Professional Documents
Culture Documents
Defense in
Wireless Networks
Presented by Aleksandr Doronin
Outline
Passphrase:
Key 1-4
Each WEP key can consist of the letters "A" through "F"
and the numbers "0" through "9". It should be 10 hex or
5 ASCII characters in length for 40/64-bit encryption
and 26 hex or 13 ASCII characters in length for
104/128-bit encryption.
WPA/WPA2 Personal
Encryption:
TKIP
AES
Pre-Shared Key:
A key of 8-63 characters
Key Renewal:
You can choose a Key Renewal period, which
instructs the device how often it should change
encryption keys. The default is 3600 seconds
Attacking WEP
iwconfig a tool for configuring wireless adapters. You
can use this to ensure that your wireless adapter is in
monitor mode which is essential to sending fake ARP
(Address Resolution Protocol) requests to the target
router
macchanger a tool that allows you to view and/or
spoof (fake) your MAC address
airmon a tool that can help you set your wireless
adapter into monitor mode (rfmon)
airodump a tool for capturing packets from a wireless
router (otherwise known as an AP)
aireplay a tool for forging ARP requests
aircrack a tool for decrypting WEP keys
How to defend when using
WEP
Use longer WEP encryption keys, which makes the data analysis
task more difficult. If your WLAN equipment supports 128-bit WEP
keys.
Change your WEP keys frequently. There are devices that support
"dynamic WEP" which is off the standard but allows different WEP
keys to be assigned to each user.
Use a VPN for any protocol, including WEP, that may include
sensitive information.
Implement a different technique for encrypting traffic, such as
IPSec over wireless. To do this, you will probably need to install
IPsec software on each wireless client, install an IPSec server in
your wired network, and use a VLAN to the access points to the
IPSec server.
Attacking WPA
macchanger a tool that allows you to view and/or
spoof (fake) your MAC address
airmon a tool that can help you set your wireless
adapter into monitor mode (rfmon)
airodump a tool for capturing packets from a wireless
router (otherwise known as an AP)
aireplay a tool for forging ARP requests
Capture WPA/WPA2 handshakes by forcing clients to
reauthenticate
Generate new Initialization Vectors
aircrack a tool for decrypting WEP keys (should be
used with dictionary)
How to defend when using
WPA
Passphrases the only way to crack WPA is to
sniff the password PMK associated with the
handshake authentication process, and if this
password is extremely complicated it will be
almost impossible to crack
http://www.backtrack-linux.org/
http://www.aircrack-ng.org/
http://www.youtube.com/results?
search_query=cracking+WEP+and+WPA+with+backtrack&
oq=cracking+WEP+and+WPA+with+backtrack&aq=f&aqi=
&aql=1&gs_sm=e&gs_upl=1621l12434l0l12642l47l46l0l30
l0l0l412l4248l0.3.8.3.2l16l0