Slashdot Mirror
Wi-Foo: The Secrets of Wireless Hacking
Wi-Foo requires a certain level of expertise, and it's unlikely that the book will be sold left and right or that everyone will want a copy. First of all, to do anything substantial you need to have Linux or FreeBSD operating system installed and know your way around it. Second of all, some knowledge of Perl is required to go through the script source code and enjoy occasional tools that appear on the Internet. The third required bit of knowledge is some familiarity with how wireless networks work and how one can gain advantage of those radio waves that seem to contain pieces of data.
The authors claim that one has little knowledge of wireless security unless he's done some war-driving. So, skipping the first two chapters (which talk about security in general), chapters 3, 4 and 5 take the reader through the hassle of setting up the Linux laptop with all the hardware and software needed to do successful war-driving. The last time I reviewed a book on getting wireless to work with Linux, you guys kept asking what card would work the best with a Linux laptop. To quote p. 28 of Wi-Foo, "if you're serious about 802.11 penetration testing, you should get a decent Prism chipset card. If you plan to base your security audit effort around the BSD platform, you probably cannot do without it. Prism chipset CF and PCMCIA cards are known to be produced by Addtron, Asante, Asus, Belkin, Buffalo, Compaq, Demark, D-Link, Linksys, Netgate, Netgear, Proxim, Senao, SMC, Teletronics, US Robotics, Zcomax and ZoomAir."
What follows could essentially be condensed into a single Web site with links to various Linux tools for network discovery, traffic analysis, encryption cracking, 802.1x cracking, frame generation and traffic injection. Kudos to the authors for providing sometimes detailed instructions on setting up the utility and getting the successful results out of it -- it's obvious that they did not just peruse the Web in search of what's available and provided a list of URLs; they installed, tested and reviewed all the Linux network security utilities listed in the table of contents. As much as many of the products and tools listed complement one another, it was useful for me to see the professionals' take on advantages and disadvantages of free tools out there. Wherever possible, the authors try to stick with free software, which makes the book a pretty useful guide for most enthusiasts out there.
The authors are serious about getting the reader to war-drive at some point, and chapter 8 specifically talks about generating wireless denial-of-service attacks as a last resort for a cracker, who seems to be in the bad mood when other methods of wireless penetration do not work. The books talks about antenna amplifiers and some hardware you might buy to be more successful in wireless hacking. They also discuss the possibilities of war-biking, war-walking and riding a hot air balloon.
By the time you're finished with the chapter 9, if your title includes words like "security" or "administrator," you will probably find yourself quite perplexed. That's where Part 3 (Defense) kicks in, as the authors discuss counter-measures against wireless cracking and possible steps one can take to secure the wireless network. It's not a typical don't-use-WEP-don't-broadcast-your-ID-don't-rely-o n-MAC-filtering preaching one can find in security manuals created for the home user (I am not saying those are bad -- for a home user they do provide necessary guidance in securing a WLAN). This is mostly industrial-level security, which might include multiple levels of protection, such as 802.11i implementation, implementing encryption around the wireless networks, creating hardware Linux-based gateways, deploying VPNs and intrusion detection systems. Setting up honeypots is missing from this list, although one can debate whether this could be considered a worthwhile project outside of academic world.
The book uses clear language and is easy to read. At the same time it takes a while to go through it, as you keep trying out the presented solution on your Linux laptop. The chapters that talk about the philosophical decisions when securing wireless LANs are helpful as well -- the authors occasionally get away from hands-on approach and talk about general principles to consider. Code examples are easy to follow, and every tool that's presented in the title is accompanied by the URL (for some reason Addison-Wesley did not include a CD with Wi-Foo); a large number of them point to sourceforge.net. All the links are available on the book's Web site; see the attack and defense sections.
If you should decide to take up a career as a wireless security consultant, Appendix G includes a variety of checklists and templates that the authors recommend for the corporate environment. Chapter 8 -- Breaking Through is available for free in PDF format. Overall I liked this book a lot. It seemed to concentrate on what's necessary without going into fluff and chapters like "History of radio" or "Linux on laptops for beginners." It's informative and easy to read; if you're an enthusiast, try out the free chapter and see if you like the authors' style, but if you're network admin or security professional, this book is almost a must. It's a combo of Exploiting Software and Hacking Exposed with specialization on wireless LANs.
You can purchase Wi-Foo from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
you can always not broadcast your wlan name and set a password, it works against most people. And on the other end you can always use KisMac or KisMet
Of the few exploit/hacking books I've read they seem more like "This is how much I (the author) know, that you don't" instead of informative, factual exchange of security-minded information.
I may jump on this one, if not just to see if they laid the hubris on heavy this time...and, well, also because of the simple fact that the future is going to be completely wireless.
Kung Fu is a martial art skill.
Kung Foo is programming skill.
Therefore Wifi Foo is skill at hacking/securing wifi networks.
You overthought this one.
If you mod me down the terrorists will have won
This is all enough :). Since the normal user only does some internet surfing and maybe editing a document and no real mass traffic via WLAN, this should be ok.
Steps to securing my WLAN:
1.Change default router login password
2.Enabled firewall
3.Mac address filtering
4.AES encryption with non-dictionary 15 charcter passphrase
5.Disabled SSID broadcast
6.Updated to latest firmware
7.Disabled remote router login
8.Enabled 802.11g only
9.Updated to latest wirelss network card drivers
Am I missing anything really obvious?
Creative Demolition
From Airsnort.shmoo.com: AirSnort requires approximately 5-10 million encrypted packets to be gathered.
Wanna tell me how you're gonna grab 5 million packets (not counting SSID broadcasts) from a single network whist wardriving? You need quite a few users going for a long time to generate that much traffic.
Yes WPA is bettter, and it's nice to see it becoming a standard. But despite the FUD, WEP is not some disgustingly horribly insecure protocol that's gonna get hacked in 15 seconds by any script kiddie with a wifi card. It takes a *long-ass time* to gather the amount of data needed to crack WEP. There's far easier ways into a network. But then again, it's so much fun to play baby seal and arp away about WEP totally sucking ass.
Try a capture on a home network and see how long it takes. My own net is four machines, including two always-on boxes. It still takes days to generate enough traffic to make an attempt at cracking WEP.
For home (house) use, 128-bit WEP will work just fine. For office environments or apartment buildings, you should still crank things up a notch with MAC whitelisting etc.
There are some people that if they don't know, you can't tell 'em.
I did something similar for my Master's Thesis.
Mainly I looked at various tools and how effective they were. I also looked at setups in the surrounding neighborhood and pwn3d (with permission) the campus VPN via the wireless network.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
As I sit here at my aunt's house, I am currently logged in via the friendly neighborhood linksys 802.11b router (BEFW11S4) complete with it's default settings. I've been enjoying internet access all week and I thought I'd check to see if they at least changed the factory default settings and low and behold I logged right in. It's good to know I can remove my mac address before I leave (just in case).