Finally well nee simple yet flexible utility that redirects packets from one

Finally well nee simple yet flexible utility that

This preview shows page 17 - 20 out of 48 pages.

that we’ll need to use an operating system that supports packet forwarding. Finally, we’ll need a simple yet flexible utility that redirects packets from one network interface to another. We'll do this by using dnsmasq as our DHCP server and iptables to route packets. To provide DNS, we can issue a DHCP Option that tells clients to use Google's nameservers. For our operating
Image of page 17
Advanced Wireless Attacks Against Enterprise Networks Wireless Man-In-The-Middle Attacks © 2017 Gabriel Ryan All Rights Reserved 18 system, we'll continue to use Linux since it provides an easy to use API with which to enable packet forwarding at the kernel level. Configuring Linux As A Router Before we begin, execute the following commands to prevent extraneous processes from interfering with the rogue access point. For our access point, we’ll use hostapd once again. Technically, we don’t have much choice in the matter if we continue to use Linux as an attack platform. This is because hostapd is actually the userspace master mode interface provided by mac80211, which is the wireless stack used by modern Linux kernels. Hostapd is very simple to use and configure. The snippet included above represents a minimal configuration file used by hostapd. You can paste it into a file named hostapd.conf and easily create an access point using the following syntax. After starting our access point, we can give it an IP address and subnet mask using the commands shown below. We’ll also update our routing table to allow our rogue AP to serve as the default gateway of its subnet. [email protected]~# service network-manager stop [email protected]~# rfkill unblock wlan [email protected]~# ifconfig wlan0 up interface=wlan0 driver=nl80211 ssid=FREE_WIFI channel=1 hw_mode=g [email protected]~# hostapd ./hostapd.conf [email protected]~# ifconfig wlan0 10.0.0.1 netmask 255.255.255.0 [email protected]~# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
Image of page 18
Advanced Wireless Attacks Against Enterprise Networks Wireless Man-In-The-Middle Attacks © 2017 Gabriel Ryan All Rights Reserved 19 For DHCP, we can use either dhcpd or dnsmasq. The second option can often be easier to work with, particularly since it can be used as a DNS server if necessary. A typical dnsmasq.conf file looks like this: The first entry in the snippet shown above defines a DHCP pool of 10.0.0.80 through 10.0.0.254. The second two entries are DHCP Options that are used to tell clients where to find the nameserver and network gateway. The dhcp-authoritative flag specifies that we are the only DHCP server on the network. The log-queries entry is self-explanatory. Copy the config snippet shown above into a file named dnsmasq.conf, and run in a new terminal using the following syntax. By default, dnsmasq binds to the wildcard address. Since we don't want dnsmasq to do this, we keep it from doing so using the -z flag. Additionally, we use the -i flag to force dnsmasq to only listen on our $phy interface. We use the -I flag to explicity forbid dnsmasq from running on our local interface. The -p flag is used to indicate the port on which dnsmasq should bind when acting as a DNS server. Setting the -p flag to 0 instructs dnsmasq to not start its DNS server at all.
Image of page 19
Image of page 20

You've reached the end of your free preview.

Want to read all 48 pages?

  • Fall '18
  • fasdfasdfasd
  • Wi-Fi, Wireless access point, Gabriel Ryan

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes