1 / 12

Airsnarf

Airsnarf . Why 802.11b Hotspots Ain’t So Hot. Coming up. Disclaimer Example hotspot setup & weakness Rogue APs Demo of Airsnarf Defense strategies. Disclaimer.

Faraday
Télécharger la présentation

Airsnarf

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Airsnarf Why 802.11b Hotspots Ain’t So Hot.

  2. Coming up... • Disclaimer • Example hotspot setup & weakness • Rogue APs • Demo of Airsnarf • Defense strategies

  3. Disclaimer • This presentation and example software are intended to demonstrate the inherent security flaws in publicly accessible wireless architectures and promote the use of safer authentication mechanisms for public 802.11b hotspots. Viewers and readers are responsible for their own actions and strongly encouraged to behave themselves.

  4. Example HotSpot Setup • Visit hotspot provider website and create login • Visit hotspot with wireless device • Power on, associate, get IP, DNS, etc. • Open web browser and get redirected • Login, backend authentication & billing, welcome to the Internet

  5. Is this secure?

  6. Access Point Stronger or Closer Access Point SSID: “goodguy” SSID: “badguy” Wi-Fi Card SSID: “ANY” “goodguy” “badguy”

  7. Rogue APs? • Rogue AP = an unauthorized access point • Traditional • corporate back-doors • corporate espionage • Hotspots • DoS • theft of user credentials • AP “cloning”

  8. Hotspot Rogue AP Mechanics • “Create a competing hotspot.” • AP can be actual AP or HostAP • Create or modify captive portal behind AP • Redirect users to “splash” page • DoS or theft of user credentials • Bold attacker will visit ground zero. • Not-so-bold will drive-by with an amp.

  9. Airsnarf • Nothing special • Simplifies HostAP, httpd, dhcpd, Net::DNS, and iptables setup • Simple example rogue AP • Demonstration

  10. Defense Strategies • Local AP awareness • Customer education • One-time authentication mechanisms • Don’t charge for hotspot access?

  11. Links • Airsnarf - http://airsnarf.shmoo.com • HostAP - http://hostap.epitest.fi/ • Red Hat Kernel w/ HostAP - http://www.cat.pdx.edu/~baera/redhat_hostap/ • Looking for hotspots? - http://www.hotspotlist.com/ • Other “wireless portal software” - http://www.personaltelco.net/index.cgi/PortalSoftware

  12. Questions?

More Related