360 Chapter 15 ■ Wireless Networking
Brute-Force WPA Keys
The old standby in a number of cases, including the breaking of WPA/WPA2 keys, is
the brute-force attack. This attack is typically performed using tools such as aircrack-ng,
aireplay-ng, or KisMAC to brute-force the keys. The downside of this attack is that it can
take a long time or a lot of computing power to recover the keys.Unless you happen to have a supercomputer lying around, expect a brute-
force attack to take anywhere from a few minutes to several weeks.Risk Mitigation of WEP and WPA Cracking
So how can you thwart many of the attacks that we have discussed here that target
WEP and WPA? Well, excluding encryption and other mechanisms, here are the leading
techniques:
■ Use a complex password or phrase as the key. Using the same rules we observed earlier
for passwords, you can make a strong password for the access point.
■ Use server validation on the client side to allow the client to have a positive ID of the
access point it is connecting to.
■ Eliminate WEP and WPA and move to WPA2 where available.
■ Use encryption standards such as CCMP, AES, and TKIP.A Close Examination of Threats
Now that you understand the various technologies and issues specific to each, let’s take a
much closer look at some of the other generalized threats that can target an environment.
Typically these attacks can be categorized as access control, integrity, and confidentiality
targeted attacks.Attacks against wireless networks can be passive or active in nature.
An attack is passive if the wireless network is detected by sniffing the
information that it transmits. An attack is active if the network is uncovered
by using probe requests to elicit a response from the network.Wardriving
A wardriving attack is one of the most common forms of action targeting wireless
networks. It consists of an attacker driving around an area with a computing or mobile
device that has both a wireless card and software designed to detect wireless clients or
access points.