Airjack detected
This
alarm indicates that WiFi Manager has detected Air Jack or one of its
derivative tool being used in the wireless LAN.
What
is Air Jack ?
AirJack is a free linux-based device driver for WLAN client adapters based on
Prism II chipsets. It exposes API (Application Programming Interface) using which
raw 802.11 frames can be injected into the wireless LAN.
What
can be done using Air Jack ?
Hackers
can use Air Jack to carry out a denial of service attack on the wireless LAN
How
do hackers carry out this attack ?
All that is required to carry out this attack is a Laptop with Linux OS, wireless
client adapter based on prism II chipset and the Air Jack driver.
Denial of Service Attack Using AirJack
- The attacker first identifies the target - the wireless client and the Access point to which it is associated.
- 802.11
standard specifies that any wireless client in the wireless LAN should not refuse
a de-authentication notification and should remove itself from the WLAN when it gets such a notification.
- Attackers exploit the above vulnerability.
- They get into the WLAN, identify the MAC address of the Access point, spoof
the same and then transmit de-authentication management packets to the clients
connected to that Access point.
- The client thinking that the de-authentication notification has come from the Access point, removes itself from the WLAN.
- The attack
can be targeted on a particular mobile client or on all the mobile clients in
a BSS.
Some
popular tools using Air Jack driver :
- WLAN-Jack
- Essid-Jack
- Monkey-Jack
- Kracker-Jack
What
should the wireless LAN Administrator do ?
Wireless LAN administrators should immediately investigate as to who is running
this tool and why is it being run and should take all actions to immediately
stop it.