tag:blogger.com,1999:blog-242850292024-02-09T05:53:53.557+13:00Networks ®andomJR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-24285029.post-1142722088516568252006-12-31T00:00:00.000+13:002006-05-05T21:10:58.123+12:00Wardriver<div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/996/1882/1600/how2holiday.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://photos1.blogger.com/blogger/996/1882/320/how2holiday.jpg" alt="" border="0" /></a><span style="color: rgb(0, 0, 153);">The sport of detecting and/or locating wireless LANs.<br />The ethics (and, in most places, the laws)<br />of wardriving dictate that the wireless LANs<br />thus found must not be used without<br />the owner's permission.</span><br /></div>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146890750851716242006-05-31T23:58:00.000+12:002006-05-07T19:58:36.543+12:00Wardriving SoftwaresSome of you out there for one reason or another don’t<br />want to use NetStumbler, MiniStumbler, Wellenreiter,<br />Kismet, or WarLinux. One good reason is that your<br />organization has a policy against the use of freeware<br />or open source software. That alone would preclude the<br />use of those programs. Other wardriving tools are<br />available to you, however. Some are free and some<br />are not. Here is a few examples:<br /><ul><li>1 <a href="http://www.sec33.com/sniph/aerosol.php">Aerosol</a><br /></li><li>2 <a href="http://www.airmagnet.com/products/index.htm">AirMagnet</a><br /></li><li>3 <a href="http://www.wildpackets.com/products/airopeek">AiroPeek</a><br /></li><li>4 <a href="http://www.snapfiles.com/get/pocketpc/airscanner.html">Airscanner</a><br /></li><li>5 <a href="http://www.macupdate.com/info.php/id/5726">AP Scanner</a><br /></li><li>6 <a href="http://www.monolith81.de/mirrors/index.php?path=apsniff/">APsniff </a><br /></li><li>7 <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD-Airtools</a><br /></li><li>8 <a href="http://www.dachb0den.com/projects/dstumbler.html">dstumbler</a><br /></li><li>9 <a href="http://http://gwifiapplet.sourceforge.net">gWireless</a><br /></li><li>10 <a href="http://istumbler.net">iStumbler</a><br /></li><li>11 <a href="http://www.binaervarianz.de/projekte/programmieren/kismac">KisMAC</a><br /></li><li>12 <a href="http://www.macstumbler.com">MacStumbler</a><br /></li><li>13 <a href="http://www.l0t3k.net/tools/Wireless/Mognet-1.16.tar.gz">Mognet</a><br /></li><li>14 <a href="http://www.bitsnbolts.com">NetChaser</a><br /></li><li>15 <a href="http://www.pocketwarrior.org">Pocket Warrior</a><br /></li><li>16 <a href="http://www.cirond.com/pocketwinc.php">pocketWinc</a><br /></li><li>17 <a href="http://www.sniff-em.com">Sniff-em</a><br /></li><li>18 <a href="http://www.networkgeneral.com/">Sniffer Wireless</a><br /></li><li>19 <a href="http://www.thc.org/releases.php?q=scan">THC-Scan</a><br /></li><li>20 <a href="http://www.thc.org/releases.php?q=wardrive">THC-Wardrive</a><br /></li><li>21 <a href="http://www.gongon.com/persons/iseki/wistumbler/index.html">WiStumbler</a><br /></li><li>22 <a href="http://www.research.ibm.com/gsal/wsa">Wireless Security Auditor</a><br /></li><li>23 <a href="http://www.guerrilla.net/gnet_linux_software.html">Wlandump</a><br /></li></ul>There is something for every random out there on that list,<br />whether you run Windows XP, Windows CE, SunOS, Red Hat<br />Linux, FreeBSD, Mac OS, Zaurus, or a Pocket PC. Yoper<br />from <a href="http://www.yoper.com/">here</a>, is an excellent flavour of linux, works well with most<br />softwares tested.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146987938332796202006-05-31T23:57:00.000+12:002006-05-07T19:59:19.340+12:00Hacking SoftwareTo do your job properly, you need a selection of freeware and commercial software. Fortunately, a multitude of freeware programs is available, so you don’t need a champagne budget, a beer budget should suffice. In fact, if you are prepared to run more than one operating system (see Multi-Boot Post), you can get by using only freeware tools.<br /><br /><span style="color: rgb(0, 0, 102); font-weight: bold;">Things Needed/Things to Google</span>:<br /><span style="color: rgb(0, 0, 153);"> Partitioning or emulation software</span><br /><span style="color: rgb(0, 0, 153);"> Signal strength–testing software</span><br /><span style="color: rgb(0, 0, 153);"> Packet analyzer</span><br /><span style="color: rgb(0, 0, 153);"> Wardriving software</span><br /><span style="color: rgb(0, 0, 153);"> Password crackers</span><br /><span style="color: rgb(0, 0, 153);"> Packet injectors</span>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146889411231306302006-05-31T23:56:00.000+12:002006-05-07T20:00:09.020+12:00Other Software Options<span style="color: rgb(51, 51, 51);">In addition to using the wireless-client, stumbling, and </span><br /><span style="color: rgb(51, 51, 51);">network analysis software mentioned here, you have some </span><br /><span style="color: rgb(51, 51, 51);">additional ways to search for wireless devices that don’t </span><br /><span style="color: rgb(51, 51, 51);">belong ie some basic port-scanning and vulnerability </span><br /><span style="color: rgb(51, 51, 51);">assessment tools can give you useful results. </span><br /><span style="color: rgb(102, 102, 102);">Here is a quick list:</span><br /><br />1 <a href="http://www.superscan.net/">SuperScan</a><br />2 <a href="http://www.gfi.com/lannetscan/">GFI LANguard</a><br />3 <a href="http://www.nessus.org/">Nessus</a><br />4 <a href="http://www.newt.org/">NeWT</a><br />5 <a href="http://www.qualys.com/">QualysGuard</a><br /><br /><span style="color: rgb(51, 51, 51);">These programs aren’t wireless specific but they may </span><br /><span style="color: rgb(51, 51, 51);">be able to turn up wireless-device IP addresses and </span><br /><span style="color: rgb(51, 51, 51);">other vulnerabilities that you wouldn’thave been able </span><br /><span style="color: rgb(51, 51, 51);">to discover otherwise.</span>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146987577409479672006-05-31T23:55:00.002+12:002007-03-30T22:03:58.068+12:00Info on Vulnerabilities~<b>Finding more Information</b>~<br />After you or your tools find suspected vulnerabilities, there are various wireless security vulnerability resources you can utilise to help find out more information on the issues you find. A good place to start is your wireless vendor’s Web site. Look in the Support or Knowledge base section of the Web site for known problems and available security patches. You can also peruse the following vulnerability databases for in-depth details on random vulnerabilities, how they can be exploited, and possible fixes:<br /><br />1 <a href="http://www.kb.cert.org/vuls">US-CERT Vulnerability Notes Database</a><br />2 <a href="http://icat.nist.gov/icat.cfm">NIST ICAT Metabase</a><br />3 <a href="http://cve.mitre.org/cve">Common Vulnerabilities and Exposures</a><br /><br />Another good way to get more information on specific security issues is to do a <a href="http://groups.google.com/">Google groups</a> search. Here you can often find other message boards, and newsgroups where randoms like myself have posted problems an/or solutions about your particular issue\problem.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1142719698137866122006-05-31T23:55:00.001+12:002006-05-07T20:01:16.606+12:00Network SecurityThe following are a few random progs to help monitor, log and protect your network, be it Wifi or not.<br /><br /><a href="http://www.activestate.com/Products/ActivePerl/"><b>ActivePerl</b></a><br />Perl implementation for Windows. Needed to run Multi Router Traffic Grapher.<br /><br /><a href="http://www.lookatlan.com/"><b>Look@LAN Network Monitor</b></a><br />See what's going on around your network and generate reports and graphs. Be alerted when servers or particular services appear or dissappear.<br /><br /><a href="http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg"><b>Multi Router Traffic Grapher</b></a><br />MRTG uses SNMP to monitor the traffic on network links, then presents the data in the form of one or more graphs on a Web page. It can monitor any SNMP variables and - with the aid of external programs - other types of data.<br /><br /><a href="http://stevemiller.net/sharewatch/"><b>ShareWatch</b></a><br />Convenient and lightweight tool to reveal what shares are present on your network and to disconnect users if necessary. Commit the Control+N shortcut to memory before selecting No Caption, Menu, and Toolbar mode, or you may never get the menubar back..<br /><br /><a href="http://www.softperfect.com/products/networkscanner/"><b>SoftPerfect Network Scanner</b></a><br />Generates a list of network nodes, checks for shares (including those that are hidden) and open ports, and interrogates MAC addresses. Easily explores or maps discovered shares.<br /><br /><a href="http://www.xcat-industries.nl/"><b>xCat IP Monitor</b></a><br />Provides a simple up/down status display for up to ten nodes on your LAN or on the Internet. The polling frequency is adjustable, but the same setting applies to all nodes.<br /><br /><a href="http://seiryu.home.comcast.net/henwen.html"><b>HenWen</b></a><br />Snort with a Mac-style GUI to simplify configuration and use.<br /><br /><a href="http://www.engagesecurity.com/products/idscenter/"><b>IDScenter</b></a><br />A Windows front-end for Snort. Brings the configuration and messages out into the open.<br /><br /><a href="http://www.snort.org/"><b>Snort</b></a><br />A widely used network intrusion detection and prevention system. Registered users can download new rules in between Snort releases.<br /><br /><a href="http://www.lucidlink.com/"><b>LucidLink Wireless LAN Security</b></a><br />Manages access points to use 802.1x and WPA, and limits access to those computers running the included client. Limited to three users.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1142656449562504072006-05-31T23:55:00.000+12:002006-05-07T20:02:05.633+12:00Network SniffersMost serious hackers and network auditors use the open-source operating system Linux as the platform from which they launch attacks and perform analysis. This section highlights some of the more popular tools, mostly Linux, that can be used to search out and hack wireless networks.<br /><br /><a href="http://airsnort.shmoo.com/"><b>Airsnort</b></a><br />The home page for the free cracking application, AirSnort, plainly states, "AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys." AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. In even more simplistic terms, AirSnort is a program that listens to the wireless radio transmissions of a network and gathers them into a meaningful manner. After enough time has passed (sometimes in a matter of hours) and data are gathered, analytical tools process the data until the network security is broken. At that point everything that crosses the network can be read in plain text.<br />The authors of this fully functional encryption-cracking tool have maintained from the first days of release it would expose the true threats of WEP encryption. Jeremy Bruestle, one of two lead programmers for the project, has truly recognized the inherent dangers of WEP. He states during an interview in 2001, “It is not obvious to the layman or the average administrator how vulnerable 802.11b is to attack. It's too easy to trust WEP.” AirSnort is not the only open source tool used for wireless cracking but the first publicly recognized freeware to put the power of an intellectually skilled-criminal into the hands of a neighbor, who just got the cheapest deal from the local ISP.<br /><br /><a href="http://wepcrack.sourceforge.net/"><b>WEPcrack</b></a><br />WEPcrack, simultaneously being developed along with AirSnort, is another wireless network cracking tool. It too exploits the vulnerabilities in the RC4 Algorithm, which comprise the WEP security parameters. While WEPcrack is a complete cracking tool, it is actually comprised of three different hacking applications all of which are based on the development language of PERL. The first, WeakIVGen, allows a user to emulate the encryption output of 802.11 networks to weaken the secret key used to encrypt the network traffic. Prism getIV is the second application that will analyze packets of information until ultimately matching patterns to the one known to decrypt the secret key. Thirdly the WEPcrack application pulls the two other beneficial data outputs together to decipher the network encryption.<br /><br /><a href="http://www.kismetwireless.net/"><b>KISMET</b></a><br />Kismet is an extremely useful tool that supports more of an intrusion detection approach to the wireless security. However, Kismet can be used to detect and analyze access points within range of the computer on which it is installed. Among many other things, the software will report the SSID of the access point, whether or not it is using WEP, which channels are being<br />used, and the range of IP addresses employed. Other useful features of Kismet include de-cloaking of hidden wireless networks, and graphical mapping of networks using GPS integration.<br /><br /><a href="http://www.ethereal.com/"><b>Ethereal</b></a><br />Ethereal is a pre-production network capturing utility. Currently capable of identifying and analyzing 530 different network protocols, Ethereal can pose a substantial threat through the discovery and detection of any network communication. One of many network analyzers, this application arguably does the most comprehensive job of seeing and recognizing everything that goes by its sensor.<br /><br /><a href="http://sourceforge.net/projects/airjack/"><b>Airjack</b></a><br />Known as a packet injection/reception tool, Airjack is an 802.11 device driver is designed to be used with a Prism network card (mainly Linux hardware). Other names include wlan-jack, essid-jack, monkey-jack, and kracker-jack. This tool was originally used as a development tool for wireless applications and drivers to capture, inject, or receive packets as they are transmitted. It’s a fundamental tool used in DoS attacks and Man-in-the-Middle attacks. Its capabilities include being able to inject data packets into a network to wreck havoc on the connections between wireless node and their current access point. A common hacking use for this tool is to kick everyone off of an access point immediately, and keep them logged off for as long as you like. Without the Layer-1, frame level authentication on all 802.11a/b/g networks, a computer running Airjack would passively assume the identity of an access point and then once inside of the channel of communication between node and AP, Airjack would begin sending dissociate or deauthenticate frames sequentially at a high rate. The users’ networks network cards interpret this as their AP and they drop their connection.<br /><br /><a href="http://hostap.epitest.fi/"><b>HostAP</b></a><br />HostAP is really nothing more than a firmware for Prism cards to act as an access point in any environment. With multiple scanning, broadcasting, and management options, HostAP can lure disconnected clients into a connection with the HostAP user’s computer and engage into whatever activities suitable to that situation. This is a very common tool used with growing compatibility where it will be ubiquitous with any Open Source OS in the near future.<br /><br /><a href="http://www.dachb0den.com/projects/dweputils.html"><b>Dweputils</b></a><br />Dweputils is not one application but a set of applications that together comprise a larger threat to wireless networks of any character. Dweputils is a set of utilities that can completely inspect and lock-down any WEP network. Dwepdumpis a packet-gathering tool, which provides the ability to collect WEP encrypted packets. Dwepcrack then gives you the power to deduce WEP keys with a variety of frequently employed technique. Finally dwepkeygen, a 40-bit key generator, can creates keys that aren't susceptible to the Tim Newsham 221 attack with a variable length seed.<br /><br /><a href="http://airsnarf.shmoo.com/"><b>AirSnarf</b></a><br />AirSnarf is an access point spoofing tool based off the simplest way to dupe users into handing over their sensitive information to rouge hackers. Quite simply this application mimics a legitimate access point. The method of attack is broken down into recreating an identical logon webpage that would normally be displayed by the AP. The user is bumped off the network and forced to re-login or is caught before they login the first time. The simple trick convinces them into voluntary sending their login information to the hacker who can then use it at their disposal. It is extremely simple yet effective.<br />All the details of the AP connection are legitimate to the unsuspecting user within their network configuration. They never realize this has happened in some cases as you then authenticate them to the network and allow them to pass through your computer.<br /><br /><a href="http://www.netstumbler.com/"><b>NetStumbler</b></a><br />This is the primary tool available for Windows users to detect 802.11 networks. It does not have any cracking tools that are inherent in the software package but can be used in conjunction with numerous other tools to find and hack a wireless network. NetStumbler is perhaps the least dangerous application discussed here, but the first challenge of any hack is finding where and what you are hacking.<br /><br /><a href="http://www.linuxdownloads.org/article.php?sid=6758"><b>THC-RUT</b></a><br />Also referred to as the “aRe yoU There” network tool, THC-RUT, combines detection, spoofing, masking, and cracking into the same tool. Many see it as the, “first knife used on a foreign network” boasting its brute force all-in-one capabilities. Resources in the tool included spoofing Dynamic Host Configuration Protocol (DHCP), Reverse Address Resolution Protocol (RARP), and Bootstrap Protocol (BOOTP) requests.<br /><br /><a href="http://www.remote-exploit.org/index.php/Hotspotter_main"><b>Hotspotter</b></a><br />Hotspotter is another rouge access point tool that can mimic any access point, dupe users to connecting, and authenticate with the hacker’s tool. This, again, is done with a deauthenticate frame sent to a MS Windows XP user’s computer that would cause the victim’s wireless connection to be switched to a non-preferred connection, AKA a rouge AP. This sort of trick is a passive approach that seeks to identify the probe frame sent by any Windows XP machine looking for its preferred network containing exploitable information.<br /><br /><a href="http://asleap.sourceforge.net/"><b>ASLEAP</b></a><br />LEAP stand for Lightweight Extensible Authentication Protocol, which is intellectual property of Cisco Systems, Inc. This is a broadly used protocol for authentication on Cisco Access points with inherent weaknesses. ASLEAP is able to use hashing algorithms to create brute force attacks to recover passwords, and actively deauthenticate users from the AP making them reauthenticate quickly to expedite the process of hacking. This is another tool in the arsenal of hackers with an ever-shrinking learning curve.<br /><br /><a href="http://ikecrack.sourceforge.net/"><b>IKECrack</b></a><br />IKECrack is an open source IKE/IPSec authentication crack tool. It uses brute force dictionary based attacks searching for password and key combinations to Pre-Shared-Key (PSK) authentication networks. With repetitive attempts at authentication with random passphrases or keys this crack tool undermines the latest WiFi security protocol.<br /><br /><a href="http://www.jiwire.com/hotspot-locator-laptop-user-guide.htm"><b>JiWire Hotspot Locator</b></a><br />Find Wi-Fi access points when travelling around Australia or overseas. Has its own database (updated periodically) so you don't need an Internet connection to find out where you can connect to the Internet.<br /><br /><a href="http://www.istumbler.net/"><b>iStumbler 95</b></a> - Mac OS X<br />Discovers Wi-FI, Bluetooth and Bonjour services. Includes a widget to display signal strength history.<br /><br /><a href="http://oxid.it/cain.html/"><b>Cain & Abel</b></a><br />A pair of tools to recover various kinds of passwords stored on a PC or network. Does so by sniffing, performing dictionary, bruteforce and cryptanalysis attacks, decoding scrambled passwords, revealing password boxes,uncovering cached passwords and analysing routing protocols. Can also be used to record VoIP.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146821139834528632006-05-31T23:54:00.000+12:002006-05-07T20:02:44.963+12:00Random Tips For the Wardriver<b>~<span style="color: rgb(0, 0, 153);">Random Wardriving Tips</span>~</b><br /><br /><b>-</b>Beginners waste many weekends wardriving their local neighborhoods or business districts. This is probing for<i> low-hanging fruit</i> some say, and is a waste of valuable learning time. It's more to an individuals benefit to learn an assortment of wireless LAN penetration tools and work toward the goal of gaining useful information. Learning the correct application of tools and techniques(not to mention keeping up-to-date)takes time and hard work in a closed environment, but yields much in the way of information technology.<br /><br /><b>-</b>The current demand for wireless-security professionals is staggering on an international level. Those who have taken the time to hone their skills in the use of available tools and the latest penetration techniques will be financially rewarded with a great career. I urge you to consider practicing, studying and reading random comments much like this from randoms like myself rather than driving around from neighborhood to neighborhood hoping to send an e-mail through someone’s cable modem. Decrypting fact from crap will become a natural tool.<br /><br /><b>-</b>One of the tricks to getting noticed by potential customers: Commit to the notion of protecting their wireless LAN. Give them a quick demonstration of hacking tools. If they have (for example) a heavily loaded 802.11g network secured with WEP, cracking their WEP key should open their eyes very quickly. --Keep in mind that these demonstrations should ALWAYS be done with the permission of a person in authority at the client organization(see post WiFi Hazards)—- And in a closed environment. Doing otherwise can lead to<i> criminal prosecution</i>, defamation of your organization, and a plethora of other <i>undesirable</i> results.<br /><br /><b>-</b>Many <i>hackers</i> don’t necessarily want to <i>steal</i> your information or crash your systems. They often just want to prove to themselves and their friends that they can break in. This creates a warm fuzzy feeling that makes them feel like they’re contributing to society somehow, when in fact all they are doing is impressing themselves, and their equally stupid friends. On the other hand, sometimes they attack simply to get under the <i>administrator’s</i> skin. Sometimes they are<br />seeking revenge. <i>Hackers</i> may want to use a system so they can attack other people’s networks under disguise. Or maybe they’re bored.. and just want tosee what information is flying through the airwaves for the taking.<br /><br /><b>-</b>The <i>high-end uberhackers</i> go where the money is.. literally. These are the guys who break into online banks, e-commerce sites, and internal corporate databases for financial gain. What better way to break into these systems than through a vulnerable wireless network, making the real culprit harder to trace..One random AP or vulnerable wireless client is all it takes to get the ball rolling. However, just because you have gotten away with something does not mean you yourself have not been penetrated and tagged, no matter how good you are, there is always someone better.(Unless you are the smartest on the planet.. But what are thee odds:)<br /><br /><b>-</b>You know what they say about secrets? Here’s a hint: It’s no secret. Have you ever lost a laptop? Have you ever lost an employee? In both cases, you should change all 3,000 keys. Otherwise someone can decrypt every message, because everybody is using the same key. And just how often do you really think administrators will change the keys?<br /><br /><b>-</b>IEEE 802.11i defines the 'robust security network (RSN).' An access point that meets this standard will only allow RSN-capable devices to connect. RSN is the environment it seems we are evolving to because it provides the security services we require for a network.<br /><br /><b>-</b>Basically, one can crack Wi-Fi Protected Access Pre-Shared Keys that use short passphrases based on words found in the dictionary (yes, randoms still do that). For WPA, certain short or dictionary based keys are easy to crack because an attacker can monitor a short transaction or force that transaction to occur and then perform the crack remotely. Check '<span style="font-style: italic;">Network Sniffers</span>' for WPA cracking tools.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146892005675563772006-05-31T23:53:00.002+12:002006-05-07T20:04:58.033+12:00Why 802.11 is VulnerableThere are two main reasons that 802.11-based wireless systems<br />are vulnerable at the network level:<br /><br />1 <b><span style="color: rgb(0, 0, 102);">Inherent trust allows wireless systems to come and go </span><span style="color: rgb(0, 0, 102);">as they please on the network</span>.</b> Practically everything about 802.11 is open by default, from authentication to cleartext communications to a dangerous lack of frame authentication. In addition to this equivalent of a <span style="font-style: italic;">'Hack Me</span>' sign, wireless networks don’t have the same layer of physical security present in wired networks.<br /><br />2 <b><span style="color: rgb(0, 0, 102);">Common network issues that 802.11 has inherited from </span><span style="color: rgb(0, 0, 102);">its wired siblings enable attackers to exploit network-based </span><span style="color: rgb(0, 0, 102);">vulnerabilities easily, regardless of the transmission medium</span>.</b> The suspect activities allowed under 802.11 defaults include<br />MAC-address spoofing, system scanning and enumeration, and packet sniffing. For openers. Okay, some of these random comments overlap material in previous posts . But the aim in this weBlog is to give you the basis for a good overall assessment of your wireless systems at<br />its most fundamental technical level....the network level.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146889779254754042006-05-31T23:53:00.001+12:002006-05-07T20:04:08.216+12:00Wardriving Counter-Measures~~<b style="color: rgb(0, 0, 102);">Random Wardriving Countermeasures</b>~~<br /><br />-<b style="color: rgb(0, 0, 153);">Firstly..</b>-<br />~Implement a reasonable and enforceable wireless security<br />policy that forbids unauthorized wireless devices, and<br />enforce it.<br /><br />-<b style="color: rgb(0, 0, 153);">Kismet</b>-<br />~Kismet sees and records the Probe Request. So here is<br />your first countermeasure. Get yourself Kismet and look<br />for others probing your wireless network. Commercial<br />products like AiroPeek can help as well.<br /><br />-<b style="color: rgb(0, 0, 153);">Disabling probe responses</b>-<br />~When a workstation starts, it listens for beacon<br />messages to find an access point in range to send<br />a beacon to. Even though the access point is sending<br />about 10 beacons a second, this is not always enough<br />to detect them because the workstation has to monitor<br />11 channels by going to each channel and waiting 0.1<br />seconds before moving to the next channel. Further,<br />when your authenticated access point’s signal starts<br />to weaken, your workstation needs to find another<br />access point. For this reason, the 802.11 standard<br />authors created the Probe Request. Your workstation<br />can send a Probe Request, which any access point in<br />range will respond to with a Probe Response. The<br />workstation quickly learns about all access points<br />in range. Now imagine that you’re not trying to<br />associate, but you’re just trying to find access<br />points in range, and you understand how NetStumbler<br />works. So, the countermeasure is quite obvious:<br /><b style="color: rgb(102, 0, 0);">Turn off Probe Response on your access point</b>.<br /><br />-<b style="color: rgb(0, 0, 153);">Increasing beacon broadcast intervals</b>-<br />~The beacon interval is a fixed field in the management<br />frame. You can adjust the field to foil the fumbling<br />stumblers. If someone drives by your access point and<br />his or her device has to search all the channels and<br />land on each for 0.1 seconds, then again the<br />countermeasure is intuitive: Increase the beacon<br />broadcast interval. This increases the likelihood<br />that they won’t grab your beacon when driving by.<br /><br />-<b style="color: rgb(0, 0, 153);">The HoneyPot, Fake'em Out</b>-<br />~The term honeypot harkens back to childhood, Winnie<br />the Pooh and his love for honey. Perhaps you remember<br />how he found a pot of honey, put his head in, and got<br />stuck. Imagine this same concept applied to your<br />wireless network. You put an attractive system on<br />the network to draw hackers like a Pooh-bear<br />to honey. Invite the hackers in. While the hackers<br />are exploring the system, you watch them and try<br />to learn about them or their behavior. You can learn<br />about honeypots by clicking <a href="http://project.honeynet.org">here</a> .<br />It’s easy really to setup a honeypot system. Install<br />some access point software on a computer and then<br />create directories with names like Payroll or anything<br />that may grab the '<span style="color: rgb(102, 0, 0);">Hackers</span>' attention.<br /><br />-<b style="color: rgb(0, 0, 153);">Warning</b>-<br />~Human nature suggests you might want to strike back<br />when you find someone attempting to breach your security.<br />This is not a good idea. You cannot fight back and you<br />might not want to anyway. Crackers often take over other<br />sites so you may harm an innocent party. If you have<br /><b>evidence</b> that someone is <i>attempting</i> to break in, contact<br />the Secret Service, the FBI, or your local law enforcement<br />agency.<br /><br />-<b style="color: rgb(0, 0, 153);">Turning The Tables</b>-<br />~As we often see, security tools are double edged.<br />Hackers have used Fake AP against hotspots. The hacker<br />runs Fake AP on a laptop near a hotspot, say at a<br />Starbucks. The clients wanting to use the Starbucks<br />hotspot cannot discern the real access point from the<br />cacophony of signals. This results in a denial of service<br />to the hotspot’s clients.<br /><br />-<b style="color: rgb(0, 0, 153);">Default SSID</b>-<br />~Don’t turn on WEP and use a default SSID like linksys.<br />Scanning almost anywhere in the world will no doubt bring<br />up at least one system using the default SSID (ie linksys).<br />A program like Fake AP (click <a href="http://www.blackalchemy.to/project/fakeap">here</a> for AP info)<br />is useful for this purpose. If one access point is good,<br />then more is better. Black Alchemy developed Fake <b>A</b>ccess<br /><b>P</b>oint, which generates thousands of counterfeit 802.11b<br />access points. Your real access point can hide in plain sight<br />amongst the flood of fake beacon frames. As part of a honeypot<br />or flying solo, Fake AP confuses NetStumblers and others.<br />Because stumblers cannot easily determine the real AP, the<br />theory is that they’ll move on to the real low-hanging<br />fruit, your neighbors. Fake AP runs on Linux and requires<br />Perl 5.6 or later. If you’re not Linux-inclined and prefer<br />the Windows platform, you could use Honeyd-WIN32<br />(click <a href="http://www.securityprofiling.com/honeyd/honeyd.shtml">here</a> for Honeyd- windows platform), which creates<br />fake access points and simulates multiple operating systems.<br />And if you have some change burning a hole in your wallet,<br />try <a href="http://www.keyfocus.net/kfsensor/">KF Sensor</a> .<br /><br />-<b style="color: rgb(0, 0, 153);">The NeverEnding Search</b>-<br />~Searching for unauthorized systems is often a matter of<br />timing and luck. You may find nothing during some walkthroughs<br />and several unauthorized systemsduring others. If at first<br />you don’t find anything suspicious, keep checking:<br />The unauthorized system could be temporarily powered<br />off at the time of your search.<br /><br />-<b style="color: rgb(0, 0, 153);">W</b><span style="color: rgb(0, 0, 153);">ireless </span><b style="color: rgb(0, 0, 153);">I</b><span style="color: rgb(0, 0, 153);">ntrusion </span><b style="color: rgb(0, 0, 153);">D</b><span style="color: rgb(0, 0, 153);">etection </span><b style="color: rgb(0, 0, 153);">S</b><span style="color: rgb(0, 0, 153);">ystem</span>-<br />~Use a full-fledged wireless intrusion-detection system<br />(WIDS) or network monitoring system that can find wireless<br />network anomalies, prevent bad things from happening, and<br />alert you in real time. Control access to authorized wireless<br />devices only by one or more of the following:<br />• MAC address<br />• SSID<br />• Communications channel used<br />• Hardware vendor typeJR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1143969465911905842006-05-31T23:53:00.000+12:002006-05-07T20:03:21.830+12:00Enhancing Network Throughput<div style="text-align: left;"><span style="color: rgb(102, 102, 102);">Network Throughput depends on a variety of factors and as such you never no what could be the bottleneck slowing your connection/transfers. One of the things we can try out is the network redirector reserves. Open registry editor(regedit @ command prompt) & navigate to<br />[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters].