"Security is just as strong as the weakest link." | ||
--Famous Quote in Information Security Domain |
Most penetration testers seem to give all their attention to the WLAN infrastructure and don't give the wireless client even a fraction of that. However, it is interesting to note that a hacker can gain access to the authorized network by compromising a wireless client as well.
In this chapter, we will shift our focus from the WLAN infrastructure to the wireless client. The client can be either a connected or isolated unassociated client. We will take a look at the various attacks that can be used to target the client.
We will cover the following topics:
Normally, when a wireless client such as a laptop is turned on, it will probe for networks it has previously connected to. These networks are stored in a list called the Preferred Network List (PNL) on Windows-based systems. Also, along with this list, the wireless client will display any networks available in its range.
A hacker may do one or more of the following things:
These attacks are called Honeypot attacks, because the hacker's access point is mis-associated with the legitimate one.
In the next exercise, we will carry out both these attacks in our lab.