Index

C

CAs (certificate authorities), 237-238

CACE technologies, 117

Cache, Johnny, 358

Cain & Abel for Windows, 271

California Security Breach Information Act (CA1386), 9

cantennas, 119

captive portals, 200

cards

wired, 95-96

wireless, 95-96, 104-106

carwhisperer, 325

case studies

BuzzCorp, 2

PriorApproval, 256-260

riding insecure airwaves, 52

case study, Bluetooth attack, 292-330

autorooting Bluetooth, 326-329

Blue-driving equipment, 292-301

InqTana worm, 306-316

scanning and enumerating Bluetooth, 301-306

spoofing Bluetooth devices, 316-326

CBC-MAC (Cipher Block Chaining Message Authentication Check), 88

CCK (complementary code keying), 30

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

802.1X standard and, 68

counter mode and, 68

key hierarchy and, 84

PN and, 88

CDMA (Code Division Multiple Access), 10, 33, 35

Cellular Message Encryption Algorithm (CMEA), 10

Centrino chipsets, 103-104

certificate authorities (CAs), 237-238

certificate signing requests (CSR), 239

certificate validation failure attacks against PEAP/EAP-TTLS, 217-219

CF_CHARSET_PATH exploit, 327

Challenge Handshake Authentication Protocol (CHAP), 69-70

channel numbers

802.11a, 46

802.11b, 48

CHAP (Challenge Handshake Authentication Protocol), 69-70

chipsets

basics of, 101-104

families of, 106

ChopChop attacks, 188

Cipher Block Chaining Message Authentication Check (CBC-MAC), 88

ciphertext, 185

Cisco

Aironet cards (802.11b), 102

.cisco Kismet file, 151

L2TP, 233

LEAP authentication technique, 230

pre-WPA LEAP, 184

public secure packet forwarding, 283

class 1 dongle, 304

clear channel assessments, 100

Clear to Send control packets. See CTS

cleartext networks, open, 284

client attacks, 274-285

countermeasure hack, 285

countermeasures, 283-285

DoS attacks, 285

identifying hotspot clients, 264-267

Web sites on, 286

sniffing hotspots, 274-275

vulnerabilities, exploiting, 276-283

clients.conf (FreeRADIUS), 241

cloaked mode, 96-97, 168. See also security

closed mode, 96-97

CMEA (Cellular Message Encryption Algorithm), 10

Code Division Multiple Access (CDMA), 10, 33, 35

color in Wireshark, 165-166

communications systems, RF, 14-16

complementary code keying (CCK), 30

confidentiality in 802.11i, 84-87

connector types and vendors, 119-120

constellation diagrams, 28-29

contention based mode, 55

contention free mode, 55

control packets, 61-62

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. See CCMP

countermeasures

active scanning, 96-97

for Bluetooth attacks, 330

for brute-forcing WEP keys, 177

for client attacks, hotspots, 283-285

for deauthenticating users, 171

device driver vulnerabilities and, 357-358

fingerprinting device drivers, 358

MAC filters, avoidance countermeasures, 173

Michael countermeasures attack, 197-198

passive scanning, 97

for tunneling attacks, 270

cowpatty

cracking WPA-PSK with, 209-210

creating hash tables with, 210-211

cracking

defeating hardware-accelerated

WEP, 175-176

hardware-accelerated WPA, 210-211

WPA-PSK with cowpatty, 209-210

CSR (certificate signing requests), 239

.csv Kismet file, 151

CTS (clear to send)

attacks with pcap2air, 197

RTS/CTS packets and MAC hidden node problem, 58-61

current, 21

cygwin package, 282