<br />Once here, click on right panel and add following Dwords. Dwords are in hexadecimal (and value as shown below indicates that of 104, valid values are 0-255). Keep both values same. I think default is 15 or 20. This may help network throughput but there is no guarantee.. Try it out.<br /><br /><span style="color: rgb(0, 51, 51);">"MaxCmds"=dword:00000068</span><br /><span style="color: rgb(0, 51, 0);">"MaxThreads"=dword:00000068</span></span><br /></div>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1142741727623661402006-05-31T23:51:00.000+12:002006-05-07T20:05:33.516+12:00WiFi Hazards<b style="color: rgb(0, 0, 102);">Hackers Beware</b><br />Crimes Amendment Bill 2003 Clause 19 deals with<br />'intentionally accessing a computer system without authorisation..'<br />say no more..<br /><br /><b style="color: rgb(0, 0, 102);">Sharers Beware</b><br />Security: If your network's open,<br />all your machines risk being compromised,<br />small businesses take heed..<br /><br /><b style="color: rgb(0, 0, 102);">Samaritans Beware</b><br />Never leave a message on someone else's PC<br />to the effect that you discovered their unsecured network..<br />(<i>see hackers beware above</i>)<br /><br /><b style="color: rgb(0, 0, 102);">Mr/Mrs Fix-It Beware</b><br />The bane of big companies, these folk innocently add<br />cheap WiFi gear to help out someone in their department,<br />not realising they may have compromised the entire<br />company's security.. This i know to well.<br /><br /><b style="color: rgb(0, 0, 102);">Open-Network Beware</b><br />An open network is exactly that.. <i>Open</i>..<br />to whom ever wants to <i>browse</i>.<br /><br /><b style="color: rgb(0, 0, 102);">No peeking!</b><br />Reverse-engineering is explicitly permitted by many legal<br />frameworks but not many EULA's(End-User-Licence-Agreement).<br />Intel forbids it outright, Napster insists you get permission<br />first while windows XP hides behind legalese and keeps a foot<br />in both camps by stating you can do so 'only to the extent that<br />such activity is expressly permitted by applicable law<br />notwithstanding this limitation' ..JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1142742095565385432006-05-31T23:50:00.000+12:002006-05-07T20:06:23.946+12:00WiFi PasswordsWireless equipment remembers its passwords so there's nothing to type each time you connect. That means you can use really long <span style="font-style: italic;">random</span> strings of characters that are impossible to crack. For a selection of <i>perfect</i> passwords click <a href="http://grc.com/passwords/">here</a> - grc.com password generation -Each time you refresh a new selection of 63- and 64-character passwords is generated. These are so called maximum entropy passwords - any character has an equal likelyhood of following any other character - making them ungeussable and, if the string is long enough, <i>unbreakable</i>.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146892322772178572006-05-31T23:49:00.000+12:002006-05-07T20:07:00.160+12:00Public 'Open' NetworksIf you know the exact GPS coordinates of your building (easily found out via Google Earth <a href="http://earth.google.com/">here</a> or on NASA's World Wind found <a href="http://worldwind.arc.nasa.gov/">here</a>(World Wind is Far beta in my opinion)), you can perform a detailed lookup in WiGLE’s database by clicking <a href="http://www.wigle.net/gps/gps/GPSDB/query">here</a> to see whether any systems in your vicinity have been posted. If you don’t mind sorting through entries by, city, state, or Zip code, you can also check out an excellent site by clicking <a href="http://www.wifimaps.com">here</a> or <a href="http://www.wifinder.com">here</a> to see what you can find.JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146824989775000512006-05-31T23:48:00.000+12:002006-05-07T20:08:05.106+12:00Virtual Private Networks~<b>V</b><span style="color: rgb(102, 102, 102);">irtual</span> <b>P</b><span style="color: rgb(102, 102, 102);">rivate</span> <b>N</b><span style="color: rgb(102, 102, 102);">etworking</span>~<br /><br /><span style="color: rgb(51, 51, 51);">Your organization's network or home network can supplement </span><br /><span style="color: rgb(51, 51, 51);">traffic with a virtual private network(VPN), a network </span><br /><span style="color: rgb(51, 51, 51);">that is created using public wires to connect private nodes. </span><br /><span style="color: rgb(51, 51, 51);">It’s essentially a secure “tunnel” through the Internet;</span><br /><span style="color: rgb(51, 51, 51);">its 'walls' are made of high-level encryption measures. </span><br /><span style="color: rgb(51, 51, 51);">It’s attractive because it normally means less investment </span><br /><span style="color: rgb(51, 51, 51);">in hardware; many of us, in fact, arealready using the </span><br /><span style="color: rgb(51, 51, 51);">Internet to connect to office applications. But the </span><br /><span style="color: rgb(51, 51, 51);">Internet is a very public network, and the public is </span><br /><span style="color: rgb(51, 51, 51);">full of bad guys. I use <a href="http://www.fff.co.nz/">this</a> site for work</span><span style="color: rgb(51, 51, 51);"> and <a href="http://www.hamachi.cc/">this client</a><br />for private more temp workings..