Access control attacks
These attacks attempt to penetrate a network by using wireless or evading WLAN access control
measures, like AP MAC filters and 802.1X port access controls.
Type of Attack
Description
Methods and Tools
War Driving
Discovering wireless LANs by listening
to beacons or sending probe requests,
thereby providing launch point for further
attacks.
Airmon-ng, DStumbler,
KisMAC, MacStumbler,
NetStumbler, Wellenreiter,
WiFiFoFum
Rogue Access
Points
Installing an unsecured AP inside
firewall, creating open backdoor into
trusted network.
Any hardware or software AP
Ad Hoc
Associations
Connecting directly to an unsecured
station to circumvent AP security or to
attack station.
Any wireless card or USB
adapter
MAC Spoofing
Reconfiguring an attacker's MAC address
to pose as an authorized AP or station.
MacChanger, SirMACsAlot,
SMAC, Wellenreiter, wicontrol
802.1X
RADIUS
Cracking
Recovering RADIUS secret by brute
force from 802.1X access request, for use
by evil twin AP.
Packet capture tool on LAN or
network path between AP and
RADIUS server
Confidentiality attacks
These attacks attempt to intercept private information sent over wireless associations, whether
sent in the clear or encrypted by 802.11 or higher layer protocols.
Type of Attack
Description
Methods and Tools
Eavesdropping
Capturing and decoding unprotected
application traffic to obtain potentially
sensitive information.
bsd-airtools, Ettercap, Kismet,
Wireshark, commercial analyzers
WEP Key
Cracking
Capturing data to recover a WEP key
using passive or active methods.
Aircrack-ng, airoway, AirSnort,
chopchop, dwepcrack, WepAttack,
WepDecrypt, WepLab, wesside
Evil Twin AP
Masquerading as an authorized AP by
beaconing the WLAN's service set
identifier (SSID) to lure users.
cqureAP, D-Link G200,
HermesAP, Rogue Squadron,
WifiBSD
AP Phishing
Running a phony portal or Web server
on an evil twin AP to "phish" for user
logins, credit card numbers.
Airpwn, Airsnarf, Hotspotter,
Karma, RGlueAP
