• DocumentCode
    3378338
  • Title

    Bypassing web-based wireless authentication systems

  • Author

    Hassan, Ahmed ; Zhang, Xiaowen

  • Author_Institution
    Dept. of Comput. Sci., Coll. of Staten Island/CUNY, Staten Island, NY, USA
  • fYear
    2011
  • fDate
    6-6 May 2011
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    A lot of college wireless networks use software systems and web-based logins to authenticate users. In this paper we find that it is not hard to bypass such authentication. An attacker can use DHCP request to collect information about the users on the network. It makes the attacker much easier to gain unauthorized access to the network facilities. This can be done by putting the network card on monitor mode, and filter the network frames based on the collected MAC addresses. Once any client is disconnected from the network, the attacker can spoof the client´s MAC address and connect to the network. The authentication system is going to accept the spoofed MAC address and let the attacker to connect to the network.
  • Keywords
    access protocols; computer network security; radio networks; MAC address; authenticate users; network card on monitor; software systems; web-based wireless authentication systems; Authentication; Educational institutions; IP networks; Protocols; Servers; Software; Wireless networks; MAC address spoofing; web-based authenticate systems; wireless network security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systems, Applications and Technology Conference (LISAT), 2011 IEEE Long Island
  • Conference_Location
    Farmingdale, NY
  • Print_ISBN
    978-1-4244-9878-9
  • Electronic_ISBN
    978-1-4244-9877-2
  • Type

    conf

  • DOI
    10.1109/LISAT.2011.5784246
  • Filename
    5784246