WiFoo..The.Secrets.of.Wireless.Hacking [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

WiFoo..The.Secrets.of.Wireless.Hacking [Electronic resources] - نسخه متنی

Andrew A. Vladimirov

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Wi-Foo

Table of Contents

Copyright

Acknowledgments

About the Authors

Introduction

Why Does Wi-Foo Exist and for Whom Did We Write It?

What About the Funky Name?

How This Book Is Organized

Chapter 1. Real World Wireless Security

Why Do We Concentrate on 802.11 Security?

Getting a Grip on Reality: Wide Open 802.11 Networks Around Us

The Future of 802.11 Security: Is It as Bright as It Seems?

Summary

Chapter 2. Under Siege

Why Are "They" After Your Wireless Network?

Wireless Crackers: Who Are They?

Corporations, Small Companies, and Home Users: Targets Acquired

Target Yourself: Penetration Testing as Your First Line of Defense

Summary

Chapter 3. Putting the Gear Together: 802.11 Hardware

PDAs Versus Laptops

PCMCIA and CF Wireless Cards

Antennas

RF Amplifiers

RF Cables and Connectors

Summary

Chapter 4. Making the Engine Run: 802.11 Drivers and Utilities

Operating System, Open Source, and Closed Source

The Engine: Chipsets, Drivers, and Commands

Getting Used to Efficient Wireless Interface Configuration

Summary

Chapter 5. Learning to WarDrive: Network Mapping and Site Surveying

Active Scanning in Wireless Network Discovery

Monitor Mode Network Discovery and Traffic Analysis Tools

Tools That Use the iwlist scan Command

RF Signal Strength Monitoring Tools

Summary

Chapter 6. Assembling the Arsenal: Tools of the Trade

Encryption Cracking Tools

Wireless Frame-Generating Tools

Wireless Encrypted Traffic Injection Tools: Wepwedgie

Access Point Management Utilities

Summary

Chapter 7. Planning the Attack

The "Rig"

Network Footprinting

Site Survey Considerations and Planning

Proper Attack Timing and Battery Power Preservation

Stealth Issues in Wireless Penetration Testing

An Attack Sequence Walk-Through

Summary

Chapter 8. Breaking Through

The Easiest Way to Get in

A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering

Picking a Trivial Lock: Various Means of Cracking WEP

Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking

Field Observations in WEP Cracking

Cracking TKIP: The New Menace

The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment

Breaking the Secure Safe

The Last Resort: Wireless DoS Attacks

Summary

Chapter 9. Looting and Pillaging: The Enemy Inside

Step 1: Analyze the Network Traffic

Step 2: Associate to WLAN and Detect Sniffers

Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting

Step 4: Scan and Exploit Vulnerable Hosts on WLAN

Step 5: Take the Attack to the Wired Side

Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules

Summary

Chapter 10. Building the Citadel: An Introduction to Wireless LAN Defense

Wireless Security Policy: The Cornerstone

Layer 1 Wireless Security Basics

The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding

Secure Wireless Network Positioning and VLANs

Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway

Proprietary Improvements to WEP and WEP Usage

802.11i Wireless Security Standard and WPA: The New Hope

Summary

Chapter 11. Introduction to Applied Cryptography: Symmetric Ciphers

Introduction to Applied Cryptography and Steganography

Modern-Day Cipher Structure and Operation Modes

Bit by Bit: Streaming Ciphers and Wireless Security

The Quest for AES

Between DES and AES: Common Ciphers of the Transition Period

Selecting a Symmetric Cipher for Your Networking or Programming Needs

Summary

Chapter 12. Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms

Cryptographic Hash Functions

Dissecting an Example Standard One-Way Hash Function

Hash Functions, Their Performance, and HMACs

Asymmetric Cryptography: A Different Animal

Summary

Chapter 13. The Fortress Gates: User Authentication in Wireless Security

RADIUS

Installation of FreeRADIUS

User Accounting

RADIUS Vulnerabilities

RADIUS-Related Tools

802.1x: The Gates to Your Wireless Fortress

LDAP

NoCat: An Alternative Method of Wireless User Authentication

Summary

Chapter 14. Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs

Why You Might Want to Deploy a VPN

VPN Topologies Review: The Wireless Perspective

Common VPN and Tunneling Protocols

Alternative VPN Implementations

The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview

Deploying Affordable IPSec VPNs with FreeS/WAN

Summary

Chapter 15. Counterintelligence: Wireless IDS Systems

Categorizing Suspicious Events on WLANs

Examples and Analysis of Common Wireless Attack Signatures

Radars Up! Deploying a Wireless IDS Solution for Your WLAN

Summary

Afterword

Appendix A. Decibel-Watts Conversion Table

Appendix B. 802.11 Wireless Equipment

Appendix C. Antenna Irradiation Patterns

Omni-Directionals:

Semi-Directionals:

Highly-directionals

Appendix D. Wireless Utilities Manpages

1 Iwconfig

2 Iwpriv

3 Iwlist

4 Wicontrol

5 Ancontrol

Appendix E. Signal Loss for Obstacle Types

Appendix F. Warchalking Signs

Original Signs

Proposed New Signs

Appendix G. Wireless Penetration Testing Template

Arhont Ltd Wireless Network Security and Stability Audit Checklist Template

1 Reasons for an audit

2 Preliminary investigations

3 Wireless site survey

4 Network security features present

5 Network problems / anomalies detected

6 Wireless penetration testing procedure

7 Final recommendations

Appendix H. Default SSIDs for Several Common 802.11 Products

Glossary

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_J

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Y

index_Z
توضیحات
افزودن یادداشت جدید











6 Wireless penetration testing procedure


Maximum network discovery and fingerprinting distance with:

Built-in client card antenna

___

12 dBi omnidirectional

___

15 dBi Yagi

___

19 dBi directional

___

ESSID security

default

company name

closed

address

other relevant information

______________________________

Bypassing closed ESSID

closed ESSID value

______________________________

Bypassing MAC filtering

success with MAC

______________________________

Cracking WEP keys

key 1

______________________________

key 2

______________________________

key 3

______________________________

key 4

______________________________

cracking time

___

cracking tool

___

WEP cracking acceleration

time saved

___

traffic injection tool

___

type of traffic injected

___

Brute-forcing 802.1x access

password guessed

______________________________

Other 802.1x attacks

Comments

______________________________

Wireless man-in-the-middle attacks

Tool _________________

layer 1 attack (comments)

______________________________

layer 2 attack (comments)

______________________________

DoS attack resilience / detection (comments)

deauthentication flood

______________________________

deassociation flood

______________________________

malformed frames flood

______________________________

excessive beacon flood

______________________________

authentication flood

______________________________

probe requests flood

______________________________

Other attacks

______________________________

Wireless traffic interception / analysis

packets per minute

___

plaintext and plaintext authentication protocols detected

POP3

Telnet

SMTP

FTP

IMAP

HTTP

NNTP

Instant messengers

IRC

SQL

PAP

LDAP

Other

______________________________

passwords/user credentials collected

username/password

______________________________

username/password

______________________________

username/password

______________________________

username/password

______________________________

weak encryption/vulnerable protocols detected

LM/ NTLMv1

SSHv1

Other

______________________________

passwords cracked

username/password

______________________________

username/password

______________________________

username/password

______________________________

username/password

______________________________

UNIX remote services

___

type

___

SMB shares on WLAN

______________________________

NFS shares detected

______________________________

DHCP traffic detected

______________________________

HSRP/VRRP traffic detected

______________________________

HSRP password

______________________________

VRRP authentication

______________________________

VRRP password

______________________________

CDP traffic detected

______________________________

CDP data gathered

______________________________

ICMP type 9/10 implementation

RIPv1 running

Unauthenticated routing protocols over wireless network

RIPv2

OSPF

IGRP

EIGRP

IS-IS

IPX RIP

NLSP

Other ________________

Unauthenticated NTP traffic

SNMP traffic

SNMP communities found

___

SNMP version

___

NetBIOS over IPX traffic

AppleTalk traffic

DecNet traffic

Banyan Vines traffic

SNA traffic

Other ________________

Remote administration traffic

VNC

PCAnywhere

Webmin

Other ________________

Remote X Server cookies

Syslog traffic

over UDP

over TCP

Passive OS fingerprinting

_________________________________

Gateway discovery (IP)

_________________________________

IDS host discovery

_________________________________

ARP spoofing man-in-the-middle attack

_________________________________

Switch CAM table flooding

_________________________________

Route injection attacks

_________________________________

ICMP route redirection

_________________________________

DNS cache poisoning

_________________________________

DHCP DoS attacks

_________________________________

Tunneling protocols attack

_________________________________

VPN enumeration

_________________________________

VPN-related attacks

_________________________________

Active OS fingerprinting

_________________________________

Discovered backdoors / backchannel traffic

_________________________________

Banner grabbing and host penetrationpenetrated hosts ()

IP/hostname:vulnerability

_________________________________

IP/hostname:vulnerability

_________________________________

IP/hostname:vulnerability

_________________________________

Network / host DoS resilience testing

attack/host/result

_________________________________

attack/host/result

_________________________________

attack/host/result

_________________________________

Egress filtering firewall testing from the wireless site

_________________________________

Physical security issues discovered

_________________________________

Social engineering attacks

_________________________________


/ 174