Communications & Computer Networks, Second Edition 1 Chapter 1 The Big Picture Introduction to Computer Networks and Data Communications.
Handoff Delay for 802.11b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.

Handoff Delay for b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 1: Internetworking.

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 1: Internetworking.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
THE OSI REFERENCE MODEL Open Systems Interconnection Reference Model.

THE OSI REFERENCE MODEL Open Systems Interconnection Reference Model.

Similar presentations

Ads by Google