Investigating wireless attacks

In an earlier article, we discussed the fundamentals of wireless networks: the common types of wireless devices, terminology used, WLAN security types, 802.11 frame types and wireless traffic analysis using the aircrack-ng suite of tools.

In this article, we will discuss how that foundational knowledge can be used in analyzing wireless attacks. Let us begin by discussing various common wireless attacks that a network forensic investigator may come across during investigations and then let us analyze traffic captured during an attack.

Common wireless attacks

Successful network forensic investigations often rely on the understanding the investigator has around possible network attacks. This section discusses some of the most common attacks possible in wireless networks.

WEP/WPA2 cracking

Wireless encryption key cracking is a common attack in wireless networks. While many see it as an attack to gain unauthorized access to someone’s internet, attackers can use the compromised keys to decrypt traffic captured over the network. 

When wireless networks are configured to use WEP encryption, it is easy to obtain the key just by capturing enough traffic on the network. In the case of WPA/WPA2, four-way handshake is usually captured and used for offline cracking.


Sniffing using ARP spoofing

Read More: