Just as there are many ways to attack a wired network, there are numerous ways to attack a WLAN.
If a WLAN isn’t secured properly, an attacker may be simply able to connect to the network without having to make any sort of elaborate effort and without using any specific exploit.
When the situation warrants, crackers have a number of techniques for cracking a WLAN.
A basic understanding of these attacks will give you a better idea of the threats you face and how you should deal with them.
Crackers are continually locating new avenues for intrusion and updating their tools to take advantage of them.
Many types of exploits are very technical and require significant knowledge of networking to understand.
A man-in-the-middle-attack involves an attacker intercepting and monitoring network traffic or client authorization information and using it to authenticate with a server.
In the first attack, an attacker intercepts authentication data from a legitimate user’s computer by configuring his computer to pose as an access point and then uses that data to authenticate his own computer with the network server.
The attacker can then gain access to additional network resources.
The attacker listens for a reply to the ARP request and then either “spoofs” the MAC address by posing as a legitimate computer or sends an unsolicited ARP reply by transmitting his own MAC address to the WLAN.
Computers on the network receive the unsolicited ARP reply and update their list (cache) of MAC addresses with the attacker’s MAC address.
Legitimate computers may then associate the attacker’s MAC address with that of a legitimate one by routing traffic to the attacker’s machine.
In the second method, an attacker listens for and intercepts an address resolution protocol (ARP) request sent from one legitimate user’s computer to another.
ARP is a network protocol used to determine a computer’s physical network address, which is also known as the media access control layer address (MAC address).
Every NIC and access point has a unique MAC address assigned at the factory where it is manufactured.
MAC Address Spoofing Attack
An attacker monitoring traffic on a WLAN can listen for replies to ARP requests and intercept MAC addresses of legitimate computers on a network.
The attacker then configures his computer to transmit and receive data on the network using a stolen MAC address to gain access to network resources and information.
Internet Protocol Address Spoofing Attack
To gain access to a WLAN, an attacker can acquire an Internet protocol address.
Using a sniffer, the attacker monitors the WLAN to see what IP addresses the WLAN uses (this range of addresses is called the subnet).
After the attacker determines the IP subnet, he assigns himself an unused address and connects to the WLAN.
If a network uses the dynamic host configuration protocol (DHCP), it’s even simpler.
DHCP software automatically assigns IP addresses to computers logging onto the network.
If an attacker knows the service set identifier (SSID) for the network (which can also be sniffed), he can connect, and the access point or router with DHCP software will assign him an IP address.
Manufacturers have included DHCP service in most routers and access points.
Denial of Service Attack
An attacker doesn’t use a denial of service (DoS) attack to gain access to a WLAN.
Instead, DoS attacks are used to deny legitimate users access to the network and its services.
WLANs are vulnerable to DoS attacks in a number of ways.
First, using a brute-force attack, an attacker can “flood” an access point with network traffic, which effectively shuts it down for other users.
Users attempting to use that AP are unable to connect, which is much like receiving a busy signal when calling someone on the telephone.
An attacker can also use a high-power radio source on the same frequency to interfere with the WLAN and drown out its signal.
The resulting radio noise prevents devices on the network from talking to and hearing one another, which brings network operation to a halt.
This sort of attack is risky for an attacker.
Getting close enough to the WLAN with a high-powered transmitter can make him easy to locate using sniffers and scanners.
A denial of service resulting from a high-powered signal may not always be an intentional attack.
RF interference from other devices that share the same spectrum could result in essentially the same network conditions as a DoS attack.
However, this sort of accidental “attack” is rare if you take care in designing your network.
DoS attacks are nothing new.
They’ve been a problem on wired networks and the Internet for years.
Certain applications and devices are susceptible to different forms of DoS attacks.
Crackers may exploit design flaws that can trigger shutdown or crashing of devices.
The best way to become aware of these DoS threats is to be knowledgeable about vulnerabilities that affect your equipment and deal with them as they arise.