Solved

Wireless Security Question

Posted on 2004-09-09
25
316 Views
Last Modified: 2010-05-18
I have set up a test wireless network to break into for a school project. The problem is I am pretty new with wireless and don't know where to start. Any suggestions?
0
Comment
Question by:JoshDale
  • 9
  • 5
  • 2
  • +7
25 Comments
 
LVL 3

Expert Comment

by:Tonie16
ID: 12017067
Get a Wireless Access Piont (WAP), with no security enabled, and try to get in.
0
 

Author Comment

by:JoshDale
ID: 12017184
Ha, funny. The access point I have set up is secure with a shared key. I have to break into it.
0
 
LVL 5

Accepted Solution

by:
paranoidcookie earned 500 total points
ID: 12017598
Firstly grab some programs netstumbler sniffs out wireless networks have a look at the forum on to see what it can do http://www.netstumbler.org/
Use something llike this http://www.cr0.net:8040/code/network/
Then play about with the security options, hide the ssid, increase the key length see if it makes it harder to crack your network.
0
 
LVL 8

Expert Comment

by:anil_u
ID: 12017709
The one to use is networkstumbler to find the broadcasted sids and snort to to decrypt the wep
http://www.snort.org/
windows version
http://www.datanerds.net/~mike/snort.html
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 12019458
You'll have to have both a sniffer and an application to crack the WEP (I assume you're talking WEP) keys. You'll have to generate a fair amount of traffic to get enough weak IV frames. If the firmware on your AP is recent, you may find WEP harder to crack than the Fear Uncertainty and Doubt club advertises.

http://wepcrack.sourceforge.net/

0
 

Author Comment

by:JoshDale
ID: 12020192
Yea, these apps make me feel really secure about my wireless network. :o)
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12020296
Wireless security is about being one step better than the others unless you actually have information which needs protecting on your network most wardrivers will just move on to the next totally unsecured network.
I once tried for a laugh in less than an hour I found 88 wireless networks of which 46 were totally open, guess which ones the average hacker would attack?
Make sure you dont broadcast your ssid, use 128bit of above wep or maybe wpa and youll be safe enough.
Add to this the normal precutions you should take, use strong password on user account and the like.
0
 

Author Comment

by:JoshDale
ID: 12020380
Yea, driving to work today, I came across about 100 wireless networks, most of them unsecure. I actually started surfing the net at a stop light just for fun :o)
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12020576
Yeah amusing isnt it
0
 

Author Comment

by:JoshDale
ID: 12020590
Yup, who needs wireless internet access???
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 12022309
Not broadcasting your SSID is problematic with XP...
Unless you're dealing in fissionable materials MAC filtering and WEP are probably adequate.
WPA, EAP, vendor specific solutions and some common sense (we put our wifi on a DMZ with MAC filtering + WEP and use our VPN over wifi to keep costs down) can help you sleep at night.

I'd be interested in you publishing your results here.
0
 

Author Comment

by:JoshDale
ID: 12022332
Sure, when I get the chance to. Right now I am in the learning stage. I have one computer behind a WAP and I am trying to access that computer throught the secureity in the WAP. It is hard because the computer will not be broadcasting anything, so I don't really have anything to go by.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:Scorp888
ID: 12022685
Can we go back to your original question.

Do you want to set up the wireless access point to be broken into, as some sort of hack test, or do you want to make it secure.

As a test you might just want to leave it open, but disable DHCP.

Level Easy, you just need a valid IP address.

After that you can play around with disabling the SSID, putting on WEP or WPA on it.

If you're looking at cracking a WEP protected network, then bear in mind that you really need 2 wireless cards, so you can do things like injection attacks.

You don't say which platform you are going to launch the attacks from. Lets say something popular like Linux or OSX :-)

Kismet or *Stumbler, is what you're looking for, for example, for the mac, there is macstumbler.
0
 

Author Comment

by:JoshDale
ID: 12023705
I am breaking into a secure WAP
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12024429
WAP as in the mobile phone protocol?
Im led to believe its pretty strong encryption the best way in is to find yourself / or build a mobile phone cell (small ones as used for testing) put it onto the mobile phone network as the phones have to authenticate but the cells do not ergo you can get inside the encryption and sniff all the traffic through your cell. Though this i highly illegal and is therefore not a recommended course of action.
0
 
LVL 10

Expert Comment

by:winzig
ID: 12025218
JoshDale:Get same device and try to wind out same weaknessr example Dlink 900AP+ al,ows to users  enter 4 different wep keys but because people are stupit whey fill in only the default key.  
And you should cange only the key index to 3, and setup the default  network key. (many people think that when they enter the first key their AP is secure).

Actually the important is result and not the way. So at first you shoul try to do human engeneeting, and if it doesn't help you should replace the school AP by your own.

