|
|
What is the target? How are you going to attack the target? With many targets and many attack vectors for each target, the possibilities are almost endless. This book devotes an entire chapter to enumeration, so this chapter only briefly discusses the topic. Please refer to Chapter 5 for additional discussion. In this chapter, we'll walk through the targets and attacks individually. This discovery activity can be used to find a target to attack or to identify what network you want to connect to if many networks are in range. When you connect to any network, it is best practice to spend some time understanding the network environment. Here are some techniques for finding the hotspot targets to attack.
|
Popularity: |
9 |
|
Simplicity: |
10 |
|
Impact: |
9 |
|
Risk Rating: |
9 |
There are many tools you can use to find the available wireless networks in range. You may want to pick the one that works best with your platform and preferences. The underlying protocols and mechanisms used for discovery are discussed in depth in other chapters. If you are looking for tools for your platform, you can Google war driving and your platform. The result will be a listing of tools and techniques specific to your platform. Here are a few to get you started.
This program is available on current releases of Windows and can be used to find local networks within attack range. Figure 9-2 shows an example of Wireless Zero Configuration and demonstrates how SSIDs are not always very reliable in determining the type of hotspot available.
These are stronger tools with very robust feature sets that also support passive scanning and WEP cracking. Kismet installs on Linux, BSD, and other UNIX variants, while Kismac runs exclusively on OS X, so you Windows users are out of luck. There are many plug-ins and enhancements for Kismet, including Google maps. Both Kismet and Kismac are discussed in depth in Chapter 5.
|
|