9 pages

Please download to get full document.

View again

of 9
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
HoneySpot:The Wireless Honeypot G.NARAYANAMMA INSTITUTE OF TECHNOLOGY AND SCIENCES (For Women) Shaikpet,Hyderabad-5000008 CH.BHAVANI 07251A1710 ETM-3/4 Email:bunny.banna@gmail.com Abstract Wireless technologies are the fastest growing segments of today’s telecommunications and computing industry. The ubiquity of wireless networks, both in enterprises and at home, makes extremely important to evaluate and accommodate attacks. In this paper we will first provide an overview of wireless honeyspots,
  HoneySpot:The Wireless HoneypotG.NARAYANAMMA INSTITUTE OF TECHNOLOGY AND SCIENCES (For Women)Shaikpet,Hyderabad-5000008CH.BHAVANI D.HARSHITHA07251A1710 07251A1711ETM-3/4 ETM-3/4Email:bunny.banna@gmail.com Email:hari.donthula1711@gmail.com  Abstract  Wireless technologies are the fastest growing  segments of today’s telecommunications and computing industry. The ubiquity of wirelessnetworks, both in enterprises and at home,makes extremely important to evaluate and accommodate the security mechanismscurrently available to the real threats and attacks. In this paper we will first provide anoverview of wireless honeyspots, to further analyze the wireless honeypots objectives and its taxonomy.The paper then mainly focuses on the detailsof the design and architecture of an 802.11wireless honeypot, providing an extensiveoverview of its different components and their requirements. Some guidance is provided froma deployment and implementation perspective,and finally, how this solution can be further enhanced, and extended to other wirelessenvironments, is detailed. 1.Introduction:Wireless technologies drive our world, a worldwithout cables where information is availablefrom anywhere at anytime. The hugeexpansion of wireless technologies, andspecifically 802.11 wireless data networks, inthe last years have provided a new battle fieldfor information access. End users andcorporations are heavily interested in takingadvantage of the flexibility, mobility andfreedom offered by wireless technologies toaccess and share information. These allowconnecting to data networks, like the Internet.  Due to the exponential usage of wirelessequipment and technologies today, it isrequired to get an in-depth knowledge aboutthe real exploitation vectors currently used tocompromise wireless networks. Trying to fillthis knowledge gap, the main goal of thisresearch is to analyze the state of real lifewireless hacking, and introduce and promotethe design and deployment of wirelesshoneypots. 2.HONEYSPOT - Definition andTaxonomy: The HoneySpot term has been coined mixingtwo terms, ’ Honey  pot’ and ’ Hot spot ’. Basedon the Honeynet.Project definition, “A honeypot is a systemwhose value is being probed, attacked, or compromised, you want the bad guys tointeract with it”. Based on the Wikipediadefinition a hotspot is “A hotspot is a venuethat offers Wi-Fi access. The public can use alaptop, WiFi phone, or other suitable portabledevice to access the Internet”. Therefore theHoneySpot term accurately summarizes theconcept around wireless honeypots: “AHoneySpot is a venue that offers Wi-Fi accesswhose value is being probed, attacked, or compromised, you want the bad guys tointeract with it”Most of the previous wireless honeypot projects and research were based on easily providing wireless connectivity to the attacker in order to research the activities carried over the wireless network against local or remoteresources. There main purpose was to dispelthe myth that attacks on wireless networkswere simply an attempt to obtain free Internetaccess. Additionally, for those studies wheresomekind of wireless hacking analysis was performed, it was focused on the wirelessnetwork itself, that is, the accesspoints. 2.1.Types of attacks: There are different attack scenarios to consider when talking about wireless technologies andhoneypots, as represented in Figure 1: A . Attacks directed towards the wired network to which the wireless network connects. Theseattacks use the wireless network as a medium but the primary target is the network or information systems beyond it. B . Attacks directed towards the wireless users.These attacks may use the wireless network asa medium to target the user’s device wirelesscapabilities, and exploit the fact that thewireless device is enabled.  C . Attacks directed towards the wirelessnetwork infrastructure. These attacks focus ongaining control of the access point or wirelesscontrollers, that is, the wireless infrastructuredevices. Figure 1. Wireless attack scenariosIt is important to clarify that the main goal of aHoneySpot is to gather information about theattacks performed on the wireless network andthe associated technologies. Specifically inthose attacks that exploit the wirelesstechnologies weaknesses, subvert the securitymechanisms in place, and that are mainlyfocused on the radio frequency (RF) and802.11-based vulnerabilities. Therefore, thegoal is not to analyze the IP-level attacks thatare carried out over HoneySpot wirelessnetworks.Although potentially very similar to the attacks performed over wired networks, attacks carriedout over wireless networks could be analyzedin future related research using the samewireless honeypot design described here. Suchresearch could focus on analyzing andcollecting statistics about the type and natureof IP-level attacks executed over wirelessnetworks, like targeted remote systemexploitation, phising attacks, SPAMgeneration, botnets traffic and control, etc.Other security mechanism at the IP-layer,commonly used in wireless networks, such asVPNs could be added to the analysis. Theresults obtained could be contrasted with thedata collected from wired honeynets with thegoal of deriving some conclusions andcomparisons about the attacker’s profiles andobjectives in both environments, wireless andwired. The major difference with honeypotsconnected to a globally available network,such as the Internet, is that wireless honeypotsare not globally accessible and can only beattacked from malicious users “nearby”therefore, HoneySpots might be used toresearch if different locations might seedifferent types of attack.  2.2Types Of HONETSPOTS: Although in the past some literature referred toFakeAP or Hotspotter as wireless honeypottools, this is not the concept of a wirelesshoneypot referred in this paper. These tools,allow the creation of fake access points withthe goal of attracting the wireless user attention. They can be used for evil, to attractand compromise being wireless users, or can be used for good to attract and monitor malicious users. There are two types of HoneySpots have been defined: 2.2.1.A Public HoneySpot simulates a publicwireless data network, that is, a pure hotspot.Hotspots are commonly available at hotels,airports, coffee shops, libraries, as well asother public places where there is a highinterest in offering Internet connectivity tovisitors and customers. 2.2.2.A Private HoneySpot simulates a private wireless data network, such as thoseavailable in corporations or at home.Typically, a private network offers access to awired network (corporate or home network) tolegitimate wireless clients without the physical barriers associated to wired connections. 3.The type of threats and attacks aHoneySpot is exposed to in bothenvironments are very different:3.1.Public wireless network: On the one hand, in a public wireless network or hotspot, any user is allowed to access thewireless network in order to get basicconnectivity and be able to interact with thenetwork infrastructure. These types of networks have no access control mechanism atthe wireless level. Once IP access has beenachieved, it is possible (and required from the perspective of this research) to have other controls in place to limit the access to thenetwork only to subscribers or customers.Typically these controls (called UniversalAccess Method, UAM) are implemented in theform of a controller, a firewall plus a web- based captive portal, that allow users toauthenticate using a web browser in order toget full network access.Since the main purpose of these hotspots isoffering full Internet access, a PublicHoneySpot is mainly interested in:o Direct client attacks focused on exploitingclient vulnerabilities at the operating systemlevel suchas vulnerabilities in the wirelessadministration client software, or the wirelessdrivers.
Similar documents
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks