First of all I was using an amazing application called KisMAC. After a few seconds of WIFI scanning I detected 6 networks with generic SSIDs, a couple with custom SSIDs, and a few hidden ones. What surprised me was the number of probes I was able to catch. Often, these probes are set for multipurpose/home network printers but in this case, out of the three probes, Kismac sniffed out, only one was being used for a local printer. The other two were being used either for port scans or ping sweeps. Computer ports can be easily exploited. Most programs that run in any machine usually connect to the web via ports and a simple port scanner can pick them up.
But in order to successfully pick up on such ports, one must have access to the network. Having access to the network allows us to retrieve IP/MAC addresses of any machine on the network and once we have this information we can start a port scan.
How Can We Get Access To a Network?
Networks are almost always encrypted, even the networks with generic SSIDs. The few I was able to sniff out were all encrypted. The networks with generic SSIDs had WEP encryption, the networks with custom SSIDs had WPA or WPA2 encryption, which are a bit more secure. There was one that wasn't encrypted but had a hidden SSID.
In order for someone to access a network we need two things the SSID and the encryption key, if there is one. Thats where the ping sweeps come in. In this process, the intruder sends a set of ICMP ECHO packets to a network and waits until a machine on the networks responds. If one responds that means its a viable victim since the machine is on. You see any machine that is ON is prone to being somehow hacked. But there are ways to slow the process, such as encrypting your network with WEP or WPA and hiding your SSID.
KisMAC is such an amazing tool. This tool allows the user to sniff out packets from the networks it has detected similar to ping sweeps. When we have collected around 100K packets we can perform an attack to retrieve the networks encryption key. This has to be the most dangerous thing possible. If an intruder gets access to you encryption key, he has access to your router, which means he has access to the DNS bank. If the intruder is a true hacker, he/she can redirect your websites. For example, lets say your logging into bankofamerica.com to check you statement. The intruder can monitor this and he could actually mirror the original website and establish a fake one and finally redirect you to it. Once you enter your information on the fake website you are screwed.
But its not that easy gaining access to the router. In order to do so you need more information. You will need the router's IP address and the login and password for the router. In order to gain this info, one has to actually do some thinking. One... From the networks I was able sniff out I noticed they all had the same service/ router vendor, which means all of the routers IPs must be the same. In this case the ISP was Verizon Wireless, the router vendor was Actiontec Electronics, INC. and the router's IP was 192.168.05.01. Now that we have this information we can attempt to connect to the router. We will finally need a Login/Password to gain access. If we are trying to access router with a generic SSID we can safely assume the Login/Password are generic as well. In this case the Actiontec Electronics routers Pass is admin and the Pass is none other than password.
The process is not difficult but can be tedious. To protect your network from such attacks you should have an Encryption Key, preferably WPA-PSK and WPA2-PSK, hide you SSID, set up a PASS/LOGIN for your router, and change the encryption key monthly. These steps can help from intruders.
0 comments:
Post a Comment