Chapter 7 - Wireless Network Hacking Flashcards
Modulation type: OFDM
Orthogonal Frequency-Division Multiplexing (OFDM) - carries waves in various channels (think cable tv)
Modulation type: DSSS
Direct-Sequence Spread Spectrum (DSSS) - Combines all available waveforms into a single purpose.
802.11 Series
Defines the standards for wireless networks
802.15.1
Bluetooth Standards
802.15.4
Zigbee - Low power, low data rate, close proximity ad-hoc networks
802.16
WiMAX - broadband wireless metropolitan area networks. 40 Mbps
Wireless Standard - 802.11a
Mbps - 54 Frequency - 5 GHz Modulation Type: OFDM
Wireless Standard - 802.11b
Mbps - 11 Frequency - 2.4 GHz Modulation Type: DSSS
Wireless Standard - 802.11d
Mbps - Variation of a & b. Frequency - Global Use
Wireless Standard - 802.11e
Mbps - QoS Initiative Frequency - Data and Voice
Wireless Standard - 802.11g
Mbps - 54 Frequency - 2.4 GHz. Modulation Type: OFDM and DSSS
Wireless Standard - 802.11i
Mbps - WPA/WPA2 Encryption
Wireless Standard - 802.11n
Mbps - 100+ Frequency: 2.4 - 5. Modulation Type: OFDM
Wireless Standard - 802.11ac
Mbps - 1000 Frequency: 5 GHz Modulation Type: QAM
Orthogonal Frequency - Division Multiplexing (OFDM)
Carries waves in various channels
Direct-Sequence Spread Spectrum (DSSS)
Combines all available waveforms into a single purpose.
Basic Service Set Identifier (BSSID)
MAC address of wireless access point.
Three types of Authentication are:
Open System - No authentication Shared Key Authentication - authentication through shared key (pw) Centralized Authentication - Authentication through something like RADIUS
Assocation vs Authentication
Association is the act of connecting; Authentication is the act of identifying the client.
Spectrum Analyzer
Verifies wireless quality, detects rogue access points and detects attacks
Directional Antenna
Signals in one direction; Yagi antenna is a type
Omnidirectional Antenna
Signals in all directions
WEP
Wired Equivalent Privacy - Encryption: RC4. IV Size: 24 bits. Key Length: 40/104. Integrity Check: CRC-32
WPA
Wi-Fi Protected Access - Encryption: RC4 + TKIP IV Size: 48 bits. Key Length: 128 bits. Integrity Check: Michael/CRC-32
WPA2
Encryption: AES-CCMP IV Size: 48 bits Key Length: 128-bits Integrity Check: CBC-MAC (CCMP)
WPA2 Enterprise vs WPA2 Personal
Enterprise: Can tie an EAP or RADIUS server into authentication. Personal: Uses a pre-shared key to authenticate.
Message Integrity Code (MIC)
Hashes for CCMP to protect integrity.
Cipher Block Chaining Message Authentication Code (CBC-MAC)
Integrity process of WPA2
WIGLE
Tool for network discovery that can map for wireless networks
NetStumbler
Tool for network discovery
Kismet
Wireless packet analyzer/sniffer that can be used for discovery. Works passively and can detect access points.
NetSurveyor
Tool for Windows that does network discovery
pcap vs libcap
pcap - driver library for Windows libcap - Drivery library for Linux
Rogue Access point
Places an access point controlled by an attacker
Evil Twin
Rogue AP with a SSID similar to the name of a popular network
Honeyspot
Fakinga well known hotspot with a rogue AP
Ad Hoc Connection Attack
Connecting directly to another phone via ad-hoc network. User must accept connection
Aircrack-ng
Sniffer, detector, traffic analysis tool and password cracker. Uses Dictionary attacks for WPA and WPA2.
Cain & Abel
Sniffs packets and cracks passwords. Relies on Statistical measures and the PTW technique to break WEP
KisMAC
MacOS tool to brute force WEP or WPA passwords
KRACK
Key Installation Attack (KRACK) - Method for cracking WPA. Replay attack that uses third handshake of another device’s session.
OmniPeek
Provides data like Wireshark in addition to network activity and monitoring.
AirMagnet WiFi Analyzer Pro
Sniffer, traffic analyzer and network-auditing suite
WiFi Pilot
Wireless sniffer
