[ Pobierz całość w formacie PDF ]
.168.1.It will then enter theMAC/IP address combination into its local MAC address table anduse that MAC address for all future communication with192.168.1.An attacker can force packets to go through a malicious host byexploiting this lazy mechanism of learning MAC addresses.Assumean attacker wants to intercept traffic between a client (192.168.99) and a server (192.168.1).The attacker andboth target hosts are on the same network.The attacker sends anARP reply packet to the client machine with a source IP of the serverbut with a source MAC of the malicious machine.The clientmachine now thinks that the server has the MAC address of themalicious machine and will send all frames for 192.168.1 tothat host.Conversely, the attacker sends a packet to the server with asource IP of the client and a source MAC of the malicious machine.As in the client's situation, packets will be forwarded to the malicioushost.At this point, the attacker can watch, drop, forward, and manipulatedata moving between the client and the server.Even in a switchedenvironment, this attack is successful because the switch has no wayof recognizing something is wrong.Bob Fleck and Jordan Dimov wrote a paper available athttp://www.cigitallabs.com/resources/papers/download/arppoison.pdfthat discusses how this kind of ARP poisoning can be used on awireless network.A wireless attacker can use ARP poisoning to pullpackets "off-wire" by poisoning the ARP caches of two wired hostsbehind an AP.A wireless attacker can intercept traffic between anyhosts on the same broadcast domain, regardless if they are wired orwireless by using ARP poisoning.2.3.1 EavesdroppingIn a wireless network, eavesdropping is easy because wirelesscommunications are not easily confined to a physical area.A nearby attackercan receive the radio waves on the wireless network without any substantialeffort or equipment.All frames sent across the wireless medium can beexamined in real time or stored for later examination.Several layers of encryption can and should be implemented to obscuretransmitted data in an effort to prevent attackers from gleaning usefulinformation from the network traffic.Since the ability of an attacker toeavesdrop on wireless communications is fait accompli, the data-linkencryption mechanism WEP was developed.If the traffic is not protected atthe data-link layer using WEP, then the higher layer security mechanismsmust be used to protect the data.If a security mechanism such as IPsec,SSH, or SSL is not used for transmission then the application data isavailable to anyone with an antenna in the area without any further effort. Unfortunately, several flaws in WEP have been uncovered as discussed inSection 1.6.Even with WEP turned on, a determined attacker can potentiallylog gigabytes worth of WEP-protected traffic in an effort to post-process thedata and break the protection.These weaknesses in WEP drastically increasethe risk due to eavesdropping.If WEP is cracked, there is great deal ofsensitive data that is passed across networks with no further encryption, suchas a user who accesses his mail using the POP or IMAP protocols.Theseprotocols are widely deployed without any form of encryption forauthentication or data transport, putting the users at risk when using awireless network.2.3.2 ManipulatingManipulation takes eavesdropping a step further.An attacker who cansuccessfully manipulate data on a network can effectively send datamasquerading as a victim computer.Using ARP poisoning, an attacker canforce traffic through a malicious machine.This malicious machine may, forexample, change the content of emails, instant messages, or databasetransactions.The malicious machine can also choose not to forward packetsalong, effectively denying use of the network from the victim.2.4 Illicit UseIllicit use of a wireless network involves an attacker using the networkbecause of its connection to other networks.Attackers may use a network toconnect to the Internet or to connect to the corporate network that livesbehind the AP.Illicit use may not cause any operational problems, but it stillmay be unwanted and unlawful use of the wireless network.An attacker inthis case may simply be someone who drove up near the AP, associated tothe network and is checking his mail.Alternatively, the attacker may besending spam to thousands of email addresses.The attacker may even beattempting to exploit a file server that lives on the same network as the APor use the AP as a mask to hide the source of illegal actions, such as hackingother networks.No matter what the attacker is doing, his use is unacceptable.However, thedifferent types of illicit use pose varying degrees of problems for theorganization running the WLAN.Again, in a wired network, illicit use is nota likely problem.In order to use a wired network, an attacker must have physical access to the network infrastructure.For reasons already outlined,this is unlikely and generally risky for an attacker to do.However, in mostwireless networks, an attacker has much more freedom and is less likely tobe caught attempting to use the network.(Illicit use by authorized users is adifferent matter.They already have proper access to the network but areusing it for activities that are forbidden by a network-usage policy.)Access points are not difficult to find.An attacker can simply drive aroundan area looking for unprotected APs using war-driving software such asNetStumbler.Once an attacker finds an open AP, he can use it for whateverillicit use he desires.Databases of APs have been created, removing the war-driving step.Somedatabases such as Cisco's Hotspot Locator (http://www.cisco.com/pcgi-bin/cimo/Home) provide the location of closed APs that require payment toaccess outside resources [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • rozszczep.opx.pl

    •