Security on wireless networks has had a very checkered past, which might not be that big of a surprise since allegedly secure protocols get broken on a fairly regular basis. But 802.11 was supposed to be different. However, the myriad of creative and unrelated ways that WEP was broken set a record for the number of band-aid solutions that had to be rushed out the door. Not too long after the band-aids were deployed, new techniques were discovered, many directly related to the band-aid solutions. The IEEE viewed this as a wakeup call and eventually created 802.11i (aka WPA2). 802.11i was designed by experts in the field and addresses most of the problems that have been discovered in the intervening years.
This chapter covers the details of currently available hacking tools and techniques. Along the way the vulnerabilities of the protocol that allow these attacks to persist are noted. In many cases, design decisions for WPA/WPA2 were a direct result of these attacks.
Wireless network defenses can fall into a few different categories. The first category-"totally ineffective," otherwise known as "security through obscurity"-is trivial to break through for anyone who's genuinely interested in doing so.
The next type of defense could be classified as "annoying." Generally, WEP and a dictionary-based WPA-PSK password fit this category. Given enough time, an attacker can recover any static WEP key.
Once you move past "annoying" security measures, you hit the third category of defense: networks that require genuine effort and some level of skill to breach. Most networks aren't this well protected. Networks in this category use well-configured WPA/WPA2. Techniques used to attack well-configured WPA/WPA2 networks are covered in detail in Chapter 7.
Finally, there are tools that can be used to attack wireless networks in ways that are not strictly related to wireless networking, for example, recovering the WEP/WPA key from a Windows laptop without attacking it through the wireless network. This chapter covers attacks in this order.