Close

Results 1 to 20 of 56

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #6
    DF VIP Member
    unclex's Avatar
    Join Date
    Nov 2000
    Location
    MARS
    Posts
    2,070
    Thanks
    18
    Thanked:        38
    Karma Level
    401

    Default Wireless Acking or War Driving

    I am going to post this all again because CC has gone.


    Wireless acking is going to be the next big thing this year coming up.

    Free internet access and other things

    I will update with sites and software for all your pleasure,

    You may be asking "What is this all about?"

    You need a Wireless card (check out the UK site for the type of card you should buy) + Laptop with card slots, download software (we will talk
    about this later on) ok if you want to go all out a GPS unit to connect to the software and record the location of the network that maybe next
    to you local pub cafe etc. You may also want to fit an external are antenna.

    Burners and SWR Meters, It sounds a bit like the old CB radio days.

    I will try to add more over the next week.

    US
    This is the US Top forum, alot more on this one but if you want one closer to home try the next one.
    Forum http://forums.netstumbler.com/
    Site http://www.netstumbler.com/
    Software downloads

    http://www.netstumbler.com/download...1&orderby=hitsD

    other sites
    http://www.bawug.org/

    http://www.wi2600.org/mediawhore/nf0/wireless/



    UK
    This site has just started and is the only UK forum I can find
    site http://www.ackers.org.uk/

    Another UK site with a good load of photos to get you started
    site http://www.free2air.org/

    Cards
    I like these two both have extenal antenna option, they are the both the same card both by Lucent
    Lucent Technologies WaveLAN/IEEE (Orinoco)
    Compaq WL110

    Software

    Network Stumbler
    Description: Version 0.3.22 (Most recent stable version)

    Supports Windows 2000, XP, 95, 98, Me (not NT 4.0).
    Only works on Hermes chipset cards (Orinoco and OEMs) - see the readme in the archive for a detailed list of cards known to work. Does not
    work on Prism cards (Linksys, DLink, SMC, Cisco, ...)
    GPS no longer locks up when system goes into standby mode.

    AirSnort wireless network sniffer
    To work AirSnort needs only to be installed on a Linux-operated computer with a wireless network card.

    AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring
    transmissions, computing the encryption key when enough packets have been gathered. Prism cards are the ones for this

    download here

    http://sourceforge.net/project/show...elease_id=51074


    http://airsnort.sourceforge.net/


    Check out the sites and go from there, give some feed back.



    Next post

    Ok made my first mistake

    bought the wrong card


    I got it going using a combo of drivers

    over 100 WLAN's open with out protection in the drive that i made around town


    ----------------------------------------------


    Well more war driving and more open networks with out WEP installed.

    If you are running Linux you can get a program called WEPCRACK, you should be able to crack the WEP with this.

    Sorry no windows version at this time.

    Looking to post soon a map of a large town in England will loads of open networks, just got to import it into autoroute


    -----------------------------------------------

    Well still going strong, If you have XP it connects just like that, Oh dear me.

    Just thought I would give you all some more info today



    Wireless Security

    CHECKLIST:

    Enable WEP (Wireless Encrypiton Protocol). It will act as a first line of defense. It's free. Nearly all Wi-Fi certified product ships with basic
    encryption capabilities. (40-bit key WEP). It's just disabled.


    Change the default SSID of your product. Many access points/wireless routers we find have the manufacturer's default SSID. If it still had the
    manufacturer's default SSID, that the owner probably hadn't bothered to change the default password,
    either.


    Don't change the SSID to reflect your company's easily pick-ed off info like names, plants, divisions, or products. If your naming is enticing
    enough, it may attract hackers who are willing to put in the additional effort with tools like AirSnort to
    break your WEP encryption keys.


    Don't change the SSID to your street address. Surprisingly, a large number of SSIDs use the company's street address. It sure does make it
    easier to zero in on your location if you broadcast it.


    If your access point supports it, disable "broadcast SSID". As you take your access point out of the box, broadcast SSID is enabled which
    means that it will accept any SSID. By disabling that feature, the SSID configured in the client must match
    the SSID of the access point.


    Change the default password on your access point or wireless router. Any real hacker (not script kiddies) knows the manufacturers' default
    passwords, and will try them first. Since programs like NetStumbler identify the manufacturer based on the
    MAC address, it doesn't take much work to figure out what type of device it is even if you do change the SSID.


