I see you have had a sucessfull little outing in a big town.
good work dude
I see you have had a sucessfull little outing in a big town.
good work dude
Great update bro thx
-=<|-|ARLIE=-
Thx for the info Unclex i have a lot of reading to do
-=<|-|ARLIE=-
Ok no probs
thanks - when you have time that would be great
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
http://www.lewrockwell.com/orig/stein8.html
check this
in the US
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
I am going to post this all again because CC has gone.
Wireless acking is going to be the next big thing this year coming up.
Free internet access and other things
I will update with sites and software for all your pleasure,
You may be asking "What is this all about?"
You need a Wireless card (check out the UK site for the type of card you should buy) + Laptop with card slots, download software (we will talk
about this later on) ok if you want to go all out a GPS unit to connect to the software and record the location of the network that maybe next
to you local pub cafe etc. You may also want to fit an external are antenna.
Burners and SWR Meters, It sounds a bit like the old CB radio days.
I will try to add more over the next week.
US
This is the US Top forum, alot more on this one but if you want one closer to home try the next one.
Forum http://forums.netstumbler.com/
Site http://www.netstumbler.com/
Software downloads
http://www.netstumbler.com/download...1&orderby=hitsD
other sites
http://www.bawug.org/
http://www.wi2600.org/mediawhore/nf0/wireless/
UK
This site has just started and is the only UK forum I can find
site http://www.ackers.org.uk/
Another UK site with a good load of photos to get you started
site http://www.free2air.org/
Cards
I like these two both have extenal antenna option, they are the both the same card both by Lucent
Lucent Technologies WaveLAN/IEEE (Orinoco)
Compaq WL110
Software
Network Stumbler
Description: Version 0.3.22 (Most recent stable version)
Supports Windows 2000, XP, 95, 98, Me (not NT 4.0).
Only works on Hermes chipset cards (Orinoco and OEMs) - see the readme in the archive for a detailed list of cards known to work. Does not
work on Prism cards (Linksys, DLink, SMC, Cisco, ...)
GPS no longer locks up when system goes into standby mode.
AirSnort wireless network sniffer
To work AirSnort needs only to be installed on a Linux-operated computer with a wireless network card.
AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring
transmissions, computing the encryption key when enough packets have been gathered. Prism cards are the ones for this
download here
http://sourceforge.net/project/show...elease_id=51074
http://airsnort.sourceforge.net/
Check out the sites and go from there, give some feed back.
Next post
Ok made my first mistake
bought the wrong card
I got it going using a combo of drivers
over 100 WLAN's open with out protection in the drive that i made around town
----------------------------------------------
Well more war driving and more open networks with out WEP installed.
If you are running Linux you can get a program called WEPCRACK, you should be able to crack the WEP with this.
Sorry no windows version at this time.
Looking to post soon a map of a large town in England will loads of open networks, just got to import it into autoroute
-----------------------------------------------
Well still going strong, If you have XP it connects just like that, Oh dear me.
Just thought I would give you all some more info today
Wireless Security
CHECKLIST:
Enable WEP (Wireless Encrypiton Protocol). It will act as a first line of defense. It's free. Nearly all Wi-Fi certified product ships with basic
encryption capabilities. (40-bit key WEP). It's just disabled.
Change the default SSID of your product. Many access points/wireless routers we find have the manufacturer's default SSID. If it still had the
manufacturer's default SSID, that the owner probably hadn't bothered to change the default password,
either.
Don't change the SSID to reflect your company's easily pick-ed off info like names, plants, divisions, or products. If your naming is enticing
enough, it may attract hackers who are willing to put in the additional effort with tools like AirSnort to
break your WEP encryption keys.
Don't change the SSID to your street address. Surprisingly, a large number of SSIDs use the company's street address. It sure does make it
easier to zero in on your location if you broadcast it.
If your access point supports it, disable "broadcast SSID". As you take your access point out of the box, broadcast SSID is enabled which
means that it will accept any SSID. By disabling that feature, the SSID configured in the client must match
the SSID of the access point.
Change the default password on your access point or wireless router. Any real hacker (not script kiddies) knows the manufacturers' default
passwords, and will try them first. Since programs like NetStumbler identify the manufacturer based on the
MAC address, it doesn't take much work to figure out what type of device it is even if you do change the SSID.
Think about locating the access points toward the center of your building rather than near the windows. Plan your coverage to radiate out to
the windows, but not beyond. If the access points are located near the windows, a stronger signal will be
radiated outside your building making it easier for people to find you.
As a network administrator, you should periodically survey your site using a tool like NetStumbler to see if any "rogue" access points pop up. A
department might run out to Fry's, buy a couple of NICs and an AP, and plug it into your corporate
network. Banana peel in the wild spells slippage of your hard work to "harden" your wireless network.
Take a notebook equipped with NetStumbler and an external antenna outside your office building and survey what someone parked in your
parking lot might "see". You're gonna drop you jaw.
Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. If the MAC address of
your NIC isn't in the table of the access point, you won't associate with it. And while it's true that there
are ways of spoofing a MAC address that's been sniffed out of the air, it takes an additional level of sophistication to spoof a MAC address. The
downside of deploying MAC address tables is that if you have a lot of access points, maintaining the
tables in each access point could be time consuming. Some higher-end, enterprise-level access points have mechanisms for updating these
tables across multiple access points of the same brand.
Consider using an additional level of authentication, such as RADIUS, before you permit an association with your access points. While it's not
part of the 802.11b standard, a number of companies are optionally including some provision for
RADIUS authentication. Orinoco access points, for example, can enforce RADIUS authentication of MAC addresses to an external RADIUS
server. Intermec access points include a built-in RADIUS server for up to 128 MAC addresses.
If you're deploying a wireless router, think about assigning static IP addresses for your wireless NICs and turn off DHCP. It's true that it's more
of an administrative overhead to manage, but a number of wireless networks passout IP addresses once
associated with the AP. Although a wireless sniffer could easily pick out IP addresses, by not passing them out, it just adds another barrier. It
makes it tougher for the casual "drive by" to use your network.
If you're using a wireless router and have decided to turn off DHCP, also consider changing the IP subnet. Many wireless routers default to the
192.168.1.0 network and use 192.168.1.1 as the default router.
Don't buy access points or NICs that only support 64-bit WEP. Some low-end products only support 64-bit (40 bit key) WEP, and as you know
by now, even 128-bit WEP is universally considered not very secure. Note that some NICs may
only require a driver upgrade to attain 128-bit WEP capability.
Only purchase access points that have flashable firmware. There are a number of security enhancements that are being developed, and you
want to be sure that you can upgrade your access point.
Some products support additional security features that are either not defined by the 802.11b standard, or not mandated by the standard. For
example Agere Systems' Orinoco access points include a feature called "closed network". This is
proprietary, and not part of the 802.11b standard, but if you're in a corporation and deploying one vendor's solution throughout, it really
wouldn't matter. With Orinoco's closed network, the AP doesn't broadcast the SSID, so someone using
NetStumbler won't see it. The client workstation must be configured with a matching SSID to associate with the AP. The default "ANY"
configuration wouldn't associate with a closed network.
Most people agree that the best method of securing your wireless network is by using a combination of the suggestions above. However, the
most effective strategy would be to put your wireless access points into a DMZ, and have your wireless
users tunnel into your network using a VPN. (See PC Magazine's VPN story titled "Safe Passage".) If your corporation doesn't already have a
VPN infrastructure in place, it's going to cost you some money to implement. Even if you do have a
VPN in place, and all of your clients already have the VPN software, there's going to be an extra effort associated with setting up a VLAN for
your DMZ. But this solution adds a layer of encryption and authentication that could make a wireless
network suitable for sensitive data.
Last edited by unclex; 8th January 2002 at 01:15 PM.
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Just been working hard to keep everyone informed about something I think is going to kick off big this year.
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
I would like to get a copy of that, I am making a presentation to the London meeting in the next few weeks.
i am doing a something like that for some large towns in the UK as a project to show how weak it is in the UK.
As said by [Shipley [Wyatt] [Aaron] [Seric] [Cal] research procject to collect and analyze statics on open 802.11
doing the same
Last edited by unclex; 9th January 2002 at 09:56 AM.
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Another place to try is a high hill top.
Get yourself a high gain directional and point and snifff
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
anonymous surfing - this can be done this way through someones cable or adsl connection.
you have to be carefull!
In XP or Win2K you can get auto connections by switching on the DCHP so the router or server gives you an IP address
The MAC that is on the wireless card can be spoofed or changed to hide your tracks.
For me this is an test and this is not something I would go out and do all the time.
My interest is to see how many are out there in my local area that are open.
connection are very easy to make - go to the links and read the forums.
watch your back though.
Mr Typo stricks again
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
The WEP keys need to be the same in all the units.
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Do you want too, are you sure
If you are running windows, use a Lucent chipset
Compaq WL110 or a wavelan card Gold 128bit silver 56bit
go to www.netstumbler.com
UK site www.ackers.org.uk
www.dabs.com
It does not matter about the make they are all the same channels in IEEE region - if you buy off ebay in the states be carefull
UK has 13 Ch
US has only 11 Ch
Japan has 14 Ch
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Netsumbler from the .com
Just thought I would get you going by posting some software
this works with Lucent chipset cards
Compaq WL110 from www.dabs.com
wavelan silver or gold
get stumberling
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
this one is for people who have prism cards with windows
prism cards do not work with netstumbler
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Still doing it and it still rocks - setting up an long distance test at the weekend , to see if I can hook up into the city area
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Thanks to ackers
Wireless computer networks are often wide open to intruders.
The security features of popular wireless network adapters are switched off by default, and many installers do not bother to turn them on or configure them sensibly.
Driving around the City of London, two security consultants found eight unprotected networks in a quarter of an hour.
The equipment they used - a laptop, an off-the-shelf network card and a piece of software downloadable from the internet - could be acquired for around £1,000.
Open doors
Building on such knowledge to penetrate computer networks would require some technical knowledge and would in most circumstances be illegal, but it would not be very difficult.
Wireless network systems are generally sold with all their security features turned off because this makes them easier to set up.
The idea is that the network installer gets the network up and running, then switches on a scrambling feature which is intended to afford as much security as that enjoyed by a conventional wired network.
And if the installers bother to switch on the security measures, many will use easily guessed passwords and system IDs, or do not change such settings from their defaults.
But all this may be pointless anyway because the security technology at the heart of some of these networks is flawed.
A cracker monitoring even a well-configured network for long enough would be able to break in and masquerade as an insider.
There is one way of making a wireless network much more secure than this, but it is rarely used.
Convenient option
Wireless networks are popular because they connect computers together without the need for running cables and drilling holes in walls. But they can be a headache for people responsible for computer security, sometimes bypassing expensive and carefully maintained firewalls.
Most wireless interface cards on the market employ a system known as Wired Equivalent Privacy (Wep) to provide the user, in theory, with the same level of privacy they would have on a standard, cabled network.
But even if Wep is properly configured, it simply lengthens the period of time an intruder would need to gain access.
A quirk in the way Wep manages the initial stages of conversation over a network leaves it vulnerable to the kind of intruder that has enough time to hang around and listen in on hours or days of network traffic.
Software downloadable from the internet without charge listens in works out the key protecting the network. Once the intruder has the key, the e-mails and documents stored on computers on the network are extremely vulnerable.
Public service?
Basic scanning tools will provide an idea of how many machines are on the compromised network and whether they hold much data. At the moment, few tools are straightforward to install and use.
Often they do not run on Microsoft Windows systems, nor do they come with the kind of installers that make commercial software easier to use.
And many require a fair degree of familiarity with the internals of Unix-based systems - not something the average user has.
The creators of these tools make them available via the internet. They say that having such tools publicly available makes people aware of the problems of wireless networking and helps find a solution.
Some people criticise them, saying that they put into the public arena powerful tools which can be used for good or bad.
Groups of individuals have also published lists of vulnerable networks.
Legal position
Listening to the airwaves to see who has an unsecured wireless network in the area is a passive activity, as is listening in to enough network traffic to gain the key to a secured network.
Provided no-one goes a stage further and tries to use that knowledge to log on to systems without authorisation, it is not clear that such activities fall foul of the law.
Those in the know say network administrators should use scanning tools to identify the weaknesses in their own systems. Then they should use a commonly available system called IPsec to scramble everything that passes across the airwaves.
IPsec is much harder to crack than Wep, so even with the key to a network, the intruder would still be faced with a stream of apparent gibberish which was seriously difficult to decode.
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
New version of Netstumbler out - also a new pocket pc version...
www.netstumbler.com;)
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Still working hard to keep this upto date
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
I had loads of things for you but they did not come up...
this is not mine, but i have one just the same....
I will try to answer some of your questions
London meet PM me
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
soon I am sure
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
Social Networking Bookmarks