their device set to the same channel or bandwidth can also receive those transmission.
Wireless networks are easy to find. Hackers know that, in order to join a wireless network, your
wireless PC will
typically first listen for "beacon messages". These are identifying packets transmitted from the
wireless network
to announce its presence to wireless nodes looking to connect. These beacon frames are
unencrypted and
contain much of the network's information, such as the network's SSID (Service Set Identifier) and
the IP address
of the network PC or router. The SSID is analogous to the network's name. With this information
broadcast to
anyone within range, hackers are often provided with just the information they need to access that
network.
One result of this, seen in many large cities and business districts, is called "Warchalking". This is
the term used
for hackers looking to access free bandwidth and free Internet access through your wireless
network. The marks
they chalk into the city streets are well documented in the Internet and communicate exactly where
available
wireless bandwidth is located for the taking.
Even keeping your network settings, such as the SSID and the channel, secret won't prevent a
hacker from
listening for those beacon messages and stealing that information. This is why most experts in
wireless
networking strongly recommend the use of WEP (Wireless Equivalent Privacy). WEP encryption
scrambles your
wireless signals so they can only be recognized within your wireless network.
Figure B-1: Warchalking
But even WEP has its problems. WEP's encryption algorithm is referred to as "simple", which also
means
"weak", because the technology that scrambles the wireless signal isn't too hard to crack for a
persistent hacker.
There are five common ways that hackers can break into your network and steal your bandwidth
as well as your
data. The five attacks are popularly known as:
1. Passive Attacks
2. Jamming Attacks
3. Active Attacks
4. Dictionary-building or Table Attacks
5. Man-in-the-Middle Attacks
Passive Attacks
There's no way to detect a passive attack because the hacker is not breaking into your network.
He is simply
listening (eavesdropping, if you will) to the information your network broadcasts. There are
applications easily
available on the Internet that can allow a person to listen into your wireless network and the
information it
broadcasts. Information such as MAC addresses, IP addresses, usernames, passwords, instant
message
conversations, emails, account information, and any data transmitted wirelessly, can easily be
seen by someone
outside of your network because it is often broadcast in clear text. Simply put, any information
transmitted on a
wireless network leaves both the network and individual users vulnerable to attack. All a hacker
needs is a