Part of securing your network must include looking at your wireless access points. Wireless access can be dangerous to your network. Most people don’t even know how easy it is to exploit wireless access points. Let me illustrate my point. I went out one afternoon and took my trusty laptop with me. The task this afternoon was to scan for “open” wireless access points. An “open” wireless access point is one that has absolutely no encryption, or security, on the signal. This allows anyone to listen in on your data stream. If you still don’t get it, it’s a very bad thing! So, I drove for about 2 miles through a small business district and apartment complex. What was the result? Oh, about 45 open wireless networks. That means that I could log onto those networks, scan it, and exploit machines connected to that network. I didn’t do that, but you get my drift. The lesson here is to encrypt your wireless data stream.
…
Some people think that choosing WEP encryption offers great wireless security. They would be wrong. Your wireless router may have an option for WPA and WEP. You should always choose WPA security over WEP. Let me illustrate why. I set up a wireless network in my home. I enabled WEP security at 128 bit encryption. That’s “strong” security for WEP. I wrote down the security key and then I started my test. My goal was to hack my own WEP wireless network. I thought it was going to be a really hard task. I was wrong.
I fired up my linux laptop. Linux is just an alternative operating system to Windows. This particular Linux distribution, or flavor of Linux, was a security edition. This gave me all kinds of tools to scan for wireless networks and exploit them. A typical hacker will have all of these free tools at their disposal. I then fired up Kismet. Kismet is a great wireless scanning program. I found my wireless network in the list. I found the connected client and the access point, or router. Then I proceeded to do a typical type of attack on the network. Hackers need to grab what’s called a “packet” from a computer that already has the key for the secured wireless network. The hacker can then use this packet to issue responses from the router. Why is this important? This allows the hacker to gather a tremendous amount of data from the access point. And this finally allows the hacker to crack the WEP security key.
So, I went about hacking my own WEP wireless router. I “deauthenticated” my computer that was already connected to the router. This gave me the packet I needed for the router. Then I started sending this packet to the router a lot. Once I had enough data from the router, I then passed it to a cracking program. Viola, it cracked the key in about 1 second. After the dust had settled, I had cracked my WEP security in less than 30 minutes! But would the typical user see that I was hacking? Probably not. The only thing they would see is that they lost their wireless connection for a moment. This is when I “deauthenticated” them from the network to grab the “packet” I needed.
Remember, I had my WEP encryption set to 128 bits. This is a high level of encryption. But it really doesn’t matter. All a hacker needs is a signal a little time to crack that. Remember, hackers are like house thieves. They will go along the path of least resistance. The harder your wireless signal is to crack, the less likely you will be hacked. They will simply move along to the next “open” network or one with bad encryption. Do yourself a favor, and always choose WPA wireless security over WEP.
If you would like to make a comment, please fill out the form below.
[…] Original post by Paul Tech and published by w-plaza […]
Well said Paul. And there are some automated WEP cracking tools that anyone can use very easily (WEPWedgie comes to mind but there are several)
Remember you need Windows XP SP1 or better for WPA.
Nice article
I’ll enforce my MSI wireless router right now.
What PCIMA card do you use with Linux? I have a built in Intel wireless card but most software in linux won’t support this… i need a suggestion which wireless card could work in linux and allow cracking of WEP.
..I display my SSID quite happily.
It will take more tools to disguise yourself as a MAC address I allow in my Wireless MAC filter
[…] Network security is a huge issue. The problem has moved from having a firewall block a single point of entry, my Internet connection, to somehow blocking the airwaves where my internal wireless signal is. Since there is no way to block it I have encrypted it. There are choices about that when you install the network and the only way to go is WPA2. I’m referring you to an excellent article on this at GoPaulTech.com and yes; I will be having PaulTech test my system using Kismet. Results of the testing will follow later. Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages. […]
I know why I am using wpa 2 :).
nice Report
5: MAC Address filtering is almost useless- tools? what tools? Cloning your mac into your settings takes like 30 seconds. MAC Address filtering isn’t going to change anything for you from someone who actually has some clue of what they’re doing. Neither will hiding your SSID.
And there are WPA cracking methods too- and I mean other than Brute-Forcing it.
Orun,
yep, it’s true that MAC filtering is a waste of time. It’s easy to spoof that. As for WPA, yes it’s harder to crack - but it can be done. I think it’s the principle of the low hanging fruit. If someone wants in bad enough, sure they probably will do it if they’re skillful enough. Most folks, however, move on to easier targets. And yes, SSID in non-broadcast mode won’t hide you either.
Re: MAC filtering and WPA2
Every little bit helps. Everything you do that adds effort to cracking your network is just one more reason for them to go down the street to all the open AP’s.
Some pictures for your tutorial
http://en.airdump.net/hacks/hacking-wifi-ultimate-ubuntu-guide/