Look At Man In The Middle Attack Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

We are living in the world now that everything is going to be wireless and wireless networks are spreaded almost everywhere to make life simpler and faster.

Wireless networks might make life simpler and faster, however if they are not installed correctly, they cause a huge security flaw and make your network vulnerable to outside attacker who can easily compromise your wireless network and monitor your activities and possibly steal your sensitive information such as your financial details or your identity.

This paper is divided into three sections. Section one is about the problems with wireless networks and how they can make your private information vulnerable. Section two is an explanation about what security measures are available to make your wireless network as secure as possible. In last and final section we are going through a security guide to make a secure wireless network for "Billion 7800n" modem.

Table of Contents

Part 1: Discussion of the problems with wireless networks: 3

1.1 Man-in-the-middle attack (MITM): 3

1.2 Session Hijacking and Spoofing: 4

1.3 Denial-of-Service (DoS): 4

1.4 Capturing wireless packets and wireless discovery: 5

2. Explanation of available security measures: 5

2.1 Wireless Encryption Standards and Authentication: 5

2.2 Wireless Network Monitoring and Detection: 6

2.2 Wireless Intruder Detection System (IDS): 7

3. How to create secure wireless network on "Billion BiPAC 7800N" modem: 8

References: 12

Part 1: Discussion of the problems with wireless networks:

Wireless networks are expanding everyday these days, and they are available almost very where to make life simpler and faster for us. In Figure 1 you can see a diagram of wireless network which simplifies the connectivity for clients to access the network.

Figure 1

Security is big issue with miss or bad configured wireless network, since any user can gain unauthorized access to network to cause damage or steal sensitive data by monitoring network's activity. There are various attacks used by hackers/crackers to bridge the network security for malicious purposes such as : Man-in-the-middle attacks, spoofing and session hijacking, rouge access points, denial-of-Service,....etc. We are going to explain some these known attacks in more depth.

1.1 Man-in-the-middle attack (MITM):

The man-in-the-middle attack or MITM is a method used by hackers(digital thieves) to monitor and steal your information by redirecting your connection to them first and examine it then redirect it to original server and making you believe that you are directly connected to server. This method often used by hackers once they gain access to your network to steal you sensitive information, such as identity, financial details, passwords....etc. Figure 2 is an illustration of such an attack.

Figure 2

The attackers purpose is to monitor, intercept or modify the data which is to be sent to the real destination. The attacker can perform two tasks for this operation. The first way is to make the AP serving the client's server down or making it very busy in order to make the connection difficult. Also in the first task RF interference or Layer 2 packet flooding can be done to perform this task. The second way is to setup an alternate rogue AP with same credentials as the original AP in order to make the client to connect to the rogue AP. The tools like monkey jack can be used to perform second task.

1.2 Session Hijacking and Spoofing:

Session hijacking is stealing session from computer browser to benefit unauthorized access to the information or services in a computer system. When user authenticate to server to keep the user logged in, browsers usually save user's identity in browser's cookie as the HTTP cookies that are used to prolong a session on many web sites can be easily ripped off by an attacker once attacker gain access to victim's machine.

Spoofing is also an other method for attackers to bypass security and steal information over wireless network.Wireless devices on the network are identified by their physical address also know as MAC address. If attacker monitors wireless activity he/she is able to modify his/her MAC address to authorized MAC addresses to bypass MAC Filtering protection. This is also known as MAC spoofing in hacker's terms.

1.3 Denial-of-Service (DoS):

The Denial-of-Service attack is when intruders of your network , try to use your network to make a machine or other network resource unavailable. If the hacker gain access to your network they can use it to attack other networks this would also help them to hide behind your walls. Figure 3 below is a demonstration of such a technique used by hackers.

Figure 3

The DoS attack to wireless networks are however implemented slightly different, This attack can be operated by increasing noise level on the channel and causing all the wireless network by emitting a strong RF interference that are operating near that channel. The Layer 2 DOS attack can be achieved in the form of packet injection, in which the attacker will flood the wireless clients with disassociate or de-authenticate packets that are already attached to the wireless networks.

Inadequate encryption standards such as WEP would give the hackers the capability to break into your network by compromising the vulnerability of the encryption method. Therefore the next part of this document focus on security measures available to make an secure wireless network as possible such as encryption, authentication, monitoring and IDS (Intruder Detection System).

1.4 Capturing wireless packets and wireless discovery:

Normally the network packets in traditional wired network are transmitted along the physical wires, whereas the wireless networks make use of the air as the physical media for both sending and receiving the data packets. With the help of appropriate hardware and software the sniffing station is well equipped in order to capture wireless packets.

Dissecting Wireless Packets or Beacon frames are the most common frames that can be seen while sniffing wireless packets in the traffic. On a regular basis the wireless access point sends the beacon frames in order to allow the wireless clients to detect the SSID (Station Set Identifier) of wireless network. The name of the wireless network is defined by SSID in which all other clients associate with.

Destination Address is the first field in the beacon frame that has the value of "ff:ff:ff:ff:ff:ff". The Basic Station System ID (BSS ID) is the third address field which contains the MAC address of the access point. The Sequence Number is another field that is too noted and whenever the wireless station emits a packet, this field number is incremented by one.

Probing and Network Discovery is the first step for an attacker to identify the wireless targets in range. There are mainly two types of Probing, one is active probing and another is passive probing. Active probing is done by sending probe request with no SSID in order to get a probe response with SSID and other information from access points within attackers range. Also the cloaked access points cannot be detected by using active probing. In passive probing the attacker can listen to all channels for all wireless packets without even sending a single packet. Likewise in active probing, the attacker engaged in passive probing will not be able to detect the cloaked access points.

2. Explanation of available security measures:

2.1 Wireless Encryption Standards and Authentication:

The concept of Wireless Security is to stop unauthorized users to access the wireless network. There are various methods to secure your wireless network but the most common one is to use encryption over wireless network. The most common encryption methods for wireless are listed below:

WEP - Wired Equivalent Privacy, This method was first introduced by IEEE 802.11 standards on 1999 and was outdated in 2003. WEP is an algorithm that uses 10 to 26 hexadecimal key to encrypt the data over the network. Because of the flaws in WEP encryption is considered an unsafe method to secure your wireless network. WEP can be easily be broken by hackers/attackers. Once they break the key they can access your network and monitor you data. Open-system authentication and shared-key authentication are the two means to validate wireless users attempt to gain wired network access. The open-system authentication is not based on cryptography whereas the shared-key authentication is based on cryptography.

The open-system authentication technique without verifying the station identity it accepts the mobile station by the access point. In this only the mobile station is authenticated .i.e. it is only one-way authentication. It is to be trusted by the mobile station that it is communicating to the real access point. With an access point during the two-message exchange in an open-system authentication it responds with a MAC address if a client is authenticated. In the message exchange, the client responds with correct fields and is not authenticated during the exchange. It is highly vulnerable to invite unauthorized access and attack in an open-system authentication without cryptographic validation. Shared-key authentication is a simple "challenge-response" scheme based on the knowledge of a shared secret for the client. In "challenge-response" scheme, a random challenge is sent to the wireless client generated by the access point. A cryptographic key used by the client is shared with the AP, encrypts the challenge and returns result to the AP. The result computed by the client that is decrypted by the AP allows the access if the decrypted value is same as the random challenge. It does not provide the mutual authentication. Also the challenge-response scheme is too weak and it is suffered by numerous attacks such as "man-in-the-middle" attack.

WPA/WPA2 - Wi-Fi Protected Access. This is two security protocol and certificate program developed by Wi-Fi Alliance. WPA v1 became available in 2003 in response to security flaws in WEP encryption. WPA v2 is an enhanced version of WPA and its widely used today to provided best wireless security encryption. However, even in this method if the password used for network key is too short it can be easily be broken by hackers, but if the password is long enough (more than 14 characters) or passphrase makes WPA virtually uncrackable.

The WPA is usually implemented in in two modes, TKIP-AES (Temporal Key Integrity Protocol) for home and small office use and WPA-RADIUS also known as WPA-Enterprise for enterprise networks, this would require users to authenticate with server and provides additional security to network. However, it's harder to implement.

2.2 Wireless Network Monitoring and Detection:

There are various monitoring techniques for wireless networks, below is the most common monitoring methods:

Access Point Monitoring - In this type of monitoring method the owner of the wireless network having the list of authorized AP with their respective SSID, MAC address, Channel information recorded down as a baseline would then listen to all beacon frames sent by the APs and compare the details with the per-recorded information. In man in the middle attack this component would be helpful for detecting the rogue AP if it suddenly appears in the middle of the communication and can be easily detected and an alert is produced on a possible "man-in-the-middle-attack".

Wireless Client Monitoring - In this type of monitoring method there are few methodologies to be followed. First method would be the owner of the wireless network having the "Blacklist" of wireless clients. If any clients in that list try to access in between the communication, the alert is sent off automatically to make the warning. Second method would be finding the client with illegal MAC address and sending the alert to make the warning.

General Wireless Traffic Monitor - In this method the wireless traffic can be monitored for making attempts to flood the network using the de-authentication, de-association, authentication, association, erroneous authentication. An oncoming RF based DOS attack on the wireless network could be signaled by Frequency and Signal-To-Noise Ratio monitoring. The authentication as well as association failures can also be monitored and reported.

2.2 Wireless Intruder Detection System (IDS):

There are few tools to monitor and detect suspicious activity on wireless network, such as :

Snort-Wireless - A wireless IDS that is adapted from the snort IDS engine is the snort-wireless system. With the replacement of both source IP address and destination IP address in snort rules with both source MAC address and destination MAC address snort-wireless rules for detecting wireless traffic can be written and the IP layer attacks can be detected. In the wireless world to address some of the common threats that is quite a bit to-do items under the future development.

AirIDS - AirIDS is a wireless intrusion system in which a wireless IDS is been presented with number of interesting aspects. Robust and powerful rules which is user definable, file controls filtering like any other IDS. It also able to make frames in order to provide not just the detection but active defenses against deliberately harmful 802.11 activities.

WIDZ - Loud Fat Bloke (Mark Osborne) built this wireless IDS and it has the modules as follows:

Unauthorized AP monitor - It is responsible for detecting bogus and rogue access points by checking an access point scan that results with a baseline file of all authorized access points.

802.11 Traffic monitor - It includes probe or flood monitoring, MAC and ESSID blacklist and white list.

In order to secure wireless router/modem these following steps are recommended:

Changing router's default password.

Using proper wireless encryption such as WPA2

Controlling the rest function

Changing default SSID

Hiding SSID if its possible

Maximize Beacon Intervals

Changing default wireless encryption key

Use at least 10-14 characters long key, preferably random keys to stop dictionary type key cracking

Scan the for wireless networks around you and use the free channel to stop interference

MAC Filtering

Install Video surveillance near to wireless router to monitor it and mount the place that is hard to reach.

On the next part, we are going to explain "How to" create secure wireless network using "Billion BiPAC 7800N" modem.

3. How to create secure wireless network on "Billion BiPAC 7800N" modem:

Figure 4:

To start changing the default configuration of Modem you need to first access to it's Web interface, to do so you can type "" on your web browser's address bar and press enter. This is shown in Figure 5 below:

Figure 5:

Once you done that, you will need to enter modem's default Username and Password to access to setup page. The default username is "admin" and password is "admin" (both case-sensitive). Congratulations! Now you are in Setup panel. Next step is to click on Quick Start → Wireless, this looks like Figure 6 below:

Figure 6:

This is a default setting with security mode disabled, this makes your network accessible by any unauthorized person.

Figure 7 below shows the unprotected network which are accessible without needing a username or password on windows 7.

Figure 7:

First step to make your wireless network secure is to change default ESSID, this can be any name less than 32 characters.

Now you need to switch to Basic mode Configuration to be able to setup more advanced settings of your wireless network to make it as secure as possible. To do so go to Basic Configuration → Configuration → WLAN.

Figure 8 and 9 is an illustration of this page. There are 4 types of security mode: WPA, WPA2, WPA/WPA2 Preshared Key & WEP. For the best security we recommend to use WPA2 encryption method. In This method you need to choose a password key for your wireless network, and anyone who needs to access to your wireless network needs to know that.

In order to choose a good password key we recommend to choose a password at least 10-14 characters long, if you have problem finding a suitable password, please refer to this website that helps you to generate strong random passwords for your wireless network "http://passwordsgenerator.net/".

You also need to Enable "Hide ESSID" option as shown in Figure 8, this would improve your security by stopping your router broadcasting it's ESSID. However, you need to know your ESSID if you want to connect to your network from different devices.

Figure 8:

Figure 9: (Accessible via Advanced mode only)

The next step to make your wireless network secure is to make a list of devices you want to connect to your wireless network and define them on your router. Every wireless device that uses Wi-Fi networks uses identical physical address, also known as M.A.C address which is 16 hexadecimal value unique for every device (Laptops, PDAs, PCs ,... etc.).

To find your physical address or MAC address in windows 7, you need to follow these step, however there are some free software available that does that for you but they are not really necessary.

In Windows 7 click on Start then on search field type "cmd" without quotes

Type this command in new window "ipconfig /all" - This command would list all available devices on your computer and their information, you can see the output in Figure 10:

Figure 10:

As the Figure 10 demonstrates my wireless MAC address is "16:2F:68:3C:XX:XX" (XX are replaced by real value because of security purposes).

This MAC address value needs to be added to router's known devices , so any device with different MAC address cannot access to your wireless network.

To add you MAC address you need to go to Advanced Configuration → Wireless → MAC Filter and add your MAC address on the field.

Figure 11:

Congratulations! Now you have secure wireless network.