Airsnarf Attack
WiFi Manager
raises this alarm when it detects that Airsnarf tool is in use.
What is Airsnarf ?
Airsnarf is a
rogue Access point setup utility. It was designed to demonstrate
how a rogue AP can steal usernames and passwords from public wireless
hotspots. Airsnarf was developed and released to demonstrate an
inherent vulnerability of public 802.11b hotspots-snarfing usernames
and passwords by confusing users with DNS and HTTP redirects from a
competing AP.
How does this attack work ?
This is how the
tool works -
- This tool
helps create a competing hotspot with a captive portal.
- All the
variables like the local network, gateway, SSID to assume can be
configured very easily using the configuration files.
- Wireless
clients that gets associated to this tool will get their IP, DNS,
gateway and other details from the tool as configured, as is the case
with any other hotspot.
- Wireless
clients will have all their DNS queries resolve to the IP address of
the box running Airsnarf tool regardless of their DNS settings.
So, any website they attempt to visit will bring up the Airsnarf
"splash page" requesting the username and password.
- If the users
enter the username and password, the same will be mailed to the
attacker who can exploit the same.
What can be the impact of this attack ?
The usernames and passwords obtained from the legitimate user
can be misused at any of the hotspot of the same service provider
leaving the original duped user to pay the bill.
What should the
WLAN Administrator do ?
- WLAN administrators at hotspot should consider providing strong
authentication mechanism.