361
Index
Layer 2 Tunneling Protocol (L2TP) for, 280
Point-to-Point Tunneling Protocol (PPTP)
for, 279–280, 295
Secure Shell (SSH2) for, 280
sniffing, 102–103
types of, 279
vulnerabilities. See also human vulnerabilities
for all networks, 12–13
AP weaknesses, 104–105
defined, 11
for network-level attacks, 18
for non-technical attacks, 17
reporting all findings, 25, 314–316
for smaller networks, 12
for software attacks, 18
threats versus, 11
vulnerability assessment or testing. See also
ethical hacking; penetration testing
automatic, 40–41
for client vulnerabilities, 99–110
for default settings, 77
defined, 39
ethical hacking versus, 1, 10
for firmware vulnerabilities, 129
further information, 41
manual, 40
overview, 39–40
for social engineering, 71–74
for unauthorized equipment, 75–76
vulnerability databases, 41, 332
• W •
warchalking, 169
warcycling, 169
wardriving. See also specific software
countermeasures, 174–176
defined, 22, 131
first conviction for, 22
Kismet for, 156–167
legal and ethical issues, 317
MiniStumbler for, 170–173
NetStumbler for, 132–152
origin of name, 169
other software for, 173–174
other war memes, 169
overview, 131–132
tools for, 335–336
unbinding the NIC for, 309–312
WarLinux for, 168–169
Wellenreiter for, 167–168
warflying, 169
warkayaking, 169
WarLinux CD distribution, 56
WarLinux wardriving tool, 168–169
Warning! icon, 5
warspying, 169
warsurfing, 169
warwalking, 169
Waterfall Spectrum Analyzer, 90
wave guide cantennae, 60, 62
Wavemon link-monitoring tool, 87
WDMZ (wireless demilitarized zone), 297
Web sites. See Internet resources
Wellenreiter wardriving tool, 167–168
WEP (Wired Equivalent Privacy)
active traffic injection attacks, 263–264
AP encryption settings, 258–259
attacking, 263–264
changing keys, 259
cracking keys, 264–274
cracking tools, 338
Cyclic Redundancy Check (CRC),
256–257, 260
encryption flaws, 78, 256, 259–263
extensions for longer key lengths, 256
hacking wireless clients for keys,
109–110
key vulnerabilities other than encryption,
261–263
multiple uses for keys in, 261
overview, 256
passcode generation, 262
passive attack decryption, 264
RC4 algorithm, 258, 260–261, 283–284
risks for larger networks, 13
rotating keys, 275
shared-key problems, 259, 262, 283–284
social engineering to obtain key(s), 73
summary of weaknesses, 262
table-based attacks, 264
types of attacks, 259
vulnerability information online, 110
WepAttack WEP cracker, 274
WEPcrack key-cracking tool, 265–267
WepLab WEP-key cracking tool, 273–274
WEPWedgie traffic injection tool, 263
white-hat hacking. See ethical hacking
WIDS (wireless intrusion-detection system),
253–254, 296
Wi-Fi Alliance, 10, 329
Wi-Fi databases, footprinting using, 34–35
30_597302_bindex.qxd 8/4/05 7:27 PM Page 361
(17 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce