 |
| Main Menu | |
| Web Browser | |
| Website Links | |
| |
Wireless Hacking or War Driving Article
(531 reads)
Wireless hacking or war driving is possible because of the inherent flaws in the 802.11 protocol. 802.11b protocol will receive any signal that is within its broadcast range. This is means that any network card that is within the 18 to 30 foot radius of a wireless access point, (without an external aentena) will in theory able to access the network from which the point is set up. Currently there are number of different methods of preventing access to wireless network.
One is through using wireless encryption protocol or WEP, as we will show within this article this form of security is not the only answer. Wireless encryption protocol encrypts the packets that the network sends out, if a person does not have the specific wireless encryption protocol key than in theory they will be unable to access the data. Unfortunately do through enough analysis of air traffic it can be guessed by certain software products.
Another method is by using a radius server, this server acts as if a domain controller for a wireless network.. A combination of both of these security measures provides the tightest form of security.
The question you may be asking yourself is, "why would someone want to do this?”. The first and most innocent reason is simply to gain free Internet access. The second is to use your network as a jumping point to commit other computer crimes. Their identity will then be hidden behind your network, escaping prosecution.
Following are the tools that can be used:
airsnort
Kismet
scanchan
arpping
These tools can be used, to break the encryption on your network and gain access to the network and its bandwidth. Here is where you can find copies of these tools.
airsnort http://airsnort.shmoo.com/
Kismet http://www.kismetwireless.net/
scanchan http://team.vantronix.net/reyk/prism2/
arpping http://busybox.net/cgi-bin/cvsweb/udhcp/?sortby=file#dirlist
Now technically, you could try war driving at this moment. But, you must remember that the distance wireless LAN's capable of broadcasting, is relatively short distance; approximately about 18 feet to 30 feet with a normal consumer base product.
So , to increase the effectiveness of our audit policy, we will add an additional antenna to our wireless LAN card. Not every card that's available market is ready to have an external antenna attached. So some cards will require a bit of soldering and other modifications. But, to save use of the trouble try purchasing a car that as the capability of attaching an external antenna. Here are some additional resources for finding cards that fit this bill.
Goto: Seatlewireless.net
Now that you have one of these cards, you'll now be able to purchase something called "pigtail". This will allow you to connect the small usually proprietary connector on the card to an actual external antenna.
They may hear the Internet rumors, about building and antenna and, from a Pringles can. But, is not the best way to do it. A Pringles can wasn't no way me to actually be an antenna in the amount of metal that's actually contained in it is not the best way to focus the wireless LAN frequency onto the actual antenna receptor. If you going to have the most effective method for doing is, used actually just purchase an antenna from a local store. You can find this type of antenna at your local electronic store, usually a specialty store like RadioShack (not the best place to look, but most common) the best bet would actually be a ham radio shop, but these are usually a rarity in some areas.
Now the question I usually get is, "can I use my cars antenna?" The answer to that one is no, antennas are designed to capture the frequency of the signal they are designed for. For example: radio waves are long waves as the fact that a radio antenna is a long thin design. Wireless LAN waves are very tight and fast so the antenna has to be thin-circular in shape and long (looks kinda like a telescope). This also means that the wireless LAN antenna is a directional antenna, so this means you have to face the antenna towards the source.
Now let's begin tracking down Roque signals.
The first thing to do in any type a security audit, is to take a look at the area that you're trying to secure. Is your area low to the ground? Or, is it in a skyscraper or other type of tall building. You need to take this into consideration because of the differences in the support structure of the building. Obviously, a skyscraper is going to have more steel in the support structure, the line building. Also depending of a little floor you're on the actual range of your wireless LAN may not even reach the ground levels. If you're on a low-lying structure will have more of an area cover.
Let's start with a low-lying area wireless LAN audit first. Get your gear and hop into the car. Now an additional piece of equipment would be a DC power inverter. This will let you run your laptop off of the car battery. First drive the pattern of traffic frequently followed at the different times a day. This will establish the most common points that a person would use to access the network. So it is usually the first place that I would try to pick up the signal from your wireless LAN.
So have the laptop up and running and start netStumbler and crank up the soundcard. As you drive around you'll notice that net Stumbler will beep when it runs into a wireless LAN signal. First thing you should take notice of is it the wireless LAN signal is W. E. P. encrypted. This will show up as a lock icon on net Stumbler. This means that the wireless connection is not exactly open. If it shows up without a lock this means that the wireless LAN is completely open, a person could merely just configure their wireless LAN card to DHCP and connect to the network. Now some wireless LANs are not set up for DHCP. In this case of the people would have to configure their card to use an unused IP. All that is needed to do that is a little bit of guesswork. Which is a lot easier than you would think, especially since most networks use the normal private 192.168 or 10.0 network address scheme.
If the connection does have W. E. P. enabled, then you can use air snort to collect W. E. P. data, which after about 1 GB of collect data the software program would be able to break the encryption algorithm.
They would then take the resulting key, and configure it to be used by their nic card, this will allow them to then access the encrypted network traffic.
Now people use a multitude of methods to prevent administrators from noticing them on the new network. One way is that they set up a firewall on the laptop, which has all of the incoming ports blocked to their machine. This to prevent their machine from showing up on a networks can, especially if the scan used ping to determine if there is a computer answering at that IP address. Most good scanning software can scan a network without using ping. This merely causes the scan to take any extreme amount of time. But, a good network administrator should always supplement their normal scanning routine with a non ping based solution.
|
[ Back to Wireless Help and Definitions | Web Help Index ] |
|
|
|
