36 Chapter 2 – Wireless security (half) measures: An overview

Disabling ESSID broadcast

You know now how to negate the security of MAC filtering, but what
about ESSID hiding? Like in the listing above, at times you can find
the following information in place of a network name:

00:19:5B:B3:##:## 206 74 12 0 6 54. OPN <length: 0>

This a result of ESSID broadcasting being disabled on an AP. Until

you obtain a network name, you will not be able to connect to the
network. There are two options in this case.

The first is to wait for a user to log in (the network name is sent
in clear text at logons). The other, much more efficient solution
requires a would-be intruder to disconnect a user, for example using
aireplay-ng from the aircrack-ng toolkit. The tool allows you to
run certain types of attack on WLANs. Type this command in the
terminal in order to deauthenticate a client:

# aireplay-ng -0 1 -a00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 wlan1

The parameters:

aireplay-ng: the tool that deauthenticates a user

-0: the attack number (attack 0 is deauthentication)

1: the number of deauthentication packets to be sent; may be

multiplied; if set to 0, the program will continue deauthenticating
until it is closed (for example by ^C – ctrl + c)

-a 00:14:6C:7E:40:80: the MAC address of the AP

-c 00:0F:B5:34:30:30: the MAC address of the client to be

deauthenticated; if this option is skipped, all stations on the
network are deauthenticated
Disabling ESSID broadcast 37

wlan1: the wireless network interface name

This attack mode works not only with open networks (that use
no authentication and encryption). Why is that? The pivotal item
in the attack was ‘telling’ your target it has been disconnected.
Aireplay generates a deauthentication packet and ‘signs’ it with the
MAC address of the access point. No encryption is applied at the
level at which these commands run, so you do not need a key to
communicate. The levels are referred to as layers and were defined
as early as 1983. The 7-layer model has been developed by the
International Organization for Standardization (ISO). Information
is passed starting at the application layer in one station proceeding
hierarchically from one layer to another layer (implemented by
protocols). The following is an example of opening a web page
on a wireless network: http → tcp → ip → 802.11 → cable →
ADSL → Ethernet → ip → tcp → http. Layers have been introduced as
a means of facilitating the communication between different devices
and systems via protocols that might be developed by different
vendors.