Ad-Hoc Connection Attack


Ad-Hoc Connection attacks are very nasty type of attacks, where the attacker (malicious user) is using a 3rd party legitimate user as an additional hop or man-in-the-middle between attacker's device and AP or other type of gateways.

Ad-Hoc wireless network feature, required to be working on "device-in-the middle", can be configured on both Windows or Linux device, and it allows to setup ad-hoc (peer-to-peer) wireless link between client devices (without any additional network infrastructure like AP). Behind the scenes, what you actually do, is that you create virtual software AP on your PC and the other device is associating with the SSID you have created (effectively making wireless link).

When using Linux, you may use the tool called "airbase-ng" described earlier in this chapter. On the other hand, when using Windows, the WLAN may be created in a wireless network settings using "configure new connection or new network".

The following situation would describe an ad-hoc attack. Let's imagine the attacker may be any of the Computer number 2, 3 or 4. The victim (man-in-the-middle) would be Computer 1. This laptop would be the one running and serving wireless connectivity to the surroundings, and will have other interface connected to the wired network to access the internet.

Ad-hoc Attack

Attackers may connect to the WLAN broadcasted by Computer 1 and then, use it to route all the traffic to the internet via this victim PC. From the internet point of view, it would look like it is Computer 1 originating the traffic! Wireless links from Computer 1 to all the attackers do not have to be a Wi-Fi connection - it may be a Bluetooth or any other type of wireless technology supported by all the parties that attempt to communicate with each other.