WiFi%20networks%20 - PowerPoint PPT Presentation

About This Presentation
Title:

WiFi%20networks%20

Description:

Managed mode VS Monitor mode. Promiscuous mode is driver/Firmware dependent. ... MSN contact stealer... DNS Spoofing... FILE DOWNLOAD Injection... ANY MITM ATTACK ... – PowerPoint PPT presentation

Number of Views:115
Avg rating:3.0/5.0
Slides: 15
Provided by: Presen84
Learn more at: http://ilhack.org
Category:

less

Transcript and Presenter's Notes

Title: WiFi%20networks%20


1
WiFi networks RAW SOCKETSIL-HACK2009
Eddie Harari
2
Sniffing WiFi
  • Managed mode VS Monitor mode
  • Promiscuous mode is driver/Firmware dependent.
  • Driver and Firmware for each NIC.
  • can we sniff with any card ???
  • Monitor mode, IT IS !!!

3
802.11 Data frames
  • Frame size is not fixed ! ?
  • Encapsulation is 802.2 (inside body).
  • Some networks use QOS ( Extra 2 bytes).
  • Is it so important ?

4
Sniffing in promiscuous mode
  • Ethernet II frame EMULATION

5
MITM Implementation
  • Clear text Networks.
  • WEP based Networks.
  • Shared non shared keys.
  • famous last words
  • I surf through my neighbors WIFI
    connection.

6
Monitor VS Managed
  • Monitor mode sniffs everything.
  • Monitor mode is undetectable.
  • Packet injection is hard
  • A word about WIFI encryption.
  • Managed mode is Dream environment for packet
    injection.

7
So which one is it ?
8
Pre implementation considerations
  • SCAPY is for script kiddies !?
  • (SCAPY is good solution for certain things)
  • MITM network attack must win RACE conditions .
  • What are the attacks that can take place here ?

9
Thinking of an attack
  • Dont you hate when your WIFI bandwidth is low
    cause everyone else is using the AP ?
  • RESET any TCP -SYN request !
  • From all machines but ours
  • Why cant you reset MS SYN request on the
    client side

10
MITM implementation
  • LibPcap is the best tool to use on this
    scenario.
  • Ability to sniff inject packets.
  • Support all common DLT.
  • Supports Managed and monitor modes.
  • In monitor mode you can get RADIO
    headers(FREAKY).

11
Code Implementation
  • EXAMPLE I RESETCON CODE
  • RESETCON POC CODE

12
Some ideas of what can be done
  • MSN contact stealer
  • DNS Spoofing
  • FILE DOWNLOAD Injection
  • ANY MITM ATTACK

13
Important things to remember
  • 802.11 headers are not fixed.
  • RADIO TAP headers are not fixed.
  • Code must win race conditions.
  • Packet format is important.
  • Detectable !? How to avoid that

14
THANK YOU !!!
Write a Comment
User Comments (0)
About PowerShow.com