Originally, “war driving” referred to using a scanning device to find cellular phone numbers to exploit. Today, war driving is also referring to drive around an area with a wireless device to find unsecured 802.11b/g networks to exploit.
Hacker referred originally to persons with a very deep understanding of computer systems. Sometimes, they were exploiting these systems for creative and learning reasons. Today, the term hacker is similar to cracker and describes a person with the intent of doing harm to your network and computer systems. Their only purpose is to steal data and exploit week points of your network, and sometimes they even destroy sensitive data.
Employees are also a week point in your network security. Untrained employees can do more harm than hackers by letting other people know sensitive information from your network. Also, persons with bad intentions can try to make your employees reveal sensitive information, which they can use to break into your network. This activity is called social engineering. Employees can also plug in wireless Access Points (APs) and gateways into company Ethernet ports and create their own WLANs.
Different types of attacks can target a Wireless LAN. One of the more sophisticated attacks is Man-in-the-Middle (MITM).
In MITM attacks, attackers must position themselves between the target and the router or the gateway of the target. In wired LAN environments, the attacker must be able to plug his device in the topology. With WLANs it’s much easier because radio waves emitted by APs can provide the connection. The attacker can simply “listen” anyone in a BSS with the proper equipment, such as a laptop with a wireless NIC. APs act as Ethernet hubs. All traffic in a BSS reaches all connected clients. It’s the client who drops the unsolicited packets received. With the proper NIC driver, attackers are able to modify this behavior and accept all traffic, using the wireless NIC as an access point.
Packet sniffing software, such as Wireshark, lets the attacker observe the traffic made by the stations connected to the AP. Depending on the protocols used by the legit stations, the attacker may be able to see sensitive information, such as usernames and passwords, even credit card data. Other information, such as client and server IP address, can also be intercepted by the attacker.
To be able to prevent MITM attacks, you must configure some sort of authentication for the users, and proactively monitor the connections made through your wireless Access Point. Enterprise WLAN devices also provide network administrators with tools that work together as wireless Intrusion Detection and Prevention System (IDS and IPS), such as scanners able to identify rogue APs and ad-hoc networks, radio resource management (RRM). These enterprise devices automatically alert the system administrator if they “sense” activity which may be illegitimate.
Another dangerous type of attack is a Denial of Service (DoS). This type of attack can be made by an attacker, but also can be created by other devices using the same band, without the intent of doing it. 802.11b/g standard is using the 2.4Ghz band which is used by many consumer products, such as cordless phones and microwave ovens. These devices can interfere with your WLAN and cause noise.
To create a DoS attacks, attackers use the same technique as for MITM attacks. They use a special wireless NIC driver and software to turn it in an access point and intercept all traffic. After that, the attacker can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the station. After the attacker sends the CTS messages, access points will flood the BSS with simultaneous traffic. Attackers are also able to send a series of disassociate commands causing all stations to disconnect. The default behavior of a station connected to a wireless network is to reconnect immediately after it got disconnected. If all stations will try to reassociate at the same time, the AP will receive a burst of traffic. Doing this repeatedly, depending on the amount of traffic flood received, the AP may crash.