Wifi HackingWe can classify the attacks into two main groups: passive attacks and active attacks, which are obviously more dangerous.

  • Passive attacks:

In a wireless network passive listening is even easier than the media air is hardly controllable.

Often, the radio coverage of one access point goes beyond the private domain of a company or an individual. The passive attack the most common is the search for access point.

This attack (called Wardriving) became the “game” the favorite of many hackers, the access points are easily detected by a scanner (equipped with a laptop WiFi card and special software to search for PA.) These cards are equipped with wifi directional antennas (Yagi type) to listen to the radio traffic at a distance outside the coverage area of access point.

There are two types of scanners, liabilities (Kismet, WifiScanner, prismstumbler …) without leaving traces, virtually undetectable and assets (Netstumbler, dstumbler) detectable when listening, they send out “probe request” . Netstumbler only works on Windows, others work with Linux.

The sites identified are then indicated by marking out (with chalk) the following code (Warchalking):


A preliminary traffic analysis allows to find the SSID (network name), the MAC address of access point, throughput, use of WEP encryption and signal quality. Combined with a GPS, the software can locate the access point.

At a higher level of software (or type Aisnort WEPCrack) allow a few hours (depending on traffic), to decipher the WEP key and with the tools and network analysis conventional information retrieval can go further. The attacker can pass a so-called active attacks.

  • Active attacks :

We’ll see, quite briefly, the various known attacks in wired networks and affect, of course, the world of wireless.

1- DoS (Denial of Service)
The denial of service network is often an alternative to other forms of attack because in many cases it is simpler to implement, requires less knowledge and less easily traceable than a direct attack to enter a system to take control.

This attack is intended to prevent legitimate users from accessing services by saturating false requests these services. It is generally based on “bugs” software.
In the wireless environment, it includes blocking access points either by flooding the request of disassociation or Deauthentication (Airjack type program), or more simply by jamming radio signals.

2- Spoofing (impersonation)

IP spoofing is a technique that allows an attacker to send a packet machine appears to be from an IP address other than the attacker’s machine. IP spoofing is not provided an IP address change.

More precisely it is a travesty (he is the technical term) of the IP address in the packets, that is to say that the packets are modified so that they appear to reach d a machine.

3- “Man in the middle” in rural Wi-Fi

This attack is for a Wi-Fi has to have an access point near abroad in other legitimate AP. Stations wishing to connect to the network to deliver PA “felon” their information for the connection.

This information will be used by a pirate station. Just simply a pirate station listening to the traffic, get MAC address of a legitimate station and its AP, and intercalated in the middle.

hack wireless

Bookmark and Share

One Response to “Classification of wireless attacks”

Leave a Reply