welcome user, of hacking world - it had changed in "TRICKYA"
so, there has all types of hacking , trick, educational,movie , songs, books, feeds,current news,new topics, social networking which you like most with direct chatting and many kinds of other downloads which is free,key of all types software,latest software,application,mobile news,application, wallpaper, animated screensavers,network hacking tricks,mobile hacking tricks, pc hackings tricks,many of more tricks in this bloggs
what is a symbian phone? guys like in pc we have windows and linux and dos as operating systems Symbian is a name of an operating system of nokia phones developed by sun microsystems. Symbian series is the most common and widely known and used series of all smartphone operating systems(a smart phone is a phone which has compatibility for more applications then already present in your phone). Others series are Windows mobile(pocket pc) simple java supported phones J2ME(Mostly sony ericsson phones) and symbian UIQ3(Sony ericsson's touch screen symbian phones like P910i, P990i, M600i etc)
As already told this tutorial is only dedicated to symbian series so only features about it will be discussed only. Symbian series is divided into mainly about 5 categories. First is symbian 60v1 which included phones like Ngage Qd,classic etc.. This was the most sluggish series of symbian phones which included phones with very less compatibility and output. Then came a slight better series s60v2 which contained phones like 6600,7610,3230,6670,6680,6630,6681,N70,N72,N90 . This series was many times more better than previous series in compatibility, hardware and performance. Phones like n70 and n72 are also popular today. The next series was totally different platform then previous two and known as s60v3 or os9 series. Its basic phones were N91, n73, N80, N73 etc. Those phones were better then previous all as those contained many new features like carl zeus optics lens, power ful flashes and features like wiFI AND GPS. This series laid the foundation of the two most latest and widely used series os 9.2,3 and Os 9.5 Os 9.2 and 9.3 contains phones like N81,82,85,95,96,79 and all such power ful devices which had hardware and software support of N73 and N91 in addition to super fast speed and better and vast functions. Os9.5 or s60v5 is a series containing touch screen phones having features of Os9.2 and 3 till date only two os9.5 phone are available i.e N97 and 5800
.Xplore 1.22 Nokia phones have inbuilt file manager and gallery but they simply are useless. Most fastest and best way to sure through your user data is xplore1.22 Version 1.22 is best as it has all features of 1.30 and its free from authentication patches which make you fall for tricks of lonely cat games. Xplore has fastest surfing through user data power and also can open zip, RAR, Doc and other files which do not open in file manager if you dont have their applications. You can also zip files using xplore. Xplore can also see hidden and system files unlike default players and with this feature you can do many things like deleting viruses manually, copying useful bookmark information, getting java installers and most common Hiding your adult clips from others lol
Hi friends after a lots of try to hacking a bsnl 3g i find new trick to hacks 3g network.. This trick for how to use free internet on bsnl/mtnl 3G. Not a trick that how to get 3G network. THIS IS UNLIMITED. Read carefully then reply no need to recharge of 230. Yes Friends. Bsnl/mtnl 3G is free now. So here is your trick. Requirments - 3G phone n 3G or 2G sim. 3G network. I would preffer os9.2 phones. Because these phones have some significant features.
Trick - first of all u have to select gsm mode. Go to settings then network settings n then select network mode GSM. After that go to ur web browser n open any site. Try to open light site. After opening any page go to network settings again n choose UMTS mode. Thats it. Ur 3G net is free now.
When u enters from GSM to UMTS 1 paisa or 2 paise will be deduct from ur account. This trick is working all over the India. This trick is for os 9.1 or other higher level phones which dont reboot when we change the network mode. Example-5320 xm, 5800, n95 etc n E series full.
here is for other phones os8, os8.1, os9, os9.1rn- if u have n73, n72, n70, 6630 etc mobiles it is more difficult for them. For n73 or other UMTS phones of this range dont use UMTS mode. Use dual mode in ur network. Find an area in ur home where u don't get 3G network. When u gets only 2 parellel signal means only 2G signal open ur browser n open google.com. It is light site n will nt cost more than 1 paisa. Then come to 3G area. U'll get service msg that ur 1 paisa has been deduct. Then enjoy ur 3G free of cost.USE bsnlnet as apn instead of bsnlgprs. post your valuable comments if you like this.............
Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
We use the term hacking as described below.
hacker n. [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
2. Wireless LAN Overview In this section, we give a brief overview of wireless LAN (WLAN) while emphasizing the features that help an attacker. We assume that the reader is familiar with the TCP/IP suite (see, e.g., [Mateti 2003]). IEEE 802.11 refers to a family of specifications (www.ieee802.org/11/) developed by the IEEE for over-the-air interface between a wireless client and an AP or between two wireless clients. To be called 802.11 devices, they must conform to the Medium Access Control (MAC) and Physical Layer specifications. The IEEE 802.11 standard covers the Physical (Layer 1) and Data Link (Layer 2) layers of the OSI Model. In this article, we are mainly concerned with the MAC layer and not the variations of the physical layer known as 802.11a/b/g. 2.1 Stations and Access Points A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station. An access point (AP) is a station that provides frame distribution service to stations associated with it. The AP itself is typically connected by wire to a LAN. The station and AP each contain a network interface that has a Media Access Control (MAC) address, just as wired network cards do. This address is a world-wide-unique 48-bit number, assigned to it at the time of manufacture. The 48-bit address is often represented as a string of six octets separated by colons (e.g., 00:02:2D:17:B9:E8) or hyphens (e.g., 00-02-2D-17-B9-E8). While the MAC address as assigned by the manufacturer is printed on the device, the address can be changed in software. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage. If two wireless networks are physically close, the SSIDs label the respective networks, and allow the components of one network to ignore those of the other. SSIDs can also be mapped to virtual LANs; thus, some APs support multiple SSIDs. Unlike fully qualified host names (e.g., gamma.cs.wright.edu), SSIDs are not registered, and it is possible that two unrelated networks use the same SSID. 2.2 Channels The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other. 2.3 WEP Wired Equivalent Privacy (WEP) is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm. The shared-secret key is either 40 or 104 bits long. The key is chosen by the system administrator. This key must be shared among all the stations and the AP using mechanisms that are not specified in the IEEE 802.11.
2.4 Infrastructure and Ad Hoc Modes A wireless network operates in one of two modes. In the ad hoc mode, each station is a peer to the other stations and communicates directly with other stations within the network. No AP is involved. All stations can send Beacon and Probe frames. The ad hoc mode stations form an Independent Basic Service Set (IBSS). A station in the infrastructure mode communicates only with an AP. Basic Service Set (BSS) is a set of stations that are logically associated with each other and controlled by a single AP. Together they operate as a fully connected wireless network. The BSSID is a 48-bit number of the same format as a MAC address. This field uniquely identifies each BSS. The value of this field is the MAC address of the AP. 2.5 Frames Both the station and AP radiate and gather 802.11 frames as needed. The format of frames is illustrated below. Most of the frames contain IP packets. The other frames are for the management and control of the wireless connection. There are three classes of frames. The management frames establish and maintain communications. These are of Association request, Association response, Reassociation request, Reassociation response, Probe request, Probe response, Beacon, Announcement traffic indication message, Disassociation, Authentication, Deauthentication types. The SSID is part of several of the management frames. Management messages are always sent in the clear, even when link encryption (WEP or WPA) is used, so the SSID is visible to anyone who can intercept these frames. The control frames help in the delivery of data. The data frames encapsulate the OSI Network Layer packets. These contain the source and destination MAC address, the BSSID, and the TCP/IP datagram. The payload part of the datagram is WEP-encrypted. 2.6 Authentication Authentication is the process of proving identity of a station to another station or AP. In the open system authentication, all stations are authenticated without any checking. A station A sends an Authentication management frame that contains the identity of A, to station B. Station B replies with a frame that indicates recognition, addressed to A. In the closed network architecture, the stations must know the SSID of the AP in order to connect to the AP. The shared key authentication uses a standard challenge and response along with a shared secret key. 2.7 Association Data can be exchanged between the station and AP only after a station is associated with an AP in the infrastructure mode or with another station in the ad hoc mode. All the APs transmit Beacon frames a few times each second that contain the SSID, time, capabilities, supported rates, and other information. Stations can chose to associate with an AP based on the signal strength etc. of each AP. Stations can have a null SSID that is considered to match all SSIDs. The association is a two-step process. A station that is currently unauthenticated and unassociated listens for Beacon frames. The station selects a BSS to join. The station and the AP mutually authenticate themselves by exchanging Authentication management frames. The client is now authenticated, but unassociated. In the second step, the station sends an Association Request frame, to which the AP responds with an Association Response frame that includes an Association ID to the station. The station is now authenticated and associated. A station can be authenticated with several APs at the same time, but associated with at most one AP at any time. Association implies authentication. There is no state where a station is associated but not authenticated.
Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. Sniffing is the act by a machine S of making copies of a network packet sent by machine A intended to be received by machine B. Such sniffing, strictly speaking, is not a TCP/IP problem, but it is enabled by the choice of broadcast media, Ethernet and 802.11, as the physical and data link layers.
Sniffing has long been a reconnaissance technique used in wired networks. Attackers sniff the frames necessary to enable the exploits described in later sections. Sniffing is the underlying technique used in tools that monitor the health of a network. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.
It is easier to sniff wireless networks than wired ones. It is easy to sniff the wireless traffic of a building by setting shop in a car parked in a lot as far away as a mile, or while driving around the block. In a wired network, the attacker must find a way to install a sniffer on one or more of the hosts in the targeted subnet. Depending on the equipment used in a LAN, a sniffer needs to be run either on the victim machine whose traffic is of interest or on some other host in the same subnet as the victim. An attacker at large on the Internet has other techniques that make it possible to install a sniffer remotely on the victim machine. 3.1 Passive Scanning
Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner.
An attacker can passively scan without transmitting at all. Several modes of a station permit this. There is a mode called RF monitor mode that allows every frame appearing on a channel to be copied as the radio of the station tunes to various channels. This is analogous to placing a wired Ethernet card in promiscuous mode. This mode is not enabled by default. Some wireless cards on the market today have disabled this feature in the default firmware. One can buy wireless cards whose firmware and corresponding driver software together permit reading of all raw 802.11 frames. A station in monitor mode can capture packets without associating with an AP or ad-hoc network. The so-called promiscuous mode allows the capture of all wireless packets of an associated network. In this mode, packets cannot be read until authentication and association are completed.
An example sniffer is Kismet (http://www.kismetwireless.net). An example wireless card that permits RF monitor modes is Cisco Aironet AIR-PCM342.
The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
On a number of APs, it is possible to configure so that the SSID transmitted in the Beacon frames is masked, or even turn off Beacons altogether. The SSID shown in the Beacon frames is set to null in the hope of making the WLAN invisible unless a client already knows the correct SSID. In such a case, a station wishing to join a WLAN begins the association process by sending Probe Requests since it could not detect any APs via Beacons that match its SSID.
If the Beacons are not turned off, and the SSID in them is not set to null, an attacker obtains the SSID included in the Beacon frame by passive scanning.
When the Beacon displays a null SSID, there are two possibilities. Eventually, an Associate Request may appear from a legitimate station that already has a correct SSID. To such a request, there will be an Associate Response frame from the AP. Both frames will contain the SSID in the clear, and the attacker sniffs these. If the station wishes to join any available AP, it sends Probe Requests on all channels, and listens for Probe Responses that contain the SSIDs of the APs. The station considers all Probe Responses, just as it would have with the non-empty SSID Beacon frames, to select an AP. Normal association then begins. The attacker waits to sniff these Probe Responses and extract the SSIDs.
If Beacon transmission is disabled, the attacker has two choices. The attacker can keep sniffing waiting for a voluntary Associate Request to appear from a legitimate station that already has a correct SSID and sniff the SSID as described above. The attacker can also chose to actively probe by injecting frames that he constructs, and then sniffs the response as described in a later section.
When the above methods fail, SSID discovery is done by active scanning (see Section 5).
hi hackers ........ all r welcome in hacker world
ReplyDeletewhat is a symbian phone?
