Results 1 to 2 of 2

Thread: Weakness Ad hoc Wireless networks

  1. May 8th, 2006, 08:37 AM #1
    d_dragons_007
    d_dragons_007 is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    1

    Weakness Ad hoc Wireless networks

    hiya folks,

    Recently i started a project on developing an IDS for wireless ad hoc networks. And found that ad hoc networks will be the hackers' playground in the near future. I just wanna show some interesting attack scenario in these popular network systems. In this network system, every node act as an router.

    If u wanna have some intro abt ad hoc systems chk this site Introduction to Ad hoc networks).

    Ad hoc networks use two kind of routing protocols - proactive and reactive. (eg. AODV, OLSR, etc)

    This attack scenario uses OLSR : chk this website OLSR

    Imagine a host wanting to be able to serve clients in an OLSR(routing protocol) with a fake web-page when clients request an often used web-server. The attacker needs to consider the following:

    1. Become accepted as a router in the MANET routing domain.
    2. Get Internet destined traffic routed to the local node.
    3. Intercept traffic destined for the address for which to serve the fake web-page.
    4. Reply to all requests for the address for which to serve the fake web-page.

    The first step is easily accomplished if no security mechanisms are used on the lower layers. An example of such a mechanism would be the WEP protocol. Due to this protocols many weaknesses, the attacker could break this security-layer by using tools freely available. When the attacker is able to communicate with the nodes in the MANET on the IP layer, she can participate in the OLSR routing by starting her own OLSR daemon.

    Step 2 requires some more effort if all Internet traffic is to be routed to the attackers host. This could probably be accomplished to a high degree by emitting HELLO and TC messages declaring all nodes heard of in the MANET as symmetric neighbors, while emitting HNA messages declaring Internet connectivity. Another approach could be to try to bring all other Internet gateways down by DoS attacks. But by emitting HNA messages, the rouge node will get all Internet traffic from at least a subset of the MANET routed to itself. If the attackers node actually has Internet access, it is probable that no MANET nodes would be alarmed since commonly used services, such as DNS, should work normally.

    The third step can be accomplished by many more or less sophisticated techniques, but the most trivial approach is for the attacker to assign the address of the destination it wishes to intercept to itself. The attacker still uses another address for OLSR routing, but as hosts can be configured with multiple IP addresses this poses no problem. Now all traffic to a given Internet address will be routed to the rouge node, and upon reception the node will not forward the traffic, but pass it up the network stack.

    To accomplish step 4 the rouge node only has to run the service(s) that should be faked. In our example this will be a HTTP server running at TCP port 80.

    The two latter steps could be done in a much more sophisticated manner. As an example one could use IP filtering technology to only intercept traffic destined for a certain TCP port and forward all other traffic to the actual Internet host. Another way could be to intercept all DNS traffic and resolve host names of interest to the nodes IP.

    Inspite of all these weakness, i see lot of commercial applications such as bluetooth( lilttle variation from ad hoc) being implemented.
    Only a fool learns from his mistakes. A Wise man learns from others\' mistakes.
    Reply With Quote Reply With Quote
  2. May 8th, 2006, 05:55 PM #2
    thehorse13
    thehorse13 is offline
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Recently i started a project on developing an IDS for wireless ad hoc networks.
    Major players in the security sector are way ahead of you. Take a look at ISS for just one example. There are many more.

    And found that ad hoc networks will be the hackers' playground in the near future.
    Really? How many businesses do you know of that actually allow this implementation? Based on regulatory compliance, no one will be able to do this in the near future. This leaves home users and businesses that don't have to comply. Even then, how many understand how to setup ad-hoc WiFi?

    Inspite of all these weakness, i see lot of commercial applications such as bluetooth( lilttle variation from ad hoc) being implemented.
    Now here is where I agree with you. Bluetooth (which I classify separately from traditional wireless) and RFID allow scary amounts of leakage at close range.

    As a POC, I sat on the patio of a local coffee shop with a simple bluetooth directional antenna (built with internet instructions) and I was able to see *tons* of sensitive information.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules