802.11 - Wireless Protocol
- Wireless is cheap and ubiquitous
- It's a shared medium like ethernet
- It's a Data Link Layer. There's a lot of electrical engineering underneath to turn radio waves into signals.
Collision detection isn't possible so we need MACA- Multiple Address Collision Avoidance
- Hidden nodes come from nodes connected to a common node that can't see each other. This leads to the node in the middle possibly getting traffic from both at the same time.
- Some nodes are exposed to each other and won't transmit to their neighbors to avoid collision, even when they should be able to.
- MACA helps reserve a time slot. Nodes request the ability to transmit. The receiver transmits that sending is OK with a CTS (Clear to Send) message. Every node that sees CTS stops transmitting, thereby avoiding collisions.
Access Points are physical connections to the network
- A node can roam to different access points (APs) but it has to find them first
- Active Scanning - node looks for access points. Broadcast a probe, wait for responses
- Passive Scanning (more common) - node looks for beacon frames. Find a beacon from nearby AP, send an association request
- Probe/requests can also be used to find other APs, perhaps with a stronger signal. Node is usually chosen manually by the computer user but an OS can also be configured to select certain APs by default or prefer one over another
- Packet sniffing is easier. Traffic is broadcast to everyone in vicinity and radio travels far.
- Unauthenticated Disassociation Requests means anyone can spoof a computer's MAC and send a "drop me" packet to nearby APs. Although it's easy, it's not profitable so not a popular attack.
WEP is broken
- WEP keys are derived from a key (40 or 128 bits) and a 24-bit initialization vector
- RC4 stream cipher uses the XOR operation and, done properly, it is very hard to crack. Given a cipher text of 1, you can never be sure whether it was the plain text or the cipher that contained a 1
- But WEP repeats a part of the cipher - the initialization vector - and it's public. So you can disentangle the plain text if you wait around long enough for the IV to be used twice. Especially since the "plain text" follows a protocol and is bound to be the same very often.
- WEP's 24-bit keyspace isn't very big either. WEP2 uses a larger keyspace for IVs and forces 128 bit keys from the user. Takes longer to crack but still susceptible to same attacks
- Replay Attacks - No authentication with AP means packets can be recorded and then played back by an attacker
- Integrity Problems - CRC is great for detecting natural errors due to physical problems with transmission but it's easily fooled by a crafty attacker.
- Every medium has a protocol for transmission. IP routes traffic across many types of media and many LANs
- IP relies on routers. Any computer with 2 or more network adapters can act as a router
- IP interconnects everything - computers, phones, cable boxes
- Best-effort datagram delivery means there are no guarantees. Other protocols are needed to ensure delivery and accuracy.
- IPv4 is most common, with addresses that look like four numbers separated by a dot. IPv6 and IPSec implement larger address space and higher security, respectively
IP uses a hierarchical network consisting of many subnets
- Subnets must be nearby and be connected physically via wires or radio
- The more addresses (possible hosts) in a subnet, the less of them you can have before the address space is filled.
- Class A networks are the huge backbone of the internet. Class C are smaller networks in a house or an office. Some subnets are "private" and aren't routed to the internet.
- Without subnets, many addresses would be wasted when, for example, a business with 12 computers needed a subnet of 255 addresses. Subnets allow for partitioning and a better use of the finite address space provided by IP addresses