21-07-2012, 03:12 PM
Wireless technology
[attachment=28370]
Introduction
Wireless technology releases us from copper wires. A user can have a notebook computer, PDA, Pocket PC, Tablet PC, or just a cell phone and stay online anywhere a wireless signal is available. The basic theory behind wireless technology is that signals can be carried by electromagnetic waves that are then transmitted to a signal receiver. But to make two wireless devices understand each other, we need protocols for communication.
The most mature wireless network technology today is 802.11b. Let's briefly go over the IEEE 802.11b standard.
IEEE 802.11b makes use of the 2.4 GHz ISM band and provides speeds from 1 Mbps up to 11 Mbps, with the range about 1500 feet.(Although in reality, it is hard to get this range out of products on the market today.) This standard uses Direct Sequence Spread Spectrum (DSSS) to encode data before transferring it. IEEE 802.11, 802.11a, 802.11b, and 802.11g use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) as the protocol in the data link layer.
There are two names you need to know in a wireless network:
• Station (STA)
• Access point (AP)
STA is a wireless network client—a desktop computer, laptop, or PDA.
The AP is the central point (like a hub) that creates a basic service set to bridge a number of STAs from the wireless network to other existing networks.
There are two different modes of wireless networking:
• Ad hoc mode, or independent basic service set (IBSS)
• Infrastructure mode, or basic service set (BSS)
Ad hoc and infrastructure modes are illustrated in the network blueprints. The ad hoc mode is equivalent to peer-to-peer networking. That means an ad hoc wireless network does not have an AP to bridge the STAs together. Every STA in an ad hoc wireless network can communicate with any other STA in the same network directly.
The Infrastructure Mode will have at least one AP to form a BSS. If there are multiple APs, they will form an extended service set (ESS). All traffic from or to an STA will go through the AP first. The AP in turn could be connected directly to another network, such as your wired intranet. In such a case, we recommend placing a firewall between them, as we describe in more detail later.
Almost every protocol set has some mechanism to protect the data, and the same is true for IEEE 802.11b. An encryption mechanism called Wired Equivalent Privacy (WEP) protects the data as it travels through the airwaves.
WPAN
As the name "personal area network" suggests, such a network is small—in the range of about 10 meters (30 feet). Infrared Data Association (IrDA) and Bluetooth are the main WPAN wireless technologies; they exist in the physical layer. The devices that take advantage of a WPAN include PDAs, printers, cameras, cell phones, and access points, to name a few. The support of IrDA enables a user to transfer data between a computer and another IrDA-enabled device for data synchronization, file transfer, or device control. The speed for IrDA is up to 4 Mbits per second (Mbps) and the distance is usually less than 30 feet in an unobstructed line of sight.
Bluetooth uses radio waves to transmit data and therefore doesn't have the line-of-sight restrictions of IrDA. Bluetooth also supports higher data transmission rates (11 Mbps) and uses the 2.4 GHz ISM bandwidth.
WLAN
The range of a wireless local area network (WLAN) is, of course, greater than that of a WPAN. For example, most 802.11b implementations will have a speed of 1 Mbps and a range of about 500 meters (1500 feet). With a closer proximity to the access point (AP), speeds of up to 11 Mbps can be reached. Windows XP supports the IEEE 802.11b standard natively; this standard uses Direct Sequence Spreading Spectrum (DSSS) to transmit the data in the bandwidth of 2.4 GHz—theISM band. Since this bandwidth is free for public use, other devices such as cordless phone can cause problems and interference.
Footprint the Wireless Network
Attacking a wireless network begins with finding it, and that hinges on the interaction between the STA and AP. This section introduces the interactions between an STA and AP and then goes on to the methods for discovering and footprinting the wireless network in an active or passive way.
The Interaction
Because there are no physical wires between an STA and AP, they have to establish what is termed an association (a virtual wire) to communicate. The procedures are
• Make sure an AP is available.
• Authenticate with the AP.
• Establish an association with the AP.
The first requirement is to identify the BSS provided by the AP. The service set ID (SSID) is the identifier that serves the purpose of identifying a BSS or IBSS. Then an STA can use the SSID to establish an association with an AP. So how does an STA know which SSID to join? There are two ways:
The Trace
The passive way to identify an SSID is to sniff the network traffic and look for three kinds of packets. The first one is called a beacon. An AP sends out a beacon periodically, usually once every 100 milliseconds. With this beacon, the STA will know there is an AP available. The beacon could contain the SSID as part of its information. The second packet is the probe request and response, and the third packet is the association request and response. All of these packets contain an SSID to identify a BSS or IBSS nearby. As long as the hacker is within the proper range, you basically cannot hide your wireless network. Some extreme methods do, of course, exist, such as surrounding the perimeter with metal or other substances that contain the wireless signals.
[attachment=28370]
Introduction
Wireless technology releases us from copper wires. A user can have a notebook computer, PDA, Pocket PC, Tablet PC, or just a cell phone and stay online anywhere a wireless signal is available. The basic theory behind wireless technology is that signals can be carried by electromagnetic waves that are then transmitted to a signal receiver. But to make two wireless devices understand each other, we need protocols for communication.
The most mature wireless network technology today is 802.11b. Let's briefly go over the IEEE 802.11b standard.
IEEE 802.11b makes use of the 2.4 GHz ISM band and provides speeds from 1 Mbps up to 11 Mbps, with the range about 1500 feet.(Although in reality, it is hard to get this range out of products on the market today.) This standard uses Direct Sequence Spread Spectrum (DSSS) to encode data before transferring it. IEEE 802.11, 802.11a, 802.11b, and 802.11g use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) as the protocol in the data link layer.
There are two names you need to know in a wireless network:
• Station (STA)
• Access point (AP)
STA is a wireless network client—a desktop computer, laptop, or PDA.
The AP is the central point (like a hub) that creates a basic service set to bridge a number of STAs from the wireless network to other existing networks.
There are two different modes of wireless networking:
• Ad hoc mode, or independent basic service set (IBSS)
• Infrastructure mode, or basic service set (BSS)
Ad hoc and infrastructure modes are illustrated in the network blueprints. The ad hoc mode is equivalent to peer-to-peer networking. That means an ad hoc wireless network does not have an AP to bridge the STAs together. Every STA in an ad hoc wireless network can communicate with any other STA in the same network directly.
The Infrastructure Mode will have at least one AP to form a BSS. If there are multiple APs, they will form an extended service set (ESS). All traffic from or to an STA will go through the AP first. The AP in turn could be connected directly to another network, such as your wired intranet. In such a case, we recommend placing a firewall between them, as we describe in more detail later.
Almost every protocol set has some mechanism to protect the data, and the same is true for IEEE 802.11b. An encryption mechanism called Wired Equivalent Privacy (WEP) protects the data as it travels through the airwaves.
WPAN
As the name "personal area network" suggests, such a network is small—in the range of about 10 meters (30 feet). Infrared Data Association (IrDA) and Bluetooth are the main WPAN wireless technologies; they exist in the physical layer. The devices that take advantage of a WPAN include PDAs, printers, cameras, cell phones, and access points, to name a few. The support of IrDA enables a user to transfer data between a computer and another IrDA-enabled device for data synchronization, file transfer, or device control. The speed for IrDA is up to 4 Mbits per second (Mbps) and the distance is usually less than 30 feet in an unobstructed line of sight.
Bluetooth uses radio waves to transmit data and therefore doesn't have the line-of-sight restrictions of IrDA. Bluetooth also supports higher data transmission rates (11 Mbps) and uses the 2.4 GHz ISM bandwidth.
WLAN
The range of a wireless local area network (WLAN) is, of course, greater than that of a WPAN. For example, most 802.11b implementations will have a speed of 1 Mbps and a range of about 500 meters (1500 feet). With a closer proximity to the access point (AP), speeds of up to 11 Mbps can be reached. Windows XP supports the IEEE 802.11b standard natively; this standard uses Direct Sequence Spreading Spectrum (DSSS) to transmit the data in the bandwidth of 2.4 GHz—theISM band. Since this bandwidth is free for public use, other devices such as cordless phone can cause problems and interference.
Footprint the Wireless Network
Attacking a wireless network begins with finding it, and that hinges on the interaction between the STA and AP. This section introduces the interactions between an STA and AP and then goes on to the methods for discovering and footprinting the wireless network in an active or passive way.
The Interaction
Because there are no physical wires between an STA and AP, they have to establish what is termed an association (a virtual wire) to communicate. The procedures are
• Make sure an AP is available.
• Authenticate with the AP.
• Establish an association with the AP.
The first requirement is to identify the BSS provided by the AP. The service set ID (SSID) is the identifier that serves the purpose of identifying a BSS or IBSS. Then an STA can use the SSID to establish an association with an AP. So how does an STA know which SSID to join? There are two ways:
The Trace
The passive way to identify an SSID is to sniff the network traffic and look for three kinds of packets. The first one is called a beacon. An AP sends out a beacon periodically, usually once every 100 milliseconds. With this beacon, the STA will know there is an AP available. The beacon could contain the SSID as part of its information. The second packet is the probe request and response, and the third packet is the association request and response. All of these packets contain an SSID to identify a BSS or IBSS nearby. As long as the hacker is within the proper range, you basically cannot hide your wireless network. Some extreme methods do, of course, exist, such as surrounding the perimeter with metal or other substances that contain the wireless signals.