Главная страница Случайная страница
КАТЕГОРИИ:
АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатикаИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханикаОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторикаСоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансыХимияЧерчениеЭкологияЭкономикаЭлектроника
A Parking Lot Approach
|
|
CASE STUDY I: WIRELESS HACKING FOR HIRE
Her First Engagement
Makoto had done her fair share of infrastructure assessments in the past, and she had managed to “borrow” Wi-Fi from neighbors and unsuspecting businesses in her travels. This was the first time she had been asked to perform a wireless assessment for a client, however. She knew the timing couldn’t be worse—it was the middle of the winter, and the site she was supposed to visit was a remote location known for its legendary snow storms. Although the weather wasn’t going to be peachy while she was there, she did her homework to determine the best days to avoid getting snowed in. She also planned all her equipment needs ahead of time and packed the wireless gear she thought she might need: an array of wireless cards, long-range directional antennas, and a netbook with an Atheros-based wireless card. She also brought along a GPS unit in case she got lost and a cigarette lighter power adapter to keep her laptop alive while war driving. All that gear earned her suspicious stares from airport security as she went through the security check, but she managed to get onto her flight without too much hassle. When she arrived at the hotel the night before the assessment, she asked the front desk how long it would take to get to her destination in the morning. She’d never been in the area before and had no idea if there would be any traffic. Better to know ahead of time, especially with it being winter and any possible road closures.
A Parking Lot Approach
As usual, Makoto arrived at the site a bit early. When she pulled up to the location, she realized it was a sprawling shipping and receiving facility of large warehouses with trucks coming in and going out. However, with the different names on the sides of the trucks as well as the many entrances, she concluded that most likely multiple businesses used this site. She made a mental note that she had to make absolutely sure any wireless networks she planned to assess actually belonged to the client, not to one of the neighboring businesses.
Before she went in, she decided to determine what she could detect from the outside. She parked in the facility’s lot and opened her laptop. She first searched for wireless networks using the built-in Windows tools. She knew active scanning was a pretty limited approach, and anyone with passing knowledge of wireless assessments would put their wireless card into monitor mode. However, she felt active scanning was representative of some random person off the street trying to see if any wireless networks were open, so maybe she would gain useful information. She picked up a few wireless networks—some “defaults” and some with cryptic names that used a combination of WEP and WPA. She wasn’t sure if they belonged to the client or the neighboring businesses, so she simply took note of what she could see and moved on.
Next she performed a more thorough outside test. Makoto plugged in her external Atheros-based wireless card and attached a high-gain directional antenna. She booted
off a preprepared BackTrack Linux USB key and put the wireless card into monitor mode.
She fired up airodump-ng, part of the Aircrack-ng suite of tools, and pointed the
antenna at the part of the facility owned by the client. Because the antenna was directional, many of the other wireless networks that she detected earlier did not show up. However, a new wireless network showed up, this time with a hidden SSID. It was protected by WEP, and she could see the data count gradually going up. But, without confirming that it belonged to the client, she decided to only take note of it for now. While she kept the antenna pointed to the building, someone came and got something out of the car parked next to her. She could tell that he was trying to be sneaky and pretend not to be checking out the person in the car with a laptop and an antenna pointed at a building. She smiled to herself but was glad that she had her site contact’s information handy if that person alerted security—or even worse the authorities. Enough for outdoor reconnaissance, she thought, it was time to meet the site contact. Her contact was the site manager, who had been removed from the information security team sponsoring this project. He said he knew she was here, as someone came to him earlier and said there was a suspicious-looking person in the parking lot with a laptop and antenna. He was actually happy to hear that the employees were alert.