Title :
Bypassing web-based wireless authentication systems
Author :
Hassan, Ahmed ; Zhang, Xiaowen
Author_Institution :
Dept. of Comput. Sci., Coll. of Staten Island/CUNY, Staten Island, NY, USA
Abstract :
A lot of college wireless networks use software systems and web-based logins to authenticate users. In this paper we find that it is not hard to bypass such authentication. An attacker can use DHCP request to collect information about the users on the network. It makes the attacker much easier to gain unauthorized access to the network facilities. This can be done by putting the network card on monitor mode, and filter the network frames based on the collected MAC addresses. Once any client is disconnected from the network, the attacker can spoof the client´s MAC address and connect to the network. The authentication system is going to accept the spoofed MAC address and let the attacker to connect to the network.
Keywords :
access protocols; computer network security; radio networks; MAC address; authenticate users; network card on monitor; software systems; web-based wireless authentication systems; Authentication; Educational institutions; IP networks; Protocols; Servers; Software; Wireless networks; MAC address spoofing; web-based authenticate systems; wireless network security;
Conference_Titel :
Systems, Applications and Technology Conference (LISAT), 2011 IEEE Long Island
Conference_Location :
Farmingdale, NY
Print_ISBN :
978-1-4244-9878-9
Electronic_ISBN :
978-1-4244-9877-2
DOI :
10.1109/LISAT.2011.5784246