    Think about locating the access points toward the center of your building rather than near the windows. Plan your coverage to radiate out to
    the windows, but not beyond. If the access points are located near the windows, a stronger signal will be
    radiated outside your building making it easier for people to find you.


    As a network administrator, you should periodically survey your site using a tool like NetStumbler to see if any "rogue" access points pop up. A
    department might run out to Fry's, buy a couple of NICs and an AP, and plug it into your corporate
    network. Banana peel in the wild spells slippage of your hard work to "harden" your wireless network.


    Take a notebook equipped with NetStumbler and an external antenna outside your office building and survey what someone parked in your
    parking lot might "see". You're gonna drop you jaw.


    Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. If the MAC address of
    your NIC isn't in the table of the access point, you won't associate with it. And while it's true that there
    are ways of spoofing a MAC address that's been sniffed out of the air, it takes an additional level of sophistication to spoof a MAC address. The
    downside of deploying MAC address tables is that if you have a lot of access points, maintaining the
    tables in each access point could be time consuming. Some higher-end, enterprise-level access points have mechanisms for updating these
    tables across multiple access points of the same brand.


    Consider using an additional level of authentication, such as RADIUS, before you permit an association with your access points. While it's not
    part of the 802.11b standard, a number of companies are optionally including some provision for
    RADIUS authentication. Orinoco access points, for example, can enforce RADIUS authentication of MAC addresses to an external RADIUS
    server. Intermec access points include a built-in RADIUS server for up to 128 MAC addresses.


    If you're deploying a wireless router, think about assigning static IP addresses for your wireless NICs and turn off DHCP. It's true that it's more
    of an administrative overhead to manage, but a number of wireless networks passout IP addresses once
    associated with the AP. Although a wireless sniffer could easily pick out IP addresses, by not passing them out, it just adds another barrier. It
    makes it tougher for the casual "drive by" to use your network.


    If you're using a wireless router and have decided to turn off DHCP, also consider changing the IP subnet. Many wireless routers default to the
    192.168.1.0 network and use 192.168.1.1 as the default router.


    Don't buy access points or NICs that only support 64-bit WEP. Some low-end products only support 64-bit (40 bit key) WEP, and as you know
    by now, even 128-bit WEP is universally considered not very secure. Note that some NICs may
    only require a driver upgrade to attain 128-bit WEP capability.


    Only purchase access points that have flashable firmware. There are a number of security enhancements that are being developed, and you
    want to be sure that you can upgrade your access point.

    Some products support additional security features that are either not defined by the 802.11b standard, or not mandated by the standard. For
    example Agere Systems' Orinoco access points include a feature called "closed network". This is
    proprietary, and not part of the 802.11b standard, but if you're in a corporation and deploying one vendor's solution throughout, it really
    wouldn't matter. With Orinoco's closed network, the AP doesn't broadcast the SSID, so someone using
    NetStumbler won't see it. The client workstation must be configured with a matching SSID to associate with the AP. The default "ANY"
    configuration wouldn't associate with a closed network.


    Most people agree that the best method of securing your wireless network is by using a combination of the suggestions above. However, the
    most effective strategy would be to put your wireless access points into a DMZ, and have your wireless
    users tunnel into your network using a VPN. (See PC Magazine's VPN story titled "Safe Passage".) If your corporation doesn't already have a
    VPN infrastructure in place, it's going to cost you some money to implement. Even if you do have a
    VPN in place, and all of your clients already have the VPN software, there's going to be an extra effort associated with setting up a VLAN for
    your DMZ. But this solution adds a layer of encryption and authentication that could make a wireless
    network suitable for sensitive data.
    Last edited by unclex; 8th January 2002 at 01:15 PM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:

Similar Threads

  1. Wireless Acking or War Driving
    By unclex in forum System Security
    Replies: 53
    Last Post: 14th June 2003, 04:26 PM
  2. got my driving test tomorrow (tips?)
    By xdam in forum The Dog and Duck
    Replies: 45
    Last Post: 20th September 2002, 01:03 PM
  3. how many trys did it take you to pass your driving test ?
    By jjcool in forum The Dog and Duck
    Replies: 63
    Last Post: 14th September 2002, 04:34 PM
  4. Tele2 Wireless Broadband
    By ParadoX in forum Internet Connections & VPNs
    Replies: 7
    Last Post: 30th August 2002, 11:35 AM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •