Before an attacker is able to attempt any kind of wireless mischief, one of the first activities would be for him is to identify the various wireless targets in range. Probing and network discovery type attacks are amongst the first activities engaged by any attacker.
There are primarily 2 main types of probing, active and passive probing. Active probing involves the attacker actively sending probe requests with no SSID configured (very much like a normal wireless client would do) in order to solicit a probe response with SSID information and other information from any access points in range. Active probing cannot detect for access points that are cloaked (configured not to respond to probe requests with no SSID set) or out of range of the attacker’s wireless transmission range.
When an attacker engages in passive probing, he is listening on all channels for all wireless packets send and receive without sending even a single packet, thus the detection capability is not limited by his transmission power. But, cloaked Aps with no wireless activities during the period of the probe would not be detected.
A good example of a tool that uses active probing is NetStumbler. Kismet on the other hand is an example of a passive probing tool.
 |
| NetStumbler |
 |
| Kismet |
reference:
- Christopher Low, 13 April 2005, Understanding Wireless Attacks and Detection, SANS Institute InfoSec Reading Room
- Craik, Mike.”All Your 802.11b Are Belong To Us (NetstumblerSignature).”.Kismet Forum. 13 Apr.2005.: http://www.kismetwireless.net/cgibin/ezmlm-cgi?mss:366:eafojgdoalggkiopbclf
0 comments:
Post a Comment