toxa@toxahost.ru

1
???????????? ???????????? ????? ????????? 802.11.
??????, ????? ? ?????? ??????
????? ?????? toxa_at_toxahost.ru http//www.toxahost.
ru
????? - ???
2
1. ???????? ? ???????????? ????. ???????,
???????? ?????????, ?????????. 2. ???????
???????????? ???????????? ?????.
??????????????????, ???????????, ???????????
??????, ???????? ???????. 3. ?????? ???????????
? ????? ?????????? ? ???????????? ?????.
?????????? wardriving. 4. ???????? WEP. ???????
??????, ??????????????? ??????????. ??????? ???
?????? WEP-?????. 5. ?????????????? ??????
?????? ???? ? ?? ?????. 6. ????? ?? ???????? ? AP
? ???????????? ?????. DoS-?????. ????? man in
the middle. ????????? ???????. 7. ????????
???????????? 802.11i. WPA/WPA2. 8. ????????????
???? ? ???. ??????????
3
IEEE 802.11
????????? ???????? ??????
802.11legacy 1997 ?., 2,4 ???, 2 ????/? 802.11b
1999 ?., 2,4 ???, 11 ????/? 802.11a 1999 ?.,
5 ???, 54 ????/? 802.11g 2003 ?., 2,4 ???, 54
????/? 802.11n 2004 ?., 540 ????/?
- Wi-Fi ?????????? ?????? 802.11b -
??????????? ???????? ?? ???????? ??????? -
????????????? (?????? ????????? ???????) - ???? ?
????????????? ????????? (802.11b,
802.11-turboG, ? ?.?.)
4
IEEE 802.11g
- 14 ??????????????? ???????. ? ??? ????????????
1-11. 2412 ??? 2477 ???. - 1, 6, 11, 14 ??
?????????????, ???? ?????? ?????? lt 5 ?? (??
???????????????) - ???????? 6, 9, 12, 18, 24,
36, 48, 54 ????/???, ? ??????????? ?? ???????? -
??????? ????????? ? 802.11b - ? ??????
???????????? ?????? 1-13, ?? ? ????????????
???????? ????????? ???????
5
????????? WLAN
Infrastructure (managed)
Wired LAN
Client 1
Client 2
Access Point
...
Client N
Ad-Hoc
Client 2
Client 1
6
????????????? WLAN
SSID ????????????? ???? (AP) BSSID MAC-?????
AP Channel ?? ??????? ???????? ????
Beacon frame ?????????????? ?????????????????
?????. ?????????? AP ?????????, ?? ???????????
????????. ???????? ?????????? ? ????. ??????
?????????????? ? ??????????? (auth, deauth,
assoc, deassoc).
7
????????? ????????? ??????? WLAN
Client
Access Point
Probe request
Probe response
Authentication request
Auth response
Assotiation request
Assoc response
Data transfer
8
???????????? WLAN

• ??????????????????
• ???????? ???????
• ??????????? ??????
• ??????????? ??????

??? ???????? ???? ??

• ????????????? ???????
• ??????????? ???????
• ????????????????? ???????

• ?????????? WEP (Wired Equivalent Privacy)
• 2002 ??? WPA (Wireless Protected Access)
• 802.11i WPA2 (RC4 -gt AES)

???? ?????????????? ?????? (IPSec, SSL-???????)
9
??????????? WLAN
((( Wardriving )))
Beacon frames ?????????????? ?????????????????
??????, ?????????? ?????????? ? ????

• SSID
• BSSID (AP MAC)
• ??? ????
• ??????? ??????????

• ???????????? ???????
• GPS-????????
• ???????????? ??????? ?????
• ??????????? ??

10
(No Transcript)
11
???????????? ????????

• ????????? Kismet
• ???????? (???????) Netstumbler

??????? ?????? ????????? ????????? ??????? ?????
? RFMON (Monitor mode) Channel Hopping
RFMON ????? ????????? ??? ?????? ? ?????????? ??
??????????????? ??. ????????? ?????????
firmware! Channel Hopping ????????????????
???????????? ????? ????????
12
???????????? ???????? (2)
??????? ?????? ???????? ???????? ??????? Probe
request-??????? ? SSID (ANY) ?? ??? ?????????
??????. ???????? ? ?????? ??????? ?? AP.
????? ??????? ???????? ???????, ??????? -
?????????? ????????? ?????????? ???? - ????
???????? ????? ?????? ??? ??? ????????? ??????
(??? ?????? ?????? ????????)
13
???????????? - 1
???? ???????????? ????

• ???????????? ?????? Kismet
• ???????????? ?????? ??????????? ???????
  (Ethereal/Wireshark)

14
???????? WEP
???????? ?????? ?? ?????? ??????????????? ????????
?? ??????????????? ??????? ? ????????
???? ???????? ???????????? ?????? ?? ???????????.

• 40 bit (104 bit) ????????? ???? (K)
• 24 bit ?????? ????????????? (IV)

RC4(K,IV) traffic key (T) O ???????????????
?????? CRC - ??? ???????? ???????????, M
ltCRC(O),Ogt P ????????????? ??????, P T XOR
M IV,P ?????????? ?? ????
15
???????? WEP (2)
???????? www.phptr.com
16
???????? WEP ??????????

• ????????? ???? (RC4) ?????? ???????????? ??????
  ???? ? ??? ?? IV. ?? 24 ???? ????!
• CRC ?????? ? ????????????? ??? ????? IV

2001. Scott Fluhrer, Itzik Mantin, Adi Shamir
FMS-????? 2002 ??? ?????????? FMS-????? 2004
??? ????? ???????? (Korek Attack).
Aircrack. ???? ????? ?????? ??? ?????? ?????
?????? ??????????? ????, ?????????? WEP-??????,
??????????? ?? 1-2 ????.
17
???????? WEP ?????????? (2)
??? ???????? ????? ????? ?? ?????? ?????????????
??????. ?? ? ???? ?? ?????? ?????????? ?????????,
????...

• ????????? ??????? ??? ??????????????
• ??????????? ????????? ??? ?????
• ??????????? ????????????? ???????
• ????????? ?????????????? (???????)

WEP ?? ?? ???? ?? ????????. ?? ?????????
?????????????.
18
?????? ?????? ??????

• Hidden SSID SSID ??? ????? ?????????? ???
  ??????????? ??????????? ???????
• MAC filtering ????? ????????? MAC ???????????
  ???????, ????????? arp ?? ?????????? ? ????????
  ????????

???????????? ?????????????? ????????? -
?????????? WEP-????? - ???????? ? ???? ?????? -
????????? ?????????? ??????????? ??????
19
????? ?? ???????????? ????

• ?? ??????? ???????? ??????????????
• ?? ????? ?????

• ?????????? ????? ???????, ??????????? ??
• ???????? ? ??????????? ???????
  (man-in-the-middle)
• ??????????? ???????????????? ?????????
• ????????? ?????? AP (Evil Twin)
• ????? ?? ????? ? ????????????
• ????? ?? ?????????? ???????

????? ???????, ??????????? ? ???? ???????? ???? ?
??????? ??????????? ???????????? ?????????????
?????????????
20
?????????? ?????????? 802.11

• ???????? ???????? ???????? ? ????? ????????????

• ?????? 2006, BlackHat Conference. ?????????
  ?????????? ???????? ??? ????????? ????????,
  ??????? ???? ?? ????????????? ? ?????-???? ?????.
  ??-?? ?????????? ? ???????? ?????????????
  ??????????
• ??????? ?? ?????? ?? ?????????????, ?????????
  ???? ?????????, ?? ?? ????????? ?????????
  ????????????. ??? ???? ? ???? ????? ?
  ethernet-???????.

???????? ????????! STOP BLOB!!!
21
???????????? - 2
???? ???????????? ????, ?????????? WEP

• ???????????? ?????? WEP-????? ????????? ?
  ???????? ????????, ? ?????????????? ??????
  aircrack ? airodump.
• ???????????? ????????? ??????? (ARP injection,
  Interactive packet reply)
• ???????????? ????????? ?????????????? ?
  ???????????? (fake authentication, fake
  deassotiation attack)

22
?????? WLAN 802.11i

• 2002 ??? ??-?? ????????????????? WEP ????????
  ???????????? WPA
• 2004 ??? ???????????? 802.11i, ? ??????
  ???????? ?????? WPA2

WPA 802.1X EAP TKIP MIC
(RADIUS) WPA-PSK 802.1X EAP TKIP MIC

• 802.1x ???????? ???????????
• EAP Extensible Authentication Protocol
• TKIP - ?????? WEP
• ? WPA2 ?????? TKIP CCMP (Counter-Mode CBC MAC
  Protocol), ???????????? AES
• MIC - ?????? CRC

23
?????????? 802.11i?

• EAP ????? ??????????. EAP-TTLS ???????. LEAP
  (Lightweight EAP) ???.
• WPA-PSK ??????????? ????? ?? ????????? ?????
  ?? ???????

WPA cracking tools ?????? WPA-PSK ? LEAP

• ???????? RADIUS-???????
• ?????????? ? ?????????? ??? (wpa_supplicant)

24
?????? WLAN ?????? ????????

• IPSec-???????
• ????????????? SSL/TLS (HTTPS, SSH)
• ????????????? WIDS (Wireless Intrusion Detection
  Systems)

Wireless IDS

• ??????????? ???????????????? ????? ???????
• ??????????? ???? ?? ?????? ? ??????? ???????
  ?????? OSI

?????????? - ?????????? ???? ????????? ???????
(????????) - ??????????? ???????? ????????
(?????? ? RFMON) (??????, ???? ????? ? ?????????
?????????)
25
?????? WLAN ???????????

• ?????? ? ????? ??????? ?????? ???????????? ????
  ?????
• ??????? ???????????? ??????? ?????? ????????????
  ?????? ? ???????? (IAPP)

IPSec, SSL/TLS ?? ???????????? ??????????????
AP ? ??????? ?? 2 ?????? ?????? OSI
26
?????? Spb Wireless database
http//www.toxahost.ru/wifidb

• ???? ?????? ????? ??????? ?? ??????????? ??????
  ???????
• ????????????? ????????????? ?? ????? ?????????
  (Google Maps)
• ????????? ?????? ? ??

• ????? ?? ?????? ??????
• ????? ?? GPS-???????????, ? ???????? ???????
• ????? ???????????? ???? (???, SSID, ?????)

27
???? ??? ?? Google Maps
???????????? ????
????? ?????????? ????
?????? ?????????? ????
28
???? ??? ?? Google Maps (2)