In this video, explore war driving, war chalking, rogue WAPs, and evil twins and how to protect against them.
- This is the wireless access point for my little office here at Total Seminars and we're not that big of an office so we only need one AP and this guy's passing out an SSID of private say and it works great we've got WPA2 encryption on there, big long shared keys so it's very very hard to crack them. But what would happen if somebody came into the office, you know Bob over in sales and he doesn't like how good of a signal he's getting over there and he doesn't want to bother the ID department. Bob's not evil, Bob's just a little dumb. So Bob comes in and he gets one of these little home routers from his local computer store and he takes this and he plugs it in to my wired network. Now think about that for a minute. Now again Bob's not evil, he's just dumb. But what you've just done is you've given people access to the network via an unauthorized access point. So we call this a rogue AP. So a rogue AP is nothing more than an unauthorized access point, so they happen innocently enough and it does happen. Now if this happened we would know fairly quickly, number one Bob would be shooting out an SSID of Linksys or whatever the default SSID is there. This thing's probably got a built-in DHCP server, it'd be messing up the network passing out some crazy 192.168.1 IP address range and we would yell at Bob, shake his finger and make him buy lunch the next day. But what if we took it another step? What if we took this access point and instead of just innocently plugging it in, what if we intentionally gave it the SSID of private? Well you now have what is known as an evil twin. Now rogue access points and evil twins don't have to be devices like this. As long as you have some type of internet service so people don't know that they're on the wrong thing you can get away with that. I could take this phone right here, make it a hotspot and give it an SSID of private people could get on the internet with this thing, they couldn't get to my actual network 'cause it's not plugged into my network and whoever has this phone's going to get a really big bill. But this could easily be an evil twin. It could also be a rogue access point if you don't do it on purpose. So what I want to talk about is some of the fun that we can have with evil twins in particular. Now what I've got here, is so I've got my access point, and I've got my laptop right here that's running Kali Linux and built into Kali Linux are a lot of tools that again assuming you have the right network card, I can make this thing look, act, mark, smell, taste like an access point. Everything I need, the problem that I have here, is that everybody's still connecting to this physical access point, so a really easy way to take care of that is to get one of these. This is what we call an 802.11 jammer. Okay it's not an 802.11 jammer it's really just a piece of styrofoam with a stick stuck in it, and the reason it is, is because 802.11 jammers are completely illegal in the United States. So I don't have one but here's a picture of a few so you get an idea of what they look like. Now if I have one of these jammers, I can do some fairly interesting things. These jammers for example can be programmed a million different ways. I can set this jammer up to jam the entire 2.4 gigahertz spectrum and if anybody was running was running just on 2.4 gigahertz you've got the best denial of service you've ever seen in your life. I could knock everybody off complete. But we can do stuff that's a little bit more sophisticated. One of the things that we can do is I can take this jammer and I can program it to be on channel six. So I can do a quick survey using either my phone or a regular laptop and I can see that private is currently on channel six. So as long as I'm close enough to jam the signal, I can drop this jammer down and jam up channel six. In the meantime, my little laptop over here whose an evil twin of private is now on channel, say channel one and any wireless device is designed that if a particular channel messes up it jumps and looks for the SSID on a different channel. Now if I don't have the username and passcode, no big deal all I'm going to have to do is, what as soon as they link in to this I can have a redirect page pop up that says welcome to private please enter the passcode and count on at least 15% of all people to not realize that that's not the right way to do it. Bingo I've got myself the code. The cool part about this is that I will again I'll provide internet access here just as well so I could put a cellular WAN card in here whatever I might want to do, and for a lot of people they're not going to realize that they're not on the correct wireless network anymore, and I have now generated what's known as an absolute perfect man in the middle attack. Absolutely you go onto Google, do whatever you want to do. In the meantime I'm running Wireshark or something like that and monitoring everything that's taking place in terms of traffic between you and whoever else you might want to talk to. The downside to this type of attack is that it needs one of these, and wireless jammers really are difficult to get here in the United States. They are federally illegal, but you don't really need it. We can get rid of this completely and instead do something called a deauthentication attack. Let me show you how that works. So here's my little network. Here's my wireless access point that's broadcasting out on say channel six and the SSID is stuff. Now right here is just one of my many clients and he's made a good connection to this guy and what I can do is using the right tools, so let me go ahead and bring in my evil Kali laptop that's running with the cool wireless NIC, I can actually run programs that will show me all of the clients that are authenticated to this particular wireless access point and I can then use that information to send out what are known as deauthentication or more quickly known as deauth commands, these commands basically tell those clients that they need to get off of this wireless network. They'll get off the network and then what we want them to do is then to connect to us and then once again our man in the middle attack is running perfectly. Rogue access points are a real problem, whether it's an unintentional innocent rogue access point or somebody doing something very dangerous by creating an evil twin they can be a real problem on our wireless networks.
This Total Seminars course covers the exam certification topics. For information on additional study resources—including practice tests, lab simulations, books, and discounted exam vouchers—visit totalsem.com/linkedin. LinkedIn Learning members receive special pricing.
This course was created by Total Seminars. We are pleased to offer this training in our library.
We are a CompTIA Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Implementing wireless security
- Threats to your wireless network
- Wi-Fi Protected Setup
- Installing a wireless network
- Cloud ownership and implementation
- Creating a virtual machine
- PaaS, SaaS, and IaaS
- Mobile networking
- Deploying mobile devices