362 Chapter 15 ■ Wireless Networking
MAC Spoofing
For those access points that employ MAC filtering, you can use MAC spoofing. MAC
filtering is a technique used to either blacklist or whitelist the MAC addresses of clients
at the access point. If a defender deploys this technique, an attacking party can spoof the
address of an approved client or switch their MAC to a client that is not blocked.
Typically it is possible to use tools such as SMAC, ifconfig, changemac.sh, and others
to accomplish this task. However, in some cases the hardware configuration settings for a
network card may allow the MAC to be changed without such applications.Ad Hoc
The ad hoc attack relies on an attacker using a Wi-Fi adapter to connect directly to another
wireless-enabled system. Once this connection is established, the two systems can interact
with each other. The main threats with this type of connection are that it is relatively easy
to set up and many users are completely unaware of the difference between infrastructure
and an ad hoc network and so may attach to an insecure network.
Security on an ad hoc network is quirky at best and is very inconsistent. For example,
in the Microsoft family of operating systems ad hoc connections are unable to support any
advanced security protocols, thus exposing users to increased risk.Would You Like Pi with That?A new way to breach a network has been made possible through the use of extremely
compact, yet powerful hardware. An option that has become popular over the past
two years is the general-purpose, powerful, and extremely compact Raspberry Pi. This
computer, which can be had for around $35, is the size of a pack of cards.Since the hardware is powerful enough to run an operating system such as Linux, it has
become an effective multipurpose tool. Some users have installed a custom distribution
of Linux that allows the box to be plugged into a network with a traditional wired
interface while accepting connections over a wireless interface. The implications of this
are that an intruder can quickly plug the device into the target network and in a few short
moments have an entry point into the victim’s infrastructure.To make penetration more secure, some of these devices have been known to employ
tactics designed to hide their traffic. One of these techniques is known as reverse SSH
tunneling, in which the device opens a connection from inside the network out to the
attacker in order to bypass firewall restrictions.In practice such devices have become commonly known as dropboxes.