For this workshop we will focus primarily on using Evil Twin attacks Wireless

For this workshop we will focus primarily on using

This preview shows page 9 - 12 out of 48 pages.

they are often most effective when used out of range of the target network. For this workshop, we will focus primarily on using Evil Twin attacks. Wireless Theory: Evil Twin Attacks An Evil Twin is a wireless attack that works by impersonating a legitimate access point. The 802.11 protocol allows clients to roam freely from access point to access point. Additionally, most wireless implementations do not require mutual authentication between the access point and the wireless client. This means that wireless clients must rely exclusively on the following attributes to identify access points: 1. BSSID The access point’s Basic Service Set identifier, which refers to the access point and every client that is associated with it. Usually, the access point's MAC address is used to derive the BSSID. 2. ESSID The access point’s Extended Service Set identifier, known colloquially as the AP’s “network name.” An Extended Se rvice Set (ESS) is a collection of Basic Service Sets connected using a common Distribution System (DS). 3. Channel The operating channel of the access point. [22] To execute the attack, the attacker creates an access point using the same ESSID and channel as a
Image of page 9
Advanced Wireless Attacks Against Enterprise Networks Attacking And Gaining Entry To WPA2-EAP Wireless Networks © 2017 Gabriel Ryan All Rights Reserved 10 legitimate AP on the target network. So long as the malicious access point has a more powerful signal strength than the legitimate AP, all devices connected to the target AP will drop and connect to the attacker. [22] Wireless Theory: WPA2-EAP Networks Now let’s talk about WPA2 -EAP networks. The most commonly used EAP implementations are EAP-PEAP and EAP-T TLS. Since they’re very similar to one another from a technical standpoint, we’ll be focusing primarily on EAP -PEAP. However, the techniques learned in this workshop can be applied to both. The EAP-PEAP authentication process is an exchange that takes place between three parties: the wireless client (specifically, software running on the wireless client), the access point, and the authentication server. We refer to the wireless client as the supplicant and the access point as the authenticator [2]. Logically, authentication takes place between the supplicant and the authentication server . When a client device attempts to connect to the network, the authentication server presents the supplicant with an x.509 certificate. If the client device accepts the certificate, a secure encrypted tunnel is established between the authentication server and the supplicant. The authentication attempt is then performed through the encrypted tunnel. If the authentication attempt succeeds, the client device is permitted to associate with the target network [2][3].
Image of page 10
Advanced Wireless Attacks Against Enterprise Networks Attacking And Gaining Entry To WPA2-EAP Wireless Networks © 2017 Gabriel Ryan All Rights Reserved 11 Without the use of the secure tunnel to protect the authentication process, an attacker could sniff the challenge and response then derive the password offline. In fact, legacy implementations of EAP, such as EAP-MD5, are susceptible to this kind of attack. However, the
Image of page 11
Image of page 12

You've reached the end of your free preview.

Want to read all 48 pages?

  • Fall '18
  • fasdfasdfasd
  • Wi-Fi, Wireless access point, Gabriel Ryan

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes