DocumentCode
3378338
Title
Bypassing web-based wireless authentication systems
Author
Hassan, Ahmed ; Zhang, Xiaowen
Author_Institution
Dept. of Comput. Sci., Coll. of Staten Island/CUNY, Staten Island, NY, USA
fYear
2011
fDate
6-6 May 2011
Firstpage
1
Lastpage
4
Abstract
A lot of college wireless networks use software systems and web-based logins to authenticate users. In this paper we find that it is not hard to bypass such authentication. An attacker can use DHCP request to collect information about the users on the network. It makes the attacker much easier to gain unauthorized access to the network facilities. This can be done by putting the network card on monitor mode, and filter the network frames based on the collected MAC addresses. Once any client is disconnected from the network, the attacker can spoof the client´s MAC address and connect to the network. The authentication system is going to accept the spoofed MAC address and let the attacker to connect to the network.
Keywords
access protocols; computer network security; radio networks; MAC address; authenticate users; network card on monitor; software systems; web-based wireless authentication systems; Authentication; Educational institutions; IP networks; Protocols; Servers; Software; Wireless networks; MAC address spoofing; web-based authenticate systems; wireless network security;
fLanguage
English
Publisher
ieee
Conference_Titel
Systems, Applications and Technology Conference (LISAT), 2011 IEEE Long Island
Conference_Location
Farmingdale, NY
Print_ISBN
978-1-4244-9878-9
Electronic_ISBN
978-1-4244-9877-2
Type
conf
DOI
10.1109/LISAT.2011.5784246
Filename
5784246
Link To Document