options for MAC address filtering. 0 means "accept unless in deny List" Macaddr_acl=0 #setting Ignore_broadcast_ssid to 1 would disable the broadcasting of SS ID ignore_broadcast_ssid=0 #Sets Authentication algorithm #1-only Open system authentication #2-both Open System authe Ntication and shared key authentication Auth_algs=1 #Sets WPA and WPA2 authentication##### #wpa option Sets which WPA Implementation to use #1-WPA only #2-
step, you need to address the problem of wireless transmission-specific vulnerabilities, such as the need to select a Non-default network name (SSID) to prevent accidental intrusion, and to circumvent RF interference by dynamic frequency selection (frequency selection). At the same time, you can also take steps to prevent public access points from being physically disturbed (for example, removing cables, resetting to default settings).
5. Ensure transmission safety
The current access point su
Document directory
In ubuntu, how does one obtain hostapd?
How to Use hostapd
In ubuntu or other similar Linux systems, hostapd can be used to achieve WiFi Wireless Access hotspot (AP)To provide wireless Internet access to other devices, such as laptops and mobile phones. That is, the wireless routing function.What is hostapd?Hostapd is a daemon of user controls used for wireless access points (AP) and Authentication servers (Authentication servers ).She implements AP management for, ieee8
expected to be the current forced standard CCMP anti-pattern Protocol for verification Code with a password Block link, Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) plus this Protocol. Both protocols can be used with Advanced Encryption Standard (AES), but the new GCMP is more efficient and supports ultra-high transmission speeds. According to RFC 5288, GCMP can efficiently achieve transmission speeds of over 10 Gbps
encrypt.Wificonfiguration.keymgmt get used with KEYMGMT.Wificonfiguration.pairwisecipher gets the encryption using WPA mode.Wificonfiguration.protocol gets which protocol is used for encryption.Wificonfiguration.status gets the status of the current network.For those who are interested in encryption, you can search for relevant content on the Internet.To set the properties of a wificonfiguration:Wificonfiguration.authalgorthm set the encryption method.Optional parameters: Leap only for Leap,OPE
obtained.You can compare it with our wired equipment.The data here is relatively complex.Six sub-classesWificonfiguration.authalgorthm is used to infer encryption methods.Wificonfiguration.groupcipher Gets the method that uses Groupcipher to encrypt.Wificonfiguration.keymgmt get used with KEYMGMT.Wificonfiguration.pairwisecipher gets the encryption using WPA mode.Wificonfiguration.protocol gets which protocol is used for encryption.Wificonfiguration.status gets the status of the current network
WiFi Wireless access hotspot (AP) is available on Ubuntu systems or other similar Linux systems using HOSTAPD
In order to provide other wireless access to the network of equipment, such as notebooks, mobile phones to achieve wireless internet function. It is also the function of no line.
What is HOSTAPD
HOSTAPD is the user control's daemon for wireless access points (APs) and authorization servers (authentication servers).
She implements IEEE802.11 AP management, ieee802.1x/wpa/
ensures the security of wireless devices including 802.11b, 802.11a, and 802.11g. This is because WPA uses new encryption algorithms and user authentication mechanisms to meet WLAN security requirements. WPA follows the basic principles of WEP and overcomes the disadvantages of WEP. Because of the enhanced Algorithm for generating encryption keys, even if hackers collect and parse group information, they can hardly calculate General keys, which solves the disadvantages of WEP. However, WPA cann
wireless networkFor wireless networks with WPA2-PSK encryption enabled, the attack and decryption steps and tools are exactly the same, unlike the WPA CCMP PSK, which is indicated on the interface using Airodump-ng for wireless detection. As shown in 32.Figure 32When we use Aireplay-ng for Deauth attacks, we can also obtain a WPA handshake packet and hints, as shown in 33.Figure 33Similarly, using aircrack
Key management functions, such as associated requests and 802.1x, are also done on AC. This shows that authentication, Authorization, and Accounting (AAA) are also on AC.The control modules of the IEEE802.11 are all done on AC, and the real-time scheduling and queuing functions are done on the WTP. Note that this does not mean that AC does not provide additional policy and scheduling functionsUse 802.1X end user authentication and advanced encryption Standard-counter mode with CBC-MAC Protocol
wireless route. because most of them are encrypted by WPA and wpa2, The wpa_supplicant tool is used.
Create a wireless network card running directory on the Development Board terminal:
Mkdir-P/var/run/wpa_supplicant
Create the/etc/wpa_supplicant file. The file content is as follows. The SSID is the network name and the PSK is the password.
Ctrl_interface =/var/run/wpa_supplicant
Network = {
SSID = "AAA 001"
Scan_ssid = 1
Key_mgmt = WPA-EAP WPA-PSK i
, the default is generally only nl80211, other drivers may need to self-compile and load
Ssid=my_ap # The SSID of the WLAN, which is the name seen on the client
HW_MODE=G # Wireless Card working mode, here Select 802.11g
CHANNEL=7 # Communication channel of wireless card
wpa=2 # using WPA2 encryption
Wpa_passphrase=password # AP Authentication Password
Wpa_key_mgmt=wpa-psk
wpa_pairwise=ccmp
of parameters
Save_config
Save_c
Saves the configuration
Set the basic network format: set_network
Basic Format for displaying network information: get_network
The following table lists the corresponding parameters:
Key
Description
Parameters
SSID
Access Point name
String
Id_str
String identifying the network
String
Priority
Connection priority over other APs
Number (0 being the default low priority)
Saves the configuration
Set the basic network format: set_network
Basic Format for displaying network information: get_network
The following table lists the corresponding parameters:
Key
Description
Parameters
SSID
Access Point name
String
Id_str
String identifying the network
String
Priority
Connection priority over other APs
Number (0 being the default low priority)
Bssid
MAC address of the Access Point
MAC
further implemented.
Low-cost Wi-Fi man-in-the-middle attack practices
1. OPEN Wi-FiIn Linux (dual-wireless network card), use hostapd and dhcpd software to build forged access points. The attacker first uses wireless network interface card 1 to connect to a valid access point, and then configures the SSID of hostapd to be the same as that of a valid access point. Then, the attacker enables wireless network interface card 2 to the access point mode. When the attacker is close to the victim, the
vulnerability specific to wireless transmission. For example, you need to select a non-default network name SSID to prevent accidental intrusion, dynamic frequency selection is used to avoid RF interference. At the same time, you can also take measures to prevent physical interference to access points in public, such as removing cables and resetting them to the default setting ).
5. Ensure Transmission Security
The current access points all support WPA2
Third, the transmission Process concept subdivision(a), encryption algorithm analysis1. WEP1) wep:wired equivalent Privacy2) presented with the 802.11 standard3) RC4 Encryption algorithm4) 2 Types of strength: 40bits and 104bits5) initialization vector (IV) = Bits6) Wep2:128bit2. WPA1) WPA: ieee802.11i standard for draft2) 128bits RC encryption algorithm3) Use one password per data frame4) TKIP Dynamic Password Management protocol3, WPA21) WPA2: the f
addresses of other routing gateways in the LAN.
2 install hostapd
Use hostapd in Linux to establish a Wireless AP ServiceRun the following command to install hostapd:
sudo apt-get install hostapd
Edit the default hostapd configuration file
sudo nano /etc/default/hostapd
Find
# DAEMON_CONF = ""Modify as follows:
DAEMON_CONF = "/etc/hostapd. conf"Edit the hostapd configuration file
sudo nano /etc/hostapd/hostapd.conf
Add the following content
# Use the wireless network adapter wlan0 as the Acc
802.11 introduction to the standardIEEE 802.11 is a common standard for today's wireless LANs and is the standard for wireless network communications defined by the International Institute of Electrical Engineering (IEEE).It defines the media access control layer (MAC layer) and the physical layer. The physical layer defines two types of spread-spectrum modulation and an infrared transmission on the 2.4GHz ISM band, and the total data transfer rate is designed to be 2mbit/s. Both devices can bui
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.