During the early popular adoption of 802.11, providing open access points for anyone within range to use was encouraged to cultivate wireless community networks;[13] particularly since people on average use only a fraction of their upstream bandwidth at any given time. Later, equipment manufacturers and mass-media advocated isolating users to a predetermined whitelist of authorized users—referred to as "securing" the access point.
Measures to deter unauthorized users include suppressing the AP's SSID broadcast, allowing only computers with known MAC addresses to join the network, and various encryption standards. Suppressed SSID and MAC filtering are ineffective security methods as the SSID is broadcast in the open in response to a client SSID query and a MAC address can easily be spoofed. If the eavesdropper has the ability to change his MAC address, then he can potentially join the network by spoofing an authorized address.WEP encryption can protect against casual snooping, but may also produce a misguided sense of security since freely available tools such as AirSnort or aircrack can quickly recover WEP encryption keys. Once it has seen 5-10 million encrypted packets, AirSnort can determine the encryption password in under a second;[14] newer tools such as aircrack-ptw can use Klein's attack to crack a WEP key with a 50% success rate using only 40,000 packets. The newer Wi-Fi Protected Access (WPA) and IEEE 802.11i (WPA2) encryption standards resolve most of the serious weaknesses of WEP encryption.
Attackers who have gained access to a Wi-Fi network can use DNS spoofing attacks very effectively against any other user of the network, because they can see the DNS requests made, and often respond with a spoofed answer before the queried DNS server has a chance to reply.>>>>
No comments:
Post a Comment