I am going to post this all again because CC has gone.
Wireless acking is going to be the next big thing this year coming up.
Free internet access and other things
I will update with sites and software for all your pleasure,
You may be asking "What is this all about?"
You need a Wireless card (check out the UK site for the type of card you should buy) + Laptop with card slots, download software (we will talk
about this later on) ok if you want to go all out a GPS unit to connect to the software and record the location of the network that maybe next
to you local pub cafe etc. You may also want to fit an external are antenna.
Burners and SWR Meters, It sounds a bit like the old CB radio days.
I will try to add more over the next week.
US
This is the US Top forum, alot more on this one but if you want one closer to home try the next one.
Forum http://forums.netstumbler.com/
Site http://www.netstumbler.com/
Software downloads
http://www.netstumbler.com/download...1&orderby=hitsD
other sites
http://www.bawug.org/
http://www.wi2600.org/mediawhore/nf0/wireless/
UK
This site has just started and is the only UK forum I can find
site http://www.ackers.org.uk/
Another UK site with a good load of photos to get you started
site http://www.free2air.org/
Cards
I like these two both have extenal antenna option, they are the both the same card both by Lucent
Lucent Technologies WaveLAN/IEEE (Orinoco)
Compaq WL110
Software
Network Stumbler
Description: Version 0.3.22 (Most recent stable version)
Supports Windows 2000, XP, 95, 98, Me (not NT 4.0).
Only works on Hermes chipset cards (Orinoco and OEMs) - see the readme in the archive for a detailed list of cards known to work. Does not
work on Prism cards (Linksys, DLink, SMC, Cisco, ...)
GPS no longer locks up when system goes into standby mode.
AirSnort wireless network sniffer
To work AirSnort needs only to be installed on a Linux-operated computer with a wireless network card.
AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring
transmissions, computing the encryption key when enough packets have been gathered. Prism cards are the ones for this
download here
http://sourceforge.net/project/show...elease_id=51074
http://airsnort.sourceforge.net/
Check out the sites and go from there, give some feed back.
Next post
Ok made my first mistake
bought the wrong card
I got it going using a combo of drivers
over 100 WLAN's open with out protection in the drive that i made around town
----------------------------------------------
Well more war driving and more open networks with out WEP installed.
If you are running Linux you can get a program called WEPCRACK, you should be able to crack the WEP with this.
Sorry no windows version at this time.
Looking to post soon a map of a large town in England will loads of open networks, just got to import it into autoroute
-----------------------------------------------
Well still going strong, If you have XP it connects just like that, Oh dear me.
Just thought I would give you all some more info today
Wireless Security
CHECKLIST:
Enable WEP (Wireless Encrypiton Protocol). It will act as a first line of defense. It's free. Nearly all Wi-Fi certified product ships with basic
encryption capabilities. (40-bit key WEP). It's just disabled.
Change the default SSID of your product. Many access points/wireless routers we find have the manufacturer's default SSID. If it still had the
manufacturer's default SSID, that the owner probably hadn't bothered to change the default password,
either.
Don't change the SSID to reflect your company's easily pick-ed off info like names, plants, divisions, or products. If your naming is enticing
enough, it may attract hackers who are willing to put in the additional effort with tools like AirSnort to
break your WEP encryption keys.
Don't change the SSID to your street address. Surprisingly, a large number of SSIDs use the company's street address. It sure does make it
easier to zero in on your location if you broadcast it.
If your access point supports it, disable "broadcast SSID". As you take your access point out of the box, broadcast SSID is enabled which
means that it will accept any SSID. By disabling that feature, the SSID configured in the client must match
the SSID of the access point.
Change the default password on your access point or wireless router. Any real hacker (not script kiddies) knows the manufacturers' default
passwords, and will try them first. Since programs like NetStumbler identify the manufacturer based on the
MAC address, it doesn't take much work to figure out what type of device it is even if you do change the SSID.
Think about locating the access points toward the center of your building rather than near the windows. Plan your coverage to radiate out to
the windows, but not beyond. If the access points are located near the windows, a stronger signal will be
radiated outside your building making it easier for people to find you.
As a network administrator, you should periodically survey your site using a tool like NetStumbler to see if any "rogue" access points pop up. A
department might run out to Fry's, buy a couple of NICs and an AP, and plug it into your corporate
network. Banana peel in the wild spells slippage of your hard work to "harden" your wireless network.
Take a notebook equipped with NetStumbler and an external antenna outside your office building and survey what someone parked in your
parking lot might "see". You're gonna drop you jaw.
Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. If the MAC address of
your NIC isn't in the table of the access point, you won't associate with it. And while it's true that there
are ways of spoofing a MAC address that's been sniffed out of the air, it takes an additional level of sophistication to spoof a MAC address. The
downside of deploying MAC address tables is that if you have a lot of access points, maintaining the
tables in each access point could be time consuming. Some higher-end, enterprise-level access points have mechanisms for updating these
tables across multiple access points of the same brand.
Consider using an additional level of authentication, such as RADIUS, before you permit an association with your access points. While it's not
part of the 802.11b standard, a number of companies are optionally including some provision for
RADIUS authentication. Orinoco access points, for example, can enforce RADIUS authentication of MAC addresses to an external RADIUS
server. Intermec access points include a built-in RADIUS server for up to 128 MAC addresses.
If you're deploying a wireless router, think about assigning static IP addresses for your wireless NICs and turn off DHCP. It's true that it's more
of an administrative overhead to manage, but a number of wireless networks passout IP addresses once
associated with the AP. Although a wireless sniffer could easily pick out IP addresses, by not passing them out, it just adds another barrier. It
makes it tougher for the casual "drive by" to use your network.
If you're using a wireless router and have decided to turn off DHCP, also consider changing the IP subnet. Many wireless routers default to the
192.168.1.0 network and use 192.168.1.1 as the default router.
Don't buy access points or NICs that only support 64-bit WEP. Some low-end products only support 64-bit (40 bit key) WEP, and as you know
by now, even 128-bit WEP is universally considered not very secure. Note that some NICs may
only require a driver upgrade to attain 128-bit WEP capability.
Only purchase access points that have flashable firmware. There are a number of security enhancements that are being developed, and you
want to be sure that you can upgrade your access point.
Some products support additional security features that are either not defined by the 802.11b standard, or not mandated by the standard. For
example Agere Systems' Orinoco access points include a feature called "closed network". This is
proprietary, and not part of the 802.11b standard, but if you're in a corporation and deploying one vendor's solution throughout, it really
wouldn't matter. With Orinoco's closed network, the AP doesn't broadcast the SSID, so someone using
NetStumbler won't see it. The client workstation must be configured with a matching SSID to associate with the AP. The default "ANY"
configuration wouldn't associate with a closed network.
Most people agree that the best method of securing your wireless network is by using a combination of the suggestions above. However, the
most effective strategy would be to put your wireless access points into a DMZ, and have your wireless
users tunnel into your network using a VPN. (See PC Magazine's VPN story titled "Safe Passage".) If your corporation doesn't already have a
VPN infrastructure in place, it's going to cost you some money to implement. Even if you do have a
VPN in place, and all of your clients already have the VPN software, there's going to be an extra effort associated with setting up a VLAN for
your DMZ. But this solution adds a layer of encryption and authentication that could make a wireless
network suitable for sensitive data.
Social Networking Bookmarks