Wi-Foo The Secrets of Wireless Hacking
by Vladimirov, Andrew; Gavrilenko, Konstantin V.; Mikhailovsky, Andrei A.Edition: 1st
Format: Paperback
Pub. Date: 2004-06-28
Publisher(s): Addison-Wesley Professional
Other versions by this Author
List Price: $54.99
Rent Book
Select for Price
New Book
We're Sorry
Sold Out
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
The definitive guide to penetrating and defending wireless networks. Straight from the field, this is the definitive guide to hacking wireless networks. Authored by world-renowned wireless security auditors, this hands-on, practical guide covers everything you need to attack -- or protect -- any wireless network. The authors introduce the 'battlefield, ' exposing today's 'wide open' 802.11 wireless networks and their attackers. One step at a time, you'll master the attacker's entire arsenal of hardware and software tools: crucial knowledge for crackers and auditors alike. Next, you'll learn systematic countermeasures for building hardened wireless 'citadels''including cryptography-based techniques, authentication, wireless VPNs, intrusion detection, and more. Coverage includes: Step-by-step walkthroughs and explanations of typical attacks Building wireless hacking/auditing toolkit: detailed recommendations, ranging from discovery tools to chipsets and antennas Wardriving: network mapping and site surveying Potential weaknesses in current and emerging standards, including 802.11i, PPTP, and IPSec Implementing strong, multilayered defenses Wireless IDS: why attackers aren't as untraceable as they think Wireless hacking and the law: what's legal, what isn't If you're a hacker or security auditor, this book will get you in. If you're a netadmin, sysadmin, consultant, or home user, it will keep everyone else out.
Author Biography
Andrew A. Vladimirov leads the wireless consultancy division at Arhont Ltd. He was one of the UK's first IT professionals to obtain the coveted CWNA wireless certification Konstantin V. Gavrilenko co-founded Arhont Ltd. His 12+ years' IT and security expertise includes wireless security, firewalls, cryptography, VPNs, and IDS Andrei A. Mikhailovsky has more than a decade of networking and security experience
Table of Contents
| Introduction | p. xxiii |
| Real World Wireless Security | p. 1 |
| Why Do We Concentrate on 802.11 Security? | p. 2 |
| Getting a Grip on Reality: Wide Open 802.11 Networks Around Us | p. 5 |
| The Future of 802.11 Security: Is It as Bright as It Seems? | p. 7 |
| Summary | p. 9 |
| Under Siege | p. 11 |
| Why Are "They" After Your Wireless Network? | p. 11 |
| Wireless Crackers: Who Are They? | p. 15 |
| Corporations, Small Companies, and Home Users: Targets Acquired | p. 17 |
| Target Yourself: Penetration Testing as Your First Line of Defense | p. 20 |
| Summary | p. 22 |
| Putting the Gear Together: 802.11 Hardware | p. 23 |
| PDAs Versus Laptops | p. 23 |
| PCMCIA and CF Wireless Cards | p. 25 |
| Selecting or Assessing Your Wireless Client Card Chipset | p. 26 |
| Selecting or Assessing Your Wireless Client Card RF Characteristics | p. 33 |
| Antennas | p. 36 |
| RF Amplifiers | p. 40 |
| RF Cables and Connectors | p. 41 |
| Summary | p. 41 |
| Making the Engine Run: 802.11 Drivers and Utilities | p. 43 |
| Operating System, Open Source, and Closed Source | p. 43 |
| The Engine: Chipsets, Drivers, and Commands | p. 45 |
| Making Your Client Card Work with Linux and BSD | p. 46 |
| Getting Used to Efficient Wireless Interface Configuration | p. 54 |
| Linux Wireless Extensions | p. 55 |
| Linux-wlan-ng Utilities | p. 63 |
| Cisco Aironet Configuration | p. 66 |
| Configuring Wireless Client Cards on BSD Systems | p. 69 |
| Summary | p. 70 |
| Learning to WarDrive: Network Mapping and Site Surveying | p. 71 |
| Active Scanning in Wireless Network Discovery | p. 72 |
| Monitor Mode Network Discovery and Traffic Analysis Tools | p. 76 |
| Kismet | p. 76 |
| Wellenreiter | p. 85 |
| Airtraf | p. 86 |
| Gtkskan | p. 88 |
| Airfart | p. 89 |
| Mognet | p. 90 |
| WifiScanner | p. 91 |
| Miscellaneous Command-Line Scripts and Utilities | p. 93 |
| BSD Tools for Wireless Network Discovery and Traffic Logging | p. 98 |
| Tools That Use the iwlist scan Command | p. 102 |
| RF Signal Strength Monitoring Tools | p. 104 |
| Summary | p. 107 |
| Assembling the Arsenal: Tools of the Trade | p. 109 |
| Encryption Cracking Tools | p. 110 |
| WEP Crackers | p. 111 |
| Tools to Retrieve WEP Keys Stored on the Client Hosts | p. 118 |
| Traffic Injection Tools Used to Accelerate WEP Cracking | p. 118 |
| 802.1x Cracking Tools | p. 120 |
| Wireless Frame-Generating Tools | p. 123 |
| AirJack | p. 123 |
| File2air | p. 126 |
| Libwlan | p. 127 |
| FakeAP | p. 130 |
| Void11 | p. 131 |
| Wnet | p. 132 |
| Wireless Encrypted Traffic Injection Tools: Wepwedgie | p. 134 |
| Access Point Management Utilities | p. 139 |
| Summary | p. 141 |
| Planning the Attack | p. 143 |
| The "Rig" | p. 143 |
| Network Footprinting | p. 145 |
| Site Survey Considerations and Planning | p. 147 |
| Proper Attack Timing and Battery Power Preservation | p. 151 |
| Stealth Issues in Wireless Penetration Testing | p. 152 |
| An Attack Sequence Walk-Through | p. 153 |
| Summary | p. 154 |
| Breaking Through | p. 155 |
| The Easiest Way to Get in | p. 155 |
| A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering | p. 156 |
| Picking a Trivial Lock: Various Means of Cracking WEP | p. 161 |
| WEP Brute-Forcing | p. 161 |
| The FMS Attack | p. 163 |
| An Improved FMS Attack | p. 164 |
| Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking | p. 168 |
| Field Observations in WEP Cracking | p. 168 |
| Cracking TKIP: The New Menace | p. 169 |
| The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment | p. 171 |
| DIY: Rogue Access Points and Wireless Bridges for Penetration Testing | p. 173 |
| Hit or Miss: Physical Layer Man-in-the-Middle Attacks | p. 178 |
| Phishing in the Air: Man-in-the-Middle Attacks Combined | p. 179 |
| Breaking the Secure Safe | p. 181 |
| Crashing the Doors: Authentication Systems Attacks | p. 181 |
| Tapping the Tunnels: Attacks Against VPNs | p. 186 |
| The Last Resort: Wireless DoS Attacks | p. 192 |
| Physical Layer Attacks or Jamming | p. 193 |
| Spoofed Deassociation and Deauthentication Frames Floods | p. 193 |
| Spoofed Malformed Authentication Frame Attack | p. 194 |
| Filling Up the Access Point Association and Authentication Buffers | p. 195 |
| Frame Deletion Attack | p. 196 |
| DoS Attacks Based on Specific Wireless Network Settings | p. 196 |
| Attacks Against 802.11i Implementations | p. 197 |
| Summary | p. 198 |
| Looting and Pillaging: The Enemy Inside | p. 199 |
| Analyze the Network Traffic | p. 200 |
| 802.11 Frames | p. 200 |
| Plaintext Data Transmission and Authentication Protocols | p. 201 |
| Network Protocols with Known Insecurities | p. 203 |
| DHCP, Routing, and Gateway Resilience Protocols | p. 203 |
| Syslog and NTP Traffic | p. 205 |
| Protocols That Shouldn't Be There | p. 205 |
| Associate to WLAN and Detect Sniffers | p. 206 |
| Identify the Hosts Present and Perform Passive Operating System Fingerprinting | p. 208 |
| Scan and Exploit Vulnerable Hosts on WLAN | p. 210 |
| Take the Attack to the Wired Side | p. 213 |
| Check Wireless-to-Wired Gateway Egress Filtering Rules | p. 218 |
| Summary | p. 220 |
| Building the Citadel: An Introduction to Wireless LAN Defense | p. 221 |
| Wireless Security Policy: The Cornerstone | p. 221 |
| Device Acceptability, Registration, Update, and Monitoring | p. 222 |
| User Education and Responsibility | p. 222 |
| Physical Security | p. 223 |
| Physical Layer Security | p. 223 |
| Network Deployment and Positioning | p. 223 |
| Security Countermeasures | p. 224 |
| Network Monitoring and Incident Response | p. 224 |
| Network Security and Stability Audits | p. 225 |
| Layer 1 Wireless Security Basics | p. 225 |
| The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding | p. 228 |
| Secure Wireless Network Positioning and VLANs | p. 231 |
| Using Cisco Catalyst Switches and Aironet Access Points to Optimize Secure Wireless Network Design | p. 231 |
| Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway | p. 235 |
| Proprietary Improvements to WEP and WEP Usage | p. 242 |
| 802.11i Wireless Security Standard and WPA: The New Hope | p. 244 |
| Introducing the Sentinel: 802.1x | p. 245 |
| Patching the Major Hole: TKIP and CCMP | p. 248 |
| Summary | p. 250 |
| Introduction to Applied Cryptography: Symmetric Ciphers | p. 253 |
| Introduction to Applied Cryptography and Steganography | p. 254 |
| Modern-Day Cipher Structure and Operation Modes | p. 260 |
| A Classical Example: Dissecting DES | p. 260 |
| Kerckhoff's Rule and Cipher Secrecy | p. 264 |
| The 802.11i Primer: A Cipher to Help Another Cipher | p. 265 |
| There Is More to a Cipher Than the Cipher: Understanding Cipher Operation Modes | p. 268 |
| Bit by Bit: Streaming Ciphers and Wireless Security | p. 272 |
| The Quest for AES | p. 274 |
| AES (Rijndael) | p. 278 |
| MARS | p. 279 |
| RC6 | p. 282 |
| Twofish | p. 284 |
| Serpent | p. 287 |
| Between DES and AES: Common Ciphers of the Transition Period | p. 290 |
| 3DES | p. 290 |
| Blowfish | p. 291 |
| IDEA | p. 293 |
| Selecting a Symmetric Cipher for Your Networking or Programming Needs | p. 296 |
| Summary | p. 300 |
| Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms | p. 303 |
| Cryptographic Hash Functions | p. 304 |
| Dissecting an Example Standard One-Way Hash Function | p. 305 |
| Hash Functions, Their Performance, and HMACs | p. 308 |
| MIC: Weaker But Faster | p. 309 |
| Asymmetric Cryptography: A Different Animal | p. 312 |
| The Examples of Asymmetric Ciphers: ElGamal, RSA, and Elliptic Curves | p. 314 |
| Practical Use of Asymmetric Cryptography: Key Distribution, Authentication, and Digital Signatures | p. 317 |
| Summary | p. 320 |
| The Fortress Gates: User Authentication in Wireless Security | p. 323 |
| Radius | p. 323 |
| Basics of AAA Framework | p. 323 |
| An Overview of the RADIUS Protocol | p. 324 |
| RADIUS Features | p. 325 |
| Packet Formats | p. 326 |
| Packet Types | p. 327 |
| Installation of FreeRADIUS | p. 328 |