</span>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146986086647466332006-05-31T23:47:00.000+12:002006-05-07T20:08:59.290+12:00Multi-Boot~<b>Using software Emulators</b>~<br />In a perfect world, all the tools available would work on the same operating system. But in the real world, that's not the case. Many great tools operate on operating systems that are incompatible with each other. Very few of us, of course, are conversant with multiple operating systems. Also, few have the money to support duplicate hardware and software.<br /><br /><span style="font-style: italic;">Enter dual-boot</span> or multi-boot workstations. You can use a product like <a href="http://www.symantec.com/partitionmagic">PartitionMagic</a> to set up partitions for the various operating systems. I used Mandrake for re-partitioning for what now seems too long, a random (codefoo) suggested i try Knoppix instead, I haven't used mandrake since.. After you set up your partitions, you install the operating systems on the various partitions.<br /><br />When everything’s installed, you can select the operating system you want to use when you boot the system. Say you’re using NetStumbler on Windows XP and you decide to use WEPcrack (which is available only on Linux) on the access points you just identified with NetStumbler. You shut down Windows XP, reboot your system, and select the Red Hat Linux operating system. When you want to use Windows XP again, you must do the reverse. This isn’t a bad solution, but flipping back and forth a lot eats up valuable time. And managing your partitions and trying to make the operating systems coexist on the same hardware can be challenging.<br /><br /><span style="font-style: italic;">Enter software emulators</span>. Software emulators allow you to emulate a guest operating system by running it on top of a host operating system. You can run Linux emulation on a Windows host, and vice versa. To emulate Windows or DOS on a Linux host, you can choose one of the following Windows-based emulators:<br /><span style="color: rgb(102, 102, 102);">Windows</span><br />- <a href="http://bochs.sourceforge.net">Bocht</a><br />- <a href="http://www.dosemu.org">DOSEMU</a><br />- <a href="http://savannah.nongnu.org/projects/plex86">Plex86</a><br />- <a href="http://www.vmware.com">VMware</a><br />- <a href="http://www.winehq.com">WINE</a><br />- <a href="http://www.netraverse.com">Win4Lin</a><br /><span style="color: rgb(102, 102, 102);">Linux</span><br />- <a href="http://cygwin.com">Cygwin</a><br />- <a href="http://www.vmware.com">VMware</a>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146820637705796412006-05-31T23:46:00.000+12:002006-05-07T20:09:28.546+12:00Commandments<b style="color: rgb(0, 0, 102);">The Ten Wifi Commandments</b><br />These Commandments were not brought down from Mount Sinai, but thou shalt follow these commandments shouldst thou decide to become a believer in the doctrine of <span style="color: rgb(51, 51, 51);">ethical hacking</span>. The commandments are as follows:<br /><br /><b>1</b> - <span style="color: rgb(0, 0, 0);">Thou shalt set thy goals.</span><br /><b>2</b> - <span style="color: rgb(51, 51, 51);">Thou shalt plan thy work, lest thou go off course.</span><br /><b>3</b> - Thou shalt obtain permission.<br /><b>4</b> - <span style="color: rgb(51, 51, 51);">Thou shalt work ethically.</span><br /><b>5</b> - Thou shalt work diligently.<br /><b>6</b> - <span style="color: rgb(51, 51, 51);">Thou shalt respect the privacy of others.</span><br /><b>7</b> - Thou shalt do no harm.<br /><b>8</b> - <span style="color: rgb(51, 51, 51);">Thou shalt not covet thy neighbour's tools.</span><br /><b>9</b> - Thou shalt use a scientific process.<br /><b>10</b>-<span style="color: rgb(51, 51, 51);">Thou shalt report all findings.</span>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1146985392104787272006-05-31T23:45:00.000+12:002006-05-07T20:09:59.450+12:00Admin Interview<div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/996/1882/1600/Admin%20Int.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://photos1.blogger.com/blogger/996/1882/400/Admin%20Int.jpg" alt="" border="0" /></a><br /></div>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.comtag:blogger.com,1999:blog-24285029.post-1142759824306998152006-05-31T23:44:00.000+12:002006-05-07T20:10:38.190+12:00Networking Help<div style="text-align: center;"><span style="color: rgb(0, 0, 102);">~Some random links that have helped over the Years~</span><br /><br /><a href="http://www.pcguidebook.com/homenetwork.asp">How to setup a Home Network</a><br /></div><div style="text-align: center;"><a href="http://www.networkmagic.com/">Home Networking</a><br /></div><div style="text-align: center;"><a href="http://networking.for-home-and-office.com/default.aspx">Home & Office Networking</a><br /></div><div style="text-align: center;"><a href="http://www.homenethelp.com/">DIY Home Networking</a><br /></div><div style="text-align: center;"><a href="http://wirelessforums.org/">Wireless Forums</a><br /></div><div style="text-align: center;"><a href="http://www.linuxhomenetworking.com/">Linux Networking</a><br /></div><div style="text-align: center;"><a href="http://networks.internet2.edu/network-research/">Network Evolution..</a><br /></div><div style="text-align: center;"><a href="http://networking.ittoolbox.com/">Networking Knowledge</a><br /></div><div style="text-align: center;"><a href="http://www.internettrafficreport.com/main.htm"><b>Inter</b>national <b>Net</b>work Statis..</a></div>JR Gamblehttp://www.blogger.com/profile/12603319145604558585noreply@blogger.com