OT. Who knows about wifi sniffers and compiling code?

Hi.

Basicly, I want to test my home wifi. It is set up with a key and
encrypted but a neighbour says they can get in. I want to prove or
disprove it.

A link to this was posted somewhere else, some time ago. I can't
remember where. I recently decided to have a look and... whoh, it's
all code. But what code, and what do I have to do to make it run?

http://midnightresearch.com/projects/wicrawl/

"Wicrawl is a simple wi-fi (802.11x) Access Point auditor with a
simple and flexible plugin architecture."

"The goal is to automate the tedious task of scanning wi-fi access
points for interesting information. This can be a useful tool for
penetration testers..."

Is it all linux stuff or does it need to be compiled to make a windows
program? Or what? Or can you reccomend something else that a total
fool can use?

Thanks.

 

Under Status:

"Currently it works on Linux only (hopefully bsd and mac versions to
follow). "


--
Krusty
www.MuddyStuff.co.uk
Off-Road Classifieds

'02 MV Senna '03 Tigtona 955i '96 Tiger '79 Fantic Hiro 250

 

If you're only using WEP, it's almost a certainty they can.

 

Netstumbler?

 

No.

I believe you need Linux, xxxxxx, other tools.

Thing is, why bother. It is well established (but not by me)
that WEP is easily crackable with downloadable tools.
All you need to be able to do is install linux, compile some
modules, get a suitable wireless card (many out there) and
off you go. 5 mins is I understand it the time it takes to crack
a WEP key.

Change to WPA and use a full length key. Go to pub.

There is however as you have discovered a significant
barrier to entry to this club if you are not a Linux admin
and MOST people will not be able to stroll up and
crack your wireless. That being said, there will be
plenty who can including for
sure a large number of those who post to this list.

Of course older Wireless hardware and software
does not support WPA.

 

What do you actually want to prove? That someone can get in or that
someone actually has got in?

If it's the former, and you're only using WEP, then just take it as
read that it's fairly easily to achieve by anyone with sufficient
motivation, patience[1] and a modicum of knowledge.

If you want to prove that he actually is in then something like a live
Linux distro[2] and nmap will show what is connected to your WLAN.

[1]The patience requirement has reduced dramatically.
[2]I like Backtrack from www.remote-exploit.org for this sort of thing.

 

If you have windows and want to see if he's connected to your wifi setup
then maybe your modem/ISP software can help.

I use a BT Voyager, and the setup software has a 'Status' page which shows
various aspects of the connection including a 'Wireless Clients' table
showing which wireless client (The MAC Address) is currently connected, if
any. Find this in your modem software and ask your neighbour to log on,
you'll soon see if he's able to or not.

A neighbour is harder to keep out than passing traffic, he has a long time
to 'sniff' your wireless packets and make sense of it all. I've found the
best defence for me is using a combination of the following.

Hide Wireless Network SSID. WPA/PSK with TKIP using Hexadecimal characters.
MAC Address Control on.

Using all the above, whilst apparently not hard to 'crack' on their own, I'm
confident that unless your neighbour is very good then he'll have a hard
time logging onto your system.

 

Does not help at all.

Do this - use full length key.
If you are paranoid use an internet key generator
to generate a true random key - I wouldn't bother.

Does not help at all.

Well, I am not sure but maybe if a registered mac was
connected then a second copy of the same mac would not
be able to get in. This might help a bit. Your computer though
can I think be forced to de-register and then he can get in
using your mac.


If someone has the tools to crack WEP then the other
listed 'defences' are of no value at all.

Really, exactly and precisely of no use.

 

A lot depends on who and how the wifi access is being 'attacked'. If it's
by a neighbour who hasn't any real experience then even this simple, whilst
I agree mostly ineffective, measure can keep him out.

See above answer to Hidden SSID.

I did say that singularly they were not hard to crack, but altogether they
help keep the less witless out.

A while ago now I let my 15 year old try to crack my desktop wireless access
point, for a week, using any software he could find on the internet or from
his 'mates' [1] via his laptop. He couldn't do it. He couldn't get past
the WPA or MAC Address control. He did get the SSID eventually. Most of
the software he used, whilst in the hands of an experienced user can do most
of it, it isn't intuitive to use, still needs a shit-load of experience to
get the best out of it and barely helps 'Joe Bloggs' crack anything.

IME, and YMMV, of course.

[1] A supposedly 'l33t' crowd, who play Runescape and WoW for days on end
....

 

Agreed. It won't stop the professionals (but then nothing really will)
but it will stop the 'I've got a new laptop, what can I see?' brigade.
Round my house at the moment I can see about 9 wireless networks (not
including mine) of which 2 are open, 3 are WEP and the others are WPA2.

Yer typical 'skrpit-kiddie' - they all start off with downloaded
scripts and tools and zero knowledge. The propblem is that they then
often go on to aquire the knowledge to use those tools quite quickly
(and sometimes end up with a laptop full of trojans - one of the sales
guys here had his kid go that route - downloaded lots of
hacker-dood-toolz only to discover (later) that they came with a
substantial payload of keyloggers and trojans..).

My nephew hangs out with the runescape crowd. But he laughs at them
when they go into their l33tsp33k..

Phil.

 

I have never tried any of this but I use LAN ssniffers a lot
and I understnd that the ssid (even if hidden)
and for sure the mac are sent in
clear and that you WILL see them both if you have a sniffer.

My assumption would be that anyone who can
crack WEP will have no trouble with mac and ssid.
Maybe that's not exactly true?

I guess that my concern is that the OP may
think that two out of three might be OK and would
not do the one he needs which is WPA.

I understand that at present WPA is uncrackable
except by exhaustive, dictionary and brute force,
password attacks and that for the present
the password space is big enough by quite a margin.

With WPA your mileage won't vary

 

He's BTDTGTTS It's his own Laptop now. At the time we were thinking of
letting him have it anyway, so weren't too bothered.

He's had to re-install Win XP three times ...

He's learning, mind. The first two were within weeks, the last one was a
couple months later and he hasn't had to re-install for maybe six months.

Tom does now, he's 'grown' he reckons.

I daresay if I gave him the same challenge now, he'd find it a tad easier,
but he'd do it himself instead, which is a step forward I think.

 

My real point was meant to be similar, but slightly different in that many
people (from experience) have downloaded sniffers and such-like but don't
have the background knowledge, experience, or even brains, to work out how
to use them properly such that they can actually crack a system. The MAC
and SSID are not necessarily readily readable unless you have a sniffer
_and_ said knowledge/experience.

Mind, it doesn't take long to gain the knowledge, if you're a neighbour with
plenty time, intent on breaking in ....

Fair comments.

 

Especially if he can't get onto your network

It's a good learning experience. As it learning to to either ghost (or
an open-source equivalent) to take a copy of the freshly installed
laptop (with all the bits and bobs installed, set up the way you want
it) onto an external drive.

That way when you have the "I really wish I hadn't installed that
virus" moment you can just nuke it back to a clean config in one swift
move.

Yup. He'll make a fine hacker one day - or take to the dark side and
become a cracker.

Learning to use your brain is *always* a step forward.

Phil.

 

The bootable linux disks I used on a penetration testing course a couple
of years ago where auditor and whax. I found whax pretty easy to use.

Things have moved on since doing the course so I would try this cd which
claims to be a hybrid of them.

http://www.remote-exploit.org/backtrack.html
It only appears to sniff WEP wireless though.

If you've got WPA2 security enabled on your router, then it's pretty
unlikely that he's connecting to your network.

 

Hi again.

Thanks for the answers folks. I didn't see (obviously) the linux bit.
I have a big hole on my PC where I could install another OS so I might
look at linux for the laugh.

As for the neighbour, he runs some sort of comms company from his
house. I changed my modem a few months ago to one that has wireless
in it. I set it up using a big key and WPA. It can be seen but
anyone trying to use it gets asked for the key.

HE says he can get in. I haven't asked him how, he claims to have
'stuff'. I don't really care in the respect of it's just a home PC,
not a data mine for a passing sniffer. Then I saw the thread somewhere
and thought I'll test the wifi out.

So, short story long. I'll get Ubuntu and see what I have to do. What
Linux book or site do I need to start off?