Help with college report on wireless security

[irlkeith]

Hey,

I hate to ask, especially as i am not a regular poster,But I'm gonna ask anyway!

I have a 30 page college report to do for my network security subject. I need to do some kind of report on public hotspots. Its nice and vague, so there is room to do pretty much whatever I want.

as its a public hotspot, wpa and other securities are useless, so i cant write on them.

I was thinking of other attacks such as sniffing and MITM attacks.

They maybe a part of how to secure yourself, mabye using a vpn connection to a pc at home or something?

If anyone has any ideas i would appreciate them.

A free pint awaits anyone visiting south Ireland if they trash out some ideas ;)

Thanks guys,

Keith.

[stingwray]

Well as you said, MITM is a good place to start.

Public Wifi tends to use a Captive Portal for authentication and theres lots you can do in that area (a simple example was with Starbucks giving iPhone users free internet, authentication was on the browser signature, so everybody changed their sigs to the same as the iPhone and got free Wifi).

Also you have DoS of the customers by sending out de-auth packets all the time making them drop their connections constantly.

You could look into the Fon movement, which sets up two APs, one secure for yourself and one public for everybody else, don't know if there is any security research on breaking into that device from the public and getting into the secure.

[DingleBerries]

"We have nothing to fear, but... Getting owned on the internets."

-- Someone who had their bank account info Stolen

"Better to have loved and lost... then to have your cookies jacked online."

-- Someone who had thier Myspace hacked

I just wanted to put those, but as for your paper. Here are a few Discussion items:

Side Jacking

Air Pwn

Hardware buffer overflows, in the WOL protocol

Jasager

Poising Attacks, DHCP, ect.

Browser Exploits, Nmap, general hacking on a network when one anonymous and doesn't really have to worry about being traced

More info

http://www.ethicalhacker.net/content/view/66/24/

[irlkeith]

thanks guys for the quick replies.

Theres some great info there in only four hours :)

i'll go through it in more detail tomorrow, but it looks like 2 pages on everythign mentioned here and i'm sorted.

might even learn something along the way too.

I ordered a fon about 2 months ago, but there was a problem delivering it, still waiting on it to arrive. was hoping to have my own pineapple setup before i have to hand this up

[Razor512]

if needed you can also talk about DOS attacks on wireless networks

[StarchyPizza]

Watch a couple episodes of hak5 and they'll discuss how easy it is to sniff packets, hijack cookie sessions, and setup the fon... Then you can either watch further or Google efficient ways to protect yourself against these attack.

[psydT0ne]

Check out the podcast called Security Now, steve gibson had a good talk about the latest wpa crack and it's why's and wherefore's.

might be worth checking out...

[DingleBerries]

And bring up Moore's Law, and how that will affect encryption industry(smaller, faster computers means it will be easier for people to break into things). Also try to reference something to High Lander or Bad Boys 2.