Bu the way you should use WildPacket NT to capture WiFi packets from the air. and then convert this packets with ethereal to CAP and you can use linux cracking tools..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12027636
Buy this book !  Great reference material and will keep you amused for hours...

http://www.amazon.com/exec/obidos/tg/detail/-/0596005598/104-7706747-2059918?v=glance

0
 

Expert Comment

by:rekyrts
ID: 12027828
Most all of these tools (and many, many more) can be found on the
http://www.knoppix-std.org/

This is great, because most of the tools are precompiled, and configured, and...you don't have to "install" *anything*.  You simply boot from the CDROM (after you burn the ISO as an image).

There are about 2,000 hacker/cracker/vulnerability testing tools on this distribution.
0
 

Expert Comment

by:rekyrts
ID: 12028016
Here are some other great resources for your wireless vulnerability research:

  Wireless is a layer 2 problem and not a layer 3 problem
  Traditional Layer 3 security controls do not protect against wireless attacks!
• Denial-of-Service
• MAC Spoofing
• SSID broadcast
• WEP insecurities
• Man-in-the-Middle (MITM)
• AP Spoofing
• Wireless to Wireless Attacks

  SSIDsniff - www.bastard.net/~kos/wifi/
  MacStumbler - homepage.mac.com/macstumbler/
  WaveMon - www.jm-music.de/projects.html
  PrismStumbler - prismstumbler.sourceforge.net/
  AirTraf - airtraf.sourceforge.net/
  MogNet - chocobospore.org/mognet/
  AirMagnet - www.airmagnet.com/products.htm
  Isomair - www.isomair.com/products.html
  Air-Jack - 802.11ninja.net/
  AirDefense - www.airdefense.net
  WiFiScanner - sourceforge.net/projects/wifiscanner/
  Knoppix Security Tools Distribution – www.knoppixstd.org
  Ethereal – www.ethereal.com
  Misc wireless stuff - www.packetattack.com/wireless.html
  Cain and Able – www.oxid.it
  Legra Systems – www.legra.com
  YDI – www.ydi.com
  Airfortress Gateway – www.fortresstech.com
  Bluesocket Gateway – www.bluesocket.com
  Vivato Switch – www.vivato.net
  Wireless gear – www.fab-corp.com
  More wireless gear – www.terra-wave.com
  BSD - Airtools - www.dachb0den.com/projects/bsd-airtools.html
  NetStumbler -- www.netstumbler.com/
  Kismet - www.kismetwireless.net/
  Fake AP - www.blackalchemy.to/Projects/fakeap/fakeap.html
  Wellenreiter - www.wellenreiter.net/
  AirSnort - airsnort.shmoo.com/
  WaveStumbler -- www.cqure.net/tools08.html
  AiroPeek - www.wildpackets.com/products/airopeek
  StumbVerter - www.sonar-security.com
  AP Scanner - homepage.mac.com/typexi/Personal1.html
  WEPcrack - wepcrack.sourceforge.net/
  Prism2 - hostap.epitest.fi/
  Netstumbler - www.netstumbler.com
  KisMac – freshmeat.net/projects/kismac
  LeapCrack – www.thc.org
  AsLeap – asleap.sourceforge.net
0
 

Author Comment

by:JoshDale
ID: 12028163
Thanks for all the help.
WAP = Wireless Access Point
0
 
LVL 2

Expert Comment

by:Scorp888
ID: 12052843
Ok, so for the school project, you've got to break into a secured Wireless Access Point, WAP.

How are you supposed to prove that you did it?

Assuming WEP for the moment is securing the WAP, not WDA, then you are looking at WEP poisoning or wep injection attacks.

Either way, you're going to have to see traffic on that WAP to do that.

Otherwise it's crack the key time.

0
 

Author Comment

by:JoshDale
ID: 12055058
Yea, I just have to show how I did it.
0
 
LVL 2

Expert Comment

by:adam1213
ID: 12081691
I used to go on my school network, I was not suppost to,
If you cant see the wireless network's name through net stumbler or windows then you have to be waiting with your wireless card enabled seeing a unname wireless network, a teacher goes on to the network and you are on, easily

If it has encription it can be cracked.
If it uses mac address security there is not much point in trying.
Try to find out the brand and model of it and seatch for any problems with it
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12082223
In theory even with mac level security you could capture a MAC address then if your wireless card supports (many do) it change it  MAC address
0
 

Author Comment

by:JoshDale
ID: 12727661
Sorry guys for the lack of updates. I asked my teach if this would fly for a project and he told me he would rather I did something else... so it never got done, mabe something to play around over the summer.

I have been messing around with packet sniffing (the computer kind, not the white stuff ;o)) using ethereal. Anyway, I don't know who to give the points to, so I am going to give them to the most active participants. Thanks for the help all.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now