ReplyDeleteguys like in pc we have windows and linux and dos as operating systems Symbian is a name of an operating system of nokia phones developed by sun microsystems. Symbian series is the most common and widely known and used series of all smartphone operating systems(a smart phone is a phone which has compatibility for more applications then already present in your phone). Others series are Windows mobile(pocket pc) simple java supported phones J2ME(Mostly sony ericsson phones) and symbian UIQ3(Sony ericsson's touch screen symbian phones like P910i, P990i, M600i etc)
As already told this tutorial is only dedicated to symbian series so only features about it will be discussed only.
Symbian series is divided into mainly about 5 categories. First is symbian 60v1 which included phones like Ngage Qd,classic etc.. This was the most sluggish series of symbian phones which included phones with very less compatibility and output. Then came a slight better series s60v2 which contained phones like 6600,7610,3230,6670,6680,6630,6681,N70,N72,N90 . This series was many times more better than previous series in compatibility, hardware and performance. Phones like n70 and n72 are also popular today.
The next series was totally different platform then previous two and known as s60v3 or os9 series. Its basic phones were N91, n73, N80, N73 etc. Those phones were better then previous all as those contained many new features like carl zeus optics lens, power ful flashes and features like wiFI AND GPS. This series laid the foundation of the two most latest and widely used series os 9.2,3 and Os 9.5
Os 9.2 and 9.3 contains phones like N81,82,85,95,96,79 and all such power ful devices which had hardware and software support of N73 and N91 in addition to super fast speed and better and vast functions. Os9.5 or s60v5 is a series containing touch screen phones having features of Os9.2 and 3 till date only two os9.5 phone are available i.e N97 and 5800
.Xplore 1.22
ReplyDeleteNokia phones have inbuilt file manager and gallery but they simply are useless. Most fastest and best way to sure through your user data is xplore1.22
Version 1.22 is best as it has all features of 1.30 and its free from authentication patches which make you fall for tricks of lonely cat games. Xplore has fastest surfing through user data power and also can open zip, RAR, Doc and other files which do not open in file manager if you dont have their applications. You can also zip files using xplore. Xplore can also see hidden and system files unlike default players and with this feature you can do many things like deleting viruses manually, copying useful bookmark information, getting java installers and most common Hiding your adult clips from others lol
Hi friends after a lots of try to hacking a bsnl 3g i find new trick to hacks 3g network..
ReplyDeleteThis trick for how to use free internet on bsnl/mtnl 3G. Not a trick that how to get 3G network. THIS IS UNLIMITED.
Read carefully then reply no need to recharge of 230.
Yes Friends. Bsnl/mtnl 3G is free now.
So here is your trick.
Requirments - 3G phone n 3G or 2G sim. 3G network.
I would preffer os9.2 phones. Because these phones have some significant features.
Trick - first of all u have to select gsm mode. Go to settings then network settings n then select network mode GSM.
After that go to ur web browser n open any site.
Try to open light site. After opening any page go to network settings again n choose UMTS mode. Thats it. Ur 3G net is free now.
When u enters from GSM to UMTS 1 paisa or 2 paise will be deduct from ur account. This trick is working all over the India. This trick is for os 9.1 or other higher level phones which dont reboot when we change the network mode. Example-5320 xm, 5800, n95 etc n E series full.
here is for other phones os8, os8.1, os9, os9.1rn- if u have n73, n72, n70, 6630 etc mobiles it is more difficult for them.
For n73 or other UMTS phones of this range dont use UMTS mode. Use dual mode in ur network. Find an area in ur home where u don't get 3G network. When u gets only 2 parellel signal means only 2G signal open ur browser n open google.com. It is light site n will nt cost more than 1 paisa. Then come to 3G area. U'll get service msg that ur 1 paisa has been deduct. Then enjoy ur 3G free of cost.USE bsnlnet as apn instead of bsnlgprs.
post your valuable comments if you like this.............
1. Introduction
ReplyDeleteWireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
We use the term hacking as described below.
hacker n. [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
2. Wireless LAN Overview
ReplyDeleteIn this section, we give a brief overview of wireless LAN (WLAN) while emphasizing the features that help an attacker. We assume that the reader is familiar with the TCP/IP suite (see, e.g., [Mateti 2003]).
IEEE 802.11 refers to a family of specifications (www.ieee802.org/11/) developed by the IEEE for over-the-air interface between a wireless client and an AP or between two wireless clients. To be called 802.11 devices, they must conform to the Medium Access Control (MAC) and Physical Layer specifications. The IEEE 802.11 standard covers the Physical (Layer 1) and Data Link (Layer 2) layers of the OSI Model. In this article, we are mainly concerned with the MAC layer and not the variations of the physical layer known as 802.11a/b/g.
2.1 Stations and Access Points
A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station. An access point (AP) is a station that provides frame distribution service to stations associated with it. The AP itself is typically connected by wire to a LAN.
The station and AP each contain a network interface that has a Media Access Control (MAC) address, just as wired network cards do. This address is a world-wide-unique 48-bit number, assigned to it at the time of manufacture. The 48-bit address is often represented as a string of six octets separated by colons (e.g., 00:02:2D:17:B9:E8) or hyphens (e.g., 00-02-2D-17-B9-E8). While the MAC address as assigned by the manufacturer is printed on the device, the address can be changed in software.
Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage. If two wireless networks are physically close, the SSIDs label the respective networks, and allow the components of one network to ignore those of the other. SSIDs can also be mapped to virtual LANs; thus, some APs support multiple SSIDs. Unlike fully qualified host names (e.g., gamma.cs.wright.edu), SSIDs are not registered, and it is possible that two unrelated networks use the same SSID.
2.2 Channels
The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.
2.3 WEP
Wired Equivalent Privacy (WEP) is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm. The shared-secret key is either 40 or 104 bits long. The key is chosen by the system administrator. This key must be shared among all the stations and the AP using mechanisms that are not specified in the IEEE 802.11.
2.4 Infrastructure and Ad Hoc Modes
ReplyDeleteA wireless network operates in one of two modes. In the ad hoc mode, each station is a peer to the other stations and communicates directly with other stations within the network. No AP is involved. All stations can send Beacon and Probe frames. The ad hoc mode stations form an Independent Basic Service Set (IBSS).
A station in the infrastructure mode communicates only with an AP. Basic Service Set (BSS) is a set of stations that are logically associated with each other and controlled by a single AP. Together they operate as a fully connected wireless network. The BSSID is a 48-bit number of the same format as a MAC address. This field uniquely identifies each BSS. The value of this field is the MAC address of the AP.
2.5 Frames
Both the station and AP radiate and gather 802.11 frames as needed. The format of frames is illustrated below. Most of the frames contain IP packets. The other frames are for the management and control of the wireless connection.
There are three classes of frames. The management frames establish and maintain communications. These are of Association request, Association response, Reassociation request, Reassociation response, Probe request, Probe response, Beacon, Announcement traffic indication message, Disassociation, Authentication, Deauthentication types. The SSID is part of several of the management frames. Management messages are always sent in the clear, even when link encryption (WEP or WPA) is used, so the SSID is visible to anyone who can intercept these frames.
The control frames help in the delivery of data.
The data frames encapsulate the OSI Network Layer packets. These contain the source and destination MAC address, the BSSID, and the TCP/IP datagram. The payload part of the datagram is WEP-encrypted.
2.6 Authentication
Authentication is the process of proving identity of a station to another station or AP. In the open system authentication, all stations are authenticated without any checking. A station A sends an Authentication management frame that contains the identity of A, to station B. Station B replies with a frame that indicates recognition, addressed to A. In the closed network architecture, the stations must know the SSID of the AP in order to connect to the AP. The shared key authentication uses a standard challenge and response along with a shared secret key.
2.7 Association
Data can be exchanged between the station and AP only after a station is associated with an AP in the infrastructure mode or with another station in the ad hoc mode. All the APs transmit Beacon frames a few times each second that contain the SSID, time, capabilities, supported rates, and other information. Stations can chose to associate with an AP based on the signal strength etc. of each AP. Stations can have a null SSID that is considered to match all SSIDs.
