Information Technology Reference
In-Depth Information
provide the attacker with the capability to customize the data. Another utility, WEP-
Wedgie listens for WEP encrypted packets that are generated during a shared key
authentication. This happens when a client wishes to connect to an access point. The
access point will send the client a nonce which the client encrypts using the WEP
key. This encrypted value is sent back to the access point for verification. If the value
that the access point gets when it encrypts the nonce is the same as the value that
the client returns, access is granted. This process provides a plaintext value and the
corresponding ciphertext that is needed. WEPWedgie can now inject packets into a
wireless network.
This attack can be expanded for even more malicious purposes. Once attackers
gain the ability to inject packets into the wireless network, they can open connections
to the internal servers, even if they are isolated by firewalls. The attacker will inject a
packet into the wireless network asking for a connection to the server. This amounts
to a TCP SYN packet with the source address of a computer that the attacker controls.
The packet will be accepted into the network and sent to the unsuspecting server.
The server will then do its part in opening the connection and send the attacker
machine a TCP SYN/ACK packet. Assuming that the server can send a packet onto
the Internet, it will send the packet through the firewall, onto the Internet and to
the attacker's machine. The attacker's machine will then finish the 3-way handshake
and a connection will be established. This approach can also be used to do port
scans against the internal machines, do internal network mapping, etc. Being able
to inject packets into a wireless network is an extremely powerful and dangerous
tool.
2 . 7
8 0 2 . 1 x A u t h e n t i c a t i o n
802.1x is a port authentication protocol that was originally created for wired net-
works. Switches, for example, can use 802.1x to authenticate a device before it
allows the device access to a port. Once the authentication process has been success-
fully completed, access is granted to the device. There are three main components to
the 802.1x authentication process: the supplicant, the authentication server, and the
authenticator. The supplicant is the computer or device that wishes to have access on
the network. The authentication server is the computer that performs the authentica-
tion. One of the most common types of servers that perform this task is a RADIUS
server. The authenticator is the device that sits between the supplicant and the au-
thentication server. In the example above, the authenticator is the switch. It is the
point of access for the supplicant (
Fig. 5
).
Notice that there is two different sessions in
Fig. 5
. The supplicant starts the
process by attempting to access the network resources. This triggers a request by
