Chapter 7 - Wireless Network Hacking

Question 1

Modulation type: OFDM

Answer 1

Orthogonal Frequency-Division Multiplexing (OFDM) - carries waves in various channels (think cable tv)

Question 2

Modulation type: DSSS

Answer 2

Direct-Sequence Spread Spectrum (DSSS) - Combines all available waveforms into a single purpose.

Question 3

802.11 Series

Answer 3

Defines the standards for wireless networks

Question 4

802.15.1

Answer 4

Bluetooth Standards

Question 5

802.15.4

Answer 5

Zigbee - Low power, low data rate, close proximity ad-hoc networks

Question 6

802.16

Answer 6

WiMAX - broadband wireless metropolitan area networks. 40 Mbps

Question 7

Wireless Standard - 802.11a

Answer 7

Mbps - 54 Frequency - 5 GHz Modulation Type: OFDM

Question 8

Wireless Standard - 802.11b

Answer 8

Mbps - 11 Frequency - 2.4 GHz Modulation Type: DSSS

Question 9

Wireless Standard - 802.11d

Answer 9

Mbps - Variation of a & b. Frequency - Global Use

Question 10

Wireless Standard - 802.11e

Answer 10

Mbps - QoS Initiative Frequency - Data and Voice

Question 11

Wireless Standard - 802.11g

Answer 11

Mbps - 54 Frequency - 2.4 GHz. Modulation Type: OFDM and DSSS

Question 12

Wireless Standard - 802.11i

Answer 12

Mbps - WPA/WPA2 Encryption

Question 13

Wireless Standard - 802.11n

Answer 13

Mbps - 100+ Frequency: 2.4 - 5. Modulation Type: OFDM

Question 14

Wireless Standard - 802.11ac

Answer 14

Mbps - 1000 Frequency: 5 GHz Modulation Type: QAM

Question 15

Orthogonal Frequency - Division Multiplexing (OFDM)

Answer 15

Carries waves in various channels

Question 16

Direct-Sequence Spread Spectrum (DSSS)

Answer 16

Combines all available waveforms into a single purpose.

Question 17

Basic Service Set Identifier (BSSID)

Answer 17

MAC address of wireless access point.

Question 18

Three types of Authentication are:

Answer 18

Open System - No authentication Shared Key Authentication - authentication through shared key (pw) Centralized Authentication - Authentication through something like RADIUS

Question 19

Assocation vs Authentication

Answer 19

Association is the act of connecting; Authentication is the act of identifying the client.

Question 20

Spectrum Analyzer

Answer 20

Verifies wireless quality, detects rogue access points and detects attacks

Question 21

Directional Antenna

Answer 21

Signals in one direction; Yagi antenna is a type

Question 22

Omnidirectional Antenna

Answer 22

Signals in all directions

Question 23

WEP

Answer 23

Wired Equivalent Privacy - Encryption: RC4. IV Size: 24 bits. Key Length: 40/104. Integrity Check: CRC-32

Question 24

WPA

Answer 24

Wi-Fi Protected Access - Encryption: RC4 + TKIP IV Size: 48 bits. Key Length: 128 bits. Integrity Check: Michael/CRC-32

Question 25

WPA2

Answer 25

Encryption: AES-CCMP IV Size: 48 bits Key Length: 128-bits Integrity Check: CBC-MAC (CCMP)

Question 26

WPA2 Enterprise vs WPA2 Personal

Answer 26

Enterprise: Can tie an EAP or RADIUS server into authentication. Personal: Uses a pre-shared key to authenticate.

Question 27

Message Integrity Code (MIC)

Answer 27

Hashes for CCMP to protect integrity.

Question 28

Cipher Block Chaining Message Authentication Code (CBC-MAC)

Answer 28

Integrity process of WPA2

Question 29

WIGLE

Answer 29

Tool for network discovery that can map for wireless networks

Question 30

NetStumbler

Answer 30

Tool for network discovery

Question 31

Kismet

Answer 31

Wireless packet analyzer/sniffer that can be used for discovery. Works passively and can detect access points.

Question 32

NetSurveyor

Answer 32

Tool for Windows that does network discovery

Question 33

pcap vs libcap

Answer 33

pcap - driver library for Windows libcap - Drivery library for Linux

Question 34

Rogue Access point

Answer 34

Places an access point controlled by an attacker

Question 35

Evil Twin

Answer 35

Rogue AP with a SSID similar to the name of a popular network

Question 36

Honeyspot

Answer 36

Fakinga well known hotspot with a rogue AP

Question 37

Ad Hoc Connection Attack

Answer 37

Connecting directly to another phone via ad-hoc network. User must accept connection

Question 38

Aircrack-ng

Answer 38

Sniffer, detector, traffic analysis tool and password cracker. Uses Dictionary attacks for WPA and WPA2.

Question 39

Cain & Abel

Answer 39

Sniffs packets and cracks passwords. Relies on Statistical measures and the PTW technique to break WEP

Question 40

KisMAC

Answer 40

MacOS tool to brute force WEP or WPA passwords

Question 41

KRACK

Answer 41

Key Installation Attack (KRACK) - Method for cracking WPA. Replay attack that uses third handshake of another device's session.

Question 42

OmniPeek

Answer 42

Provides data like Wireshark in addition to network activity and monitoring.

Question 43

AirMagnet WiFi Analyzer Pro

Answer 43

Sniffer, traffic analyzer and network-auditing suite

Question 44

WiFi Pilot

Answer 44

Wireless sniffer