The association is a two-step process. A station that is currently unauthenticated and unassociated listens for Beacon frames. The station selects a BSS to join. The station and the AP mutually authenticate themselves by exchanging Authentication management frames. The client is now authenticated, but unassociated. In the second step, the station sends an Association Request frame, to which the AP responds with an Association Response frame that includes an Association ID to the station. The station is now authenticated and associated.
A station can be authenticated with several APs at the same time, but associated with at most one AP at any time. Association implies authentication. There is no state where a station is associated but not authenticated.
3. Wireless Network Sniffing
ReplyDeleteSniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. Sniffing is the act by a machine S of making copies of a network packet sent by machine A intended to be received by machine B. Such sniffing, strictly speaking, is not a TCP/IP problem, but it is enabled by the choice of broadcast media, Ethernet and 802.11, as the physical and data link layers.
Sniffing has long been a reconnaissance technique used in wired networks. Attackers sniff the frames necessary to enable the exploits described in later sections. Sniffing is the underlying technique used in tools that monitor the health of a network. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.
It is easier to sniff wireless networks than wired ones. It is easy to sniff the wireless traffic of a building by setting shop in a car parked in a lot as far away as a mile, or while driving around the block. In a wired network, the attacker must find a way to install a sniffer on one or more of the hosts in the targeted subnet. Depending on the equipment used in a LAN, a sniffer needs to be run either on the victim machine whose traffic is of interest or on some other host in the same subnet as the victim. An attacker at large on the Internet has other techniques that make it possible to install a sniffer remotely on the victim machine.
3.1 Passive Scanning
Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner.
An attacker can passively scan without transmitting at all. Several modes of a station permit this. There is a mode called RF monitor mode that allows every frame appearing on a channel to be copied as the radio of the station tunes to various channels. This is analogous to placing a wired Ethernet card in promiscuous mode. This mode is not enabled by default. Some wireless cards on the market today have disabled this feature in the default firmware. One can buy wireless cards whose firmware and corresponding driver software together permit reading of all raw 802.11 frames. A station in monitor mode can capture packets without associating with an AP or ad-hoc network. The so-called promiscuous mode allows the capture of all wireless packets of an associated network. In this mode, packets cannot be read until authentication and association are completed.
An example sniffer is Kismet (http://www.kismetwireless.net). An example wireless card that permits RF monitor modes is Cisco Aironet AIR-PCM342.
3.2 Detection of SSID
ReplyDeleteThe attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
On a number of APs, it is possible to configure so that the SSID transmitted in the Beacon frames is masked, or even turn off Beacons altogether. The SSID shown in the Beacon frames is set to null in the hope of making the WLAN invisible unless a client already knows the correct SSID. In such a case, a station wishing to join a WLAN begins the association process by sending Probe Requests since it could not detect any APs via Beacons that match its SSID.
If the Beacons are not turned off, and the SSID in them is not set to null, an attacker obtains the SSID included in the Beacon frame by passive scanning.
When the Beacon displays a null SSID, there are two possibilities. Eventually, an Associate Request may appear from a legitimate station that already has a correct SSID. To such a request, there will be an Associate Response frame from the AP. Both frames will contain the SSID in the clear, and the attacker sniffs these. If the station wishes to join any available AP, it sends Probe Requests on all channels, and listens for Probe Responses that contain the SSIDs of the APs. The station considers all Probe Responses, just as it would have with the non-empty SSID Beacon frames, to select an AP. Normal association then begins. The attacker waits to sniff these Probe Responses and extract the SSIDs.
If Beacon transmission is disabled, the attacker has two choices. The attacker can keep sniffing waiting for a voluntary Associate Request to appear from a legitimate station that already has a correct SSID and sniff the SSID as described above. The attacker can also chose to actively probe by injecting frames that he constructs, and then sniffs the response as described in a later section.
When the above methods fail, SSID discovery is done by active scanning (see Section 5).
NOKIA launch dual sim mobile C1,C2 soon
ReplyDelete