Wireless Security Question

I have set up a test wireless network to break into for a school project. The problem is I am pretty new with wireless and don't know where to start. Any suggestions?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

paranoidcookieConnect With a Mentor Commented:
Firstly grab some programs netstumbler sniffs out wireless networks have a look at the forum on to see what it can do http://www.netstumbler.org/
Use something llike this http://www.cr0.net:8040/code/network/
Then play about with the security options, hide the ssid, increase the key length see if it makes it harder to crack your network.
Get a Wireless Access Piont (WAP), with no security enabled, and try to get in.
JoshDaleAuthor Commented:
Ha, funny. The access point I have set up is secure with a shared key. I have to break into it.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

The one to use is networkstumbler to find the broadcasted sids and snort to to decrypt the wep
windows version
You'll have to have both a sniffer and an application to crack the WEP (I assume you're talking WEP) keys. You'll have to generate a fair amount of traffic to get enough weak IV frames. If the firmware on your AP is recent, you may find WEP harder to crack than the Fear Uncertainty and Doubt club advertises.


JoshDaleAuthor Commented:
Yea, these apps make me feel really secure about my wireless network. :o)
Wireless security is about being one step better than the others unless you actually have information which needs protecting on your network most wardrivers will just move on to the next totally unsecured network.
I once tried for a laugh in less than an hour I found 88 wireless networks of which 46 were totally open, guess which ones the average hacker would attack?
Make sure you dont broadcast your ssid, use 128bit of above wep or maybe wpa and youll be safe enough.
Add to this the normal precutions you should take, use strong password on user account and the like.
JoshDaleAuthor Commented:
Yea, driving to work today, I came across about 100 wireless networks, most of them unsecure. I actually started surfing the net at a stop light just for fun :o)
Yeah amusing isnt it
JoshDaleAuthor Commented:
Yup, who needs wireless internet access???
Not broadcasting your SSID is problematic with XP...
Unless you're dealing in fissionable materials MAC filtering and WEP are probably adequate.
WPA, EAP, vendor specific solutions and some common sense (we put our wifi on a DMZ with MAC filtering + WEP and use our VPN over wifi to keep costs down) can help you sleep at night.

I'd be interested in you publishing your results here.
JoshDaleAuthor Commented:
Sure, when I get the chance to. Right now I am in the learning stage. I have one computer behind a WAP and I am trying to access that computer throught the secureity in the WAP. It is hard because the computer will not be broadcasting anything, so I don't really have anything to go by.
Can we go back to your original question.

Do you want to set up the wireless access point to be broken into, as some sort of hack test, or do you want to make it secure.

As a test you might just want to leave it open, but disable DHCP.

Level Easy, you just need a valid IP address.

After that you can play around with disabling the SSID, putting on WEP or WPA on it.

If you're looking at cracking a WEP protected network, then bear in mind that you really need 2 wireless cards, so you can do things like injection attacks.

You don't say which platform you are going to launch the attacks from. Lets say something popular like Linux or OSX :-)

Kismet or *Stumbler, is what you're looking for, for example, for the mac, there is macstumbler.
JoshDaleAuthor Commented:
I am breaking into a secure WAP
WAP as in the mobile phone protocol?
Im led to believe its pretty strong encryption the best way in is to find yourself / or build a mobile phone cell (small ones as used for testing) put it onto the mobile phone network as the phones have to authenticate but the cells do not ergo you can get inside the encryption and sniff all the traffic through your cell. Though this i highly illegal and is therefore not a recommended course of action.
JoshDale:Get same device and try to wind out same weaknessr example Dlink 900AP+ al,ows to users  enter 4 different wep keys but because people are stupit whey fill in only the default key.  
And you should cange only the key index to 3, and setup the default  network key. (many people think that when they enter the first key their AP is secure).

Actually the important is result and not the way. So at first you shoul try to do human engeneeting, and if it doesn't help you should replace the school AP by your own.

Bu the way you should use WildPacket NT to capture WiFi packets from the air. and then convert this packets with ethereal to CAP and you can use linux cracking tools..
Tim HolmanCommented:
Buy this book !  Great reference material and will keep you amused for hours...


Most all of these tools (and many, many more) can be found on the

This is great, because most of the tools are precompiled, and configured, and...you don't have to "install" *anything*.  You simply boot from the CDROM (after you burn the ISO as an image).

There are about 2,000 hacker/cracker/vulnerability testing tools on this distribution.
Here are some other great resources for your wireless vulnerability research:

  Wireless is a layer 2 problem and not a layer 3 problem
  Traditional Layer 3 security controls do not protect against wireless attacks!
• Denial-of-Service
• MAC Spoofing
• SSID broadcast
• WEP insecurities
• Man-in-the-Middle (MITM)
• AP Spoofing
• Wireless to Wireless Attacks

  SSIDsniff - www.bastard.net/~kos/wifi/
  MacStumbler - homepage.mac.com/macstumbler/
  WaveMon - www.jm-music.de/projects.html
  PrismStumbler - prismstumbler.sourceforge.net/
  AirTraf - airtraf.sourceforge.net/
  MogNet - chocobospore.org/mognet/
  AirMagnet - www.airmagnet.com/products.htm
  Isomair - www.isomair.com/products.html
  Air-Jack - 802.11ninja.net/
  AirDefense - www.airdefense.net
  WiFiScanner - sourceforge.net/projects/wifiscanner/
  Knoppix Security Tools Distribution – www.knoppixstd.org
  Ethereal – www.ethereal.com
  Misc wireless stuff - www.packetattack.com/wireless.html
  Cain and Able – www.oxid.it
  Legra Systems – www.legra.com
  YDI – www.ydi.com
  Airfortress Gateway – www.fortresstech.com
  Bluesocket Gateway – www.bluesocket.com
  Vivato Switch – www.vivato.net
  Wireless gear – www.fab-corp.com
  More wireless gear – www.terra-wave.com
  BSD - Airtools - www.dachb0den.com/projects/bsd-airtools.html
  NetStumbler -- www.netstumbler.com/
  Kismet - www.kismetwireless.net/
  Fake AP - www.blackalchemy.to/Projects/fakeap/fakeap.html
  Wellenreiter - www.wellenreiter.net/
  AirSnort - airsnort.shmoo.com/
  WaveStumbler -- www.cqure.net/tools08.html
  AiroPeek - www.wildpackets.com/products/airopeek
  StumbVerter - www.sonar-security.com
  AP Scanner - homepage.mac.com/typexi/Personal1.html
  WEPcrack - wepcrack.sourceforge.net/
  Prism2 - hostap.epitest.fi/
  Netstumbler - www.netstumbler.com
  KisMac – freshmeat.net/projects/kismac
  LeapCrack – www.thc.org
  AsLeap – asleap.sourceforge.net
JoshDaleAuthor Commented:
Thanks for all the help.
WAP = Wireless Access Point
Ok, so for the school project, you've got to break into a secured Wireless Access Point, WAP.

How are you supposed to prove that you did it?

Assuming WEP for the moment is securing the WAP, not WDA, then you are looking at WEP poisoning or wep injection attacks.

Either way, you're going to have to see traffic on that WAP to do that.

Otherwise it's crack the key time.

JoshDaleAuthor Commented:
Yea, I just have to show how I did it.
I used to go on my school network, I was not suppost to,
If you cant see the wireless network's name through net stumbler or windows then you have to be waiting with your wireless card enabled seeing a unname wireless network, a teacher goes on to the network and you are on, easily

If it has encription it can be cracked.
If it uses mac address security there is not much point in trying.
Try to find out the brand and model of it and seatch for any problems with it
In theory even with mac level security you could capture a MAC address then if your wireless card supports (many do) it change it  MAC address
JoshDaleAuthor Commented:
Sorry guys for the lack of updates. I asked my teach if this would fly for a project and he told me he would rather I did something else... so it never got done, mabe something to play around over the summer.

I have been messing around with packet sniffing (the computer kind, not the white stuff ;o)) using ethereal. Anyway, I don't know who to give the points to, so I am going to give them to the most active participants. Thanks for the help all.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.