Chapter 6. Wireless Vulnerabilities

Wireless networks are particularly vulnerable to attacks because it is difficult to prevent physical access to them. The only advantage they have in this respect is that an attacker must be in physical proximity to the network, which can limit the pool of potential attackers. However, with cheap antennae, such as those at, an attacker can pick up or send signals from up to a few miles away. To secure a wireless network, an administrator should know what types of vulnerabilities exist and what types of attacks can exploit them.

Wireless networks are subject to both passive and active attacks. A passive attack is one in which an attacker just captures signals, whereas an active attack is one in which an attacker sends signals, too. Passive attacks are exceedingly easy to carry out with wireless antennae and are undetectable. Any good security mechanism must start with the assumption that an attacker can see everything.

This chapter presents a methodology for understanding how the various wireless networking vulnerabilities relate to each other. It also describes each type of vulnerability and provides examples, both real and theoretical. Although this chapter focuses primarily on basic 802.11, it also delves into EAP-based protocols, ad-hoc mode security, and rogue access points (APs).

Note that the purpose of mentioning attack tools in this chapter is not to teach people how to attack networks. That is already better documented on many websites. The purpose is to give network administrators an introduction to what they will be facing. A demonstration of attacks can be a useful tactic for an administrator who is facing the task of justifying a security budget request to a skeptical superior. The attackers already understand the attacks and the tools. Many administrators need to catch up quickly, and this chapter aims to help them. By knowing the threat, they can better plan and deploy their defenses.