Our wireless networks are only as good as the signal it provides. In this video, you’ll learn how the bad guys are disrupting our wireless infrastructure to help them gain access to our network.
<< Previous Video: Rogue Access Points and Evil TwinsNext: Wardriving and Warchalking >>
One of the challenges with managing connectivity through a wireless network is that these are wireless signals and they can be corrupted, they can be interfered with. Even though it is a digital signal, you still have things that can create problems for you when you’re trying to install wireless connections, when you’re trying to maintain wireless connectivity, and if somebody’s trying to disrupt what’s happening with your network communication making sure that they can interfere with the wireless signals is a great way to do that. This is a bit of a problem because there’s so many devices in our networks, both at work, at home, anywhere we happen to be, that can create this interference– a Bluetooth headset, a microwave oven, a cordless phone– they all can create signals that can create problems for us to receive and transmit traffic through our wireless networks.
If you’re in the United States, it is part of our federal laws that it is illegal to disrupt or interfere with these wireless signals. And a lot of people would like to do this, they’d like to have in their environment to prevent anyone from using a wireless network, to install a jammer inside of their environment that would prevent that. However, those types of things are illegal because interference with these wireless signals creates problems not just for your wireless network but for other wireless devices as well. And since a lot of this revolves around public safety, it’s something that is absolutely illegal to have. There are illegal jammers that are out there, they are a violation of federal law in the United States and they’re probably a violation of a number of laws elsewhere around the world. We have situations where your signal degrades, however, and it may be something that is external to what you’re doing.
If you are degrading the wireless connection from an attacker’s perspective, you can degrade it in a way that people are not able to operate. And if you’re trying to create a denial of service situation, interfering with this wireless signal is a great way to do it. It may be absolutely illegal to do this, but the bad guys generally don’t care so much about the federal laws. Sometimes you’ll see this being used in the case of where there is an evil twin. In our previous video, we talked about wireless evil twins and how they’re used. If I can knock out the wireless signal to the primary excess point to the real access point, then suddenly my evil twin now becomes the standard connection to the network. It’s yet another way to create a denial of service on one access point and have my evil twin become the actual access point that’s now used for everybody.
If you have a way to plug-in some additional devices, like a spectrum analyzer, you can see the exact signals that are on your wireless network and the type of traffic that’s there. So if you’re wondering if somebody might be interfering, or if there’s a third party, or some other device that’s interfering with your wireless network, spectrum analysis can be a great way to narrow down exactly where that’s coming from. Obviously finding this signal that’s disrupting things is your primary goal. And if you have a spectrum analyzer, it’s a great way to narrow that down. You can do some of this analysis if you have some simple software that examines traffic.
Maybe you’re just finding a rogue access point that’s somebody has set up. But if this is not a normal 802.11 communication, it may be just a blast of signal and has nothing to do with 802.11 communication, you’re going to need a spectrum analyzer. And as you can tell, these spectrum analysis software and hardware combinations are not the easiest thing to understand. It may take a little bit of work and a little bit of training to see exactly what all of these things mean as these different colors and different lines are going across the screen.
You can also take your existing access point and sometimes there’s an option to boost the signal. This is something that’s not available on all access points, but generally the access points that are in a large environments, in corporate environments, those types of access points tend to have this flexibility so that you can adjust the exact signal you would like. And if there is another device out there creating interference, sometimes boosting the signal can allow other people to hear what that access point is saying. You also might want to try different frequencies. If the bad guys are focusing on taking your access points down by creating interference, they may have only selected a certain narrow band of frequencies just to take your access point down and perhaps not someone else’s.
So one of the things you can do if you have spectrum analysis, you can see exactly which frequencies are in use. And if you’re down at the lower channels, you may want to set your access point to operate at higher channels away from the offending interference. This maybe a cat and mouse thing. You may be moving back and forth. And in the meantime perhaps you can hunt down where the offending signal is coming from. And if somebody is maliciously trying to create interference so that your network isn’t going to operate, that may be your primary goal to be able to find that, get it off the network, and allow your network traffic to communicate normally.