In the wireless industry, wrapping your arms around wireless attacks and their potential business impacts can be tough. All types of Wireless networks are vulnerable to the following attacks and their classifications:
1. Access Control Attacks
These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures.
- War Driving – Discovering wireless LANs by listening to beacons.
- Rogue Access Points – Installing an unsecured AP inside firewall.
- Ad Hoc Associations – Connecting directly to an unsecured station.
- MAC Spoofing – Reconfiguring an attacker’s MAC address to pose as an authorized AP or station.
- RADIUS Cracking – Recovering RADIUS secret by brute force.
2. Confidentiality Attacks
These attacks attempt to intercept private information sent over wireless associations.
- Eavesdropping – Capturing and decoding unprotected application traffic.
- WEP Key Cracking – Capturing data to recover a WEP key using passive or active methods.
- Evil Twin AP – Posing as an authorized AP by beaconing the WLAN’s SSID to lure users.
- AP Phishing – Running a duplicate portal or Web server on an evil twin AP to “phish” for user logins, credit card numbers.
- Man in the Middle – Running traditional man-in-the-middle attack tools
3. Integrity attacks
These attacks send forged control, management or data frames over wireless to mislead the recipient or facilitate another type of attack.
- Frame Injection – Crafting forged 802.11 frames.
- Data Replay – Capturing data frames for later replay.
- EAP Replay – Capturing Extensible Authentication Protocols for later replay.
- RADIUS Replay – Capturing RADIUS Access-Accept or Reject messages for later replay.
4. Authentication attacks
Intruders use these attacks to steal legitimate user identities and credentials to access otherwise private networks and services.
- Shared Key Guessing – Attempting Shared Key Authentication with guessed, vendor default or cracked WEP keys.
- PSK Cracking – Recovering a WPA/WPA2 PSK from captured key handshake frames using a dictionary attack tool.
- Login Theft – Capturing user credentials from cleartext application protocols.
- Domain Login Cracking – Recovering user credentials by cracking NetBIOS password hashes
- VPN Login Cracking – Recovering user credentials by running brute-force attacks on VPN authentication protocols.
5. Availability attacks
These attacks impede delivery of wireless services to legitimate users, either by denying them access to WLAN resources or by crippling those resources.
- AP Theft – Physically removing an AP from a public space.
- Queensland DoS – Exploiting the CSMA/CA
- Beacon Flood – Generating thousands of counterfeit beacons to make it hard for stations to find a legitimate AP.