This article will focuses on attacks against wireless network as a whole (Hacking Wireless Networks). 802.11-based attacks against authentication, encryption, and other protocol weakness. We will divide to 5 main problems.
- Explore what can happen when you can obtain access to victim’s internal computers
- Port Scanning
- Testing common vulnerabilities on Linux and Windows
- Obtain WEP keys
- Implement security defenses to help keep your network secure
When you start playing around on your network, You will realize at how many of your wireless clients have security vulnerablities. That’s why defending your network by using firewall is important. Performing security scans can show you what others people can do if they are able to break through your airwaves and gain access to your network.
Remember to think like a hacker, Build a mental picture of possible way to hack through vulnerabilities and determine methods to exploit it. First, start with how to scope out wireless host on your wireless network and then inspect what vulnerabilities is available. You have to prepare countermeasures too, so you can make sure your system are safe.
What Attackers Can Do
If a hacker breached your system and obtain access to your internal computers, many bad things can happen. They can gather information about your system, which can lead to further attacks. They can get information like :
- Weak Passwords
- Idle Open Ports and Available Service
- WEP Keys ( Which can be Cracked )
- Software Application, Operating System versions.
If that happen, they can do more problems such as:
- Password being cracked.
- Servers being rebooted or shutdown.
- Information database copied, deleted, or modified.
- Leakage of important information such as Credit-card numbers.
Port Scanning to prepare Hacking Wireless Networks
Before Hacking Wireless Networks, We have to prepare by doing port scan. A simple way to do port scanning is using a software tool like Foundstone’s SuperScan and SoftPerfect’s Network Scanner. A good way to know available system alive on the network is to perform a ping sweep and see if echo replies are received back.
SoftPerfect’s Network Scanner can also perform ARP lookups and identify each host client’s MAC address. This can be handy when testing wireless network security. MAC address enables you to easily match up systems you find using Kismet, NetSlumber, Wireshark or other sniffer without having to perform reverse ARP lookups.
Alternatively, you can use FoundStone’s SuperScan. FoundStone’s SuperScan is great tool because it’s easy and free to use. When performing network scans, make sure you check commonly hacked ports such as
- Port 20, File Transfer Protocol (FTP) data
- Port 21, FTP Control
- Port 22, Secure SHell (SSH)
- Port 23, Telnet
- Port 25, Simple Mail Transfer Protocol (SMTP)
- Port 53, Domain Name System (DNS)
- Port 80, HyperText Transfer Protocol (HTTP)
- Port 110, Post Office Protocol V.3 (POP3)
- Port 135, RPC/DCE end point mapper
- Port 137,138,139, NetBios and TCP/IP
- Port 161, Simple Network Management Protocol (SNMP)
- Port 443, HTTP over SSL (HTTPS)
- Port 512,513,514, rsh,rexec, and rlogin
- Port 1433, Microsoft SQL Server
- Port 1434, Microsoft SQL Monitor
- Port 3389, Windows Terminal Server
After you know which wireless systems are available to your network, you can move to the next step. Find out victim’s vulnerabilities.