| Configuration | p. 329 |
| User Accounting | p. 334 |
| RADIUS Vulnerabilities | p. 335 |
| Response Authenticator Attack | p. 336 |
| Password Attribute-Based Shared Secret Attack | p. 336 |
| User Password-Based Attack | p. 336 |
| Request Authenticator-Based Attacks | p. 337 |
| Replay of Server Responses | p. 337 |
| Shared Secret Issues | p. 337 |
| RADIUS-Related Tools | p. 338 |
| 802.1x: The Gates to Your Wireless Fortress | p. 339 |
| Basics of EAP-TLS | p. 339 |
| FreeRADIUS Integration | p. 343 |
| Supplicants | p. 345 |
| An Example of Access Point Configuration: Orinoco AP-2000 | p. 351 |
| LDAP | p. 354 |
| Overview | p. 354 |
| Installation of OpenLDAP | p. 356 |
| Configuration of OpenLDAP | p. 358 |
| Testing LDAP | p. 362 |
| Populating the LDAP Database | p. 364 |
| Centralizing Authentication with LDAP | p. 367 |
| Mobile Users and LDAP | p. 372 |
| LDAP-Related Tools | p. 373 |
| NoCat: An Alternative Method of Wireless User Authentication | p. 376 |
| Installation and Configuration of NoCat Gateway | p. 378 |
| Installation and Configuration of Authentication Server | p. 379 |
| Summary | p. 381 |
| Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs | p. 383 |
| Why You Might Want to Deploy a VPN | p. 385 |
| VPN Topologies Review: The Wireless Perspective | p. 386 |
| Network-to-Network | p. 386 |
| Host-to-Network | p. 388 |
| Host-to-Host | p. 389 |
| Star | p. 390 |
| Mesh | p. 391 |
| Common VPN and Tunneling Protocols | p. 391 |
| IPSec | p. 392 |
| PPTP | p. 392 |
| GRE | p. 393 |
| L2TP | p. 393 |
| Alternative VPN Implementations | p. 394 |
| cIPe | p. 394 |
| OpenVPN | p. 394 |
| VTun | p. 395 |
| The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview | p. 395 |
| Security Associations | p. 396 |
| AH | p. 397 |
| ESP | p. 398 |
| IP Compression | p. 399 |
| IPSec Key Exchange and Management Protocol | p. 400 |
| IKE | p. 400 |
| Perfect Forward Secrecy | p. 402 |
| Dead Peer Discovery | p. 402 |
| IPSec Road Warrior | p. 403 |
| Opportunistic Encryption | p. 403 |
| Deploying Affordable IPSec VPNs with FreeS/WAN | p. 403 |
| FreeS/WAN Compilation | p. 404 |
| FreeS/WAN Configuration | p. 409 |
| Network-to-Network VPN Topology Setting | p. 415 |
| Host-to-Network VPN Topology Setting | p. 416 |
| Windows 2000 Client Setup | p. 418 |
| Windows 2000 IPSec Client Configuration | p. 423 |
| Summary | p. 433 |
| Counterintelligence: Wireless IDS Systems | p. 435 |
| Categorizing Suspicious Events on WLANs | p. 437 |
| RF/Physical Layer Events | p. 437 |
| Management/Control Frames Events | p. 437 |
| 802.1x/EAP Frames Events | p. 438 |
| WEP-Related Events | p. 438 |
| General Connectivity/Traffic Flow Events | p. 439 |
| Miscellaneous Events | p. 439 |
| Examples and Analysis of Common Wireless Attack Signatures | p. 440 |
| Radars Up! Deploying a Wireless IDS Solution for Your WLAN | p. 446 |
| Commercial Wireless IDS Systems | p. 446 |
| Open Source Wireless IDS Settings and Configuration | p. 448 |
| A Few Recommendations for DIY Wireless IDS Sensor Construction | p. 451 |
| Summary | p. 455 |
| Afterword | p. 456 |
| Decibel-Watts Conversion Table | p. 457 |
| 802.11 Wireless Equipment | p. 461 |
| Antenna Irradiation Patterns | p. 469 |
| Omni-Directionals | p. 469 |
| Semi-Directionals | p. 470 |
| Highly-Directionals | p. 472 |
| Wireless Utilities Manpages | p. 475 |
| Iwconfig | p. 475 |
| Iwpriv | p. 482 |
| Iwlist | p. 484 |
| Wicontrol | p. 486 |
| Ancontrol | p. 493 |
| Signal Loss for Obstacle Types | p. 503 |
| Warchalking Signs | p. 505 |
| Original Signs | p. 505 |
| Proposed New Signs | p. 506 |
| Wireless Penetration Testing Template | p. 507 |
| Arhont Ltd Wireless Network Security and Stability Audit Checklist Template | p. 507 |
| Reasons for an audit | p. 507 |
| Preliminary investigations | p. 508 |
| Wireless site survey | p. 508 |
| Network security features present | p. 511 |
| Network problems / anomalies detected | p. 514 |
| Wireless penetration testing procedure | p. 518 |
| Final recommendations | p. 522 |
| Default SSIDs for Several Common 802.11 Products | p. 523 |
| Glossary | p. 529 |
| Index | p. 541 |
| Table of Contents provided by Ingram. All Rights Reserved. |
Excerpts
--> A.link { color: blue; text-decoration: underline;}A.visited { color: purple; text-decoration: underline;}A.active { color: red; text-decoration: underline;}P.ANCH { display: block; text-align: left; text-indent: 0.000000pt; margin-top: 0.000000pt; margin-bottom: 0.000000pt; margin-right: 0.000000pt; margin-left: 0.000000pt; font-size: 2.000000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Futura";}P.ANS { display: block; text-align: justify; text-indent: -60.000000pt; margin-top: 0.000000pt; margin-bottom: 12.000000pt; margin-right: 0.000000pt; margin-left: 120.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}P.Berkenlist { display: block; text-align: justify; text-indent: 0.000000pt; margin-top: 0.000000pt; margin-bottom: 0.000000pt; margin-right: 0.000000pt; margin-left: 0.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}P.BerkenlistEnd { display: block; text-align: justify; text-indent: 0.000000pt; margin-top: 0.000000pt; margin-bottom: 12.000000pt; margin-right: 0.000000pt; margin-left: 0.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}P.Berkenliststart { display: block; text-align: justify; text-indent: 0.000000pt; margin-top: 12.000000pt; margin-bottom: 0.000000pt; margin-right: 0.000000pt; margin-left: 0.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}LI.BL { display: block; text-align: left; text-indent: -18.000000pt; margin-top: 0.000000pt; margin-bottom: 2.000000pt; margin-right: 0.000000pt; margin-left: 78.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}LI.BL1 { display: block; text-align: left; text-indent: -18.000000pt; margin-top: 10.000000pt; margin-bottom: 2.000000pt; margin-right: 0.000000pt; margin-left: 78.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}LI.BLX { display: block; text-align: left; text-indent: -18.000000pt; margin-top: 0.000000pt; margin-bottom: 10.000000pt; margin-right: 0.000000pt; margin-left: 78.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}LI.BSL { display: block; text-align: left; text-indent: -12.000000pt; margin-top: 0.000000pt; margin-bottom: 2.000000pt; margin-right: 0.000000pt; margin-left: 96.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align: baseline; text-transform: none; font-family: "Palatino";}P.CD1 { display: block; text-align: justify; text-indent: 12.000000pt; margin-top: 0.000000pt; margin-bottom: 0.000000pt; margin-right: 0.000000pt; margin-left: 60.000000pt; font-size: 10.500000pt; font-weight: medium; font-style: Regular; color: #000000; text-decoration: none; vertical-align
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.