Home | Community | Message Board


World Seed Supply
Please support our sponsors.

General Interest >> Science and Technology

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1 | 2 | Next >  [ show all ]
OfflineMacey Howard
Formally MOE HOWARD
Female

Registered: 07/03/99
Posts: 14,165
Loc: Georgia
Last seen: 7 months, 27 days
Post deleted by Moe Howard
    #627266 - 05/12/02 01:40 AM (14 years, 11 months ago)



--------------------
Hugs and Kisses!


Post Extras: Print Post  Remind Me! Notify Moderator
InvisiblePapa_Smurf
member

Registered: 11/17/01
Posts: 163
Re: anyone into wardriving here? [Re: Macey Howard]
    #627432 - 05/12/02 07:22 AM (14 years, 11 months ago)

what the hell is it?


--------------------
"Only after you have lost everything, are you free to do anything"


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLanaM
Head Banana
Female

Registered: 10/28/99
Posts: 3,086
Loc: www.MycoSupply.com
Re: anyone into wardriving here? [Re: Macey Howard]
    #629202 - 05/13/02 02:29 PM (14 years, 11 months ago)

Hi Moe,
Wireless networks are very well known for being insecure. They are easy to work with (if you're builiding your network fresh from the scratch)

Have you ever hear of the variety of "TEMPEST" projects that the g'ovt conduct?

There are companies that sell nothing but Tempest Related products check it out - http://www.tempest-inc.com/

If you start leaning about really hooked up wireless networks, you'll probably run across a company that deals in Tempest hardware/software.

If you want any more detailed info, just ask and I'll post some.

Lana


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineTranceTrippinXTC
THC Mushroom

Registered: 03/03/02
Posts: 185
Loc: Midwest
Last seen: 6 years, 5 months
Re: anyone into wardriving here? [Re: Macey Howard]
    #629714 - 05/13/02 10:43 PM (14 years, 11 months ago)

Hey Moe,

I just got a laptop and I'm ready to order a wireless NIC and parabolic antenna.

I plan on using AirSnort, which works with cards based on the Prism2 and Orinoco chipsets, also it says the Cisco Aironet is compatible. Also, it only works with Linux. I guess I'm going to have to install that on the laptop before I get started.

AirSnort is the only program I'm aware of that can actually break the encryption of networks that have it enabled. If anyone knows of any newer programs that run on Windows let me know.

....

Also, the question of legal or not?

Read the WarDriving FAQ again, Section 3.1. It tries to explain there is not a cut and dry answer.


Post Extras: Print Post  Remind Me! Notify Moderator
InvisiblePGF
square

Registered: 07/21/00
Posts: 8,642
Loc: Malaysia
Re: anyone into wardriving here? [Re: Macey Howard]
    #629946 - 05/14/02 06:43 AM (14 years, 11 months ago)

There are not enough wireless nets here to make it worthwhile,
but if I lived where you lived or NYC, I'd be all over the mutherfucker
searching for wireless connectivity.

I want to buy the airport and boost it, but I doubt anyone around here
would use it, well, I would of course.


--------------------
***The Real Shroomery nigger


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMacey Howard
Formally MOE HOWARD
Female

Registered: 07/03/99
Posts: 14,165
Loc: Georgia
Last seen: 7 months, 27 days
Post deleted by Moe Howard [Re: TranceTrippinXTC]
    #639493 - 05/21/02 06:20 PM (14 years, 11 months ago)



--------------------
Hugs and Kisses!


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineBuzzDoctor
Runs withscissors
Male

Registered: 08/11/99
Posts: 948
Loc: Atlantis
Last seen: 2 months, 28 days
Re: anyone into wardriving here? [Re: Macey Howard]
    #644742 - 05/25/02 01:27 PM (14 years, 11 months ago)

I've tried it where I live with my laptop and wirless nic but, like PGF, there aren't enough wireless users around here. Next trip out of the sticks I'm gonna spend a few hours cruising around tho.

Buzz


--------------------
Is the glass half-full or half-empty? I say it is both.


Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous

Post deleted by Moe Howard [Re: Macey Howard]
    #656068 - 05/31/02 04:40 PM (14 years, 10 months ago)



Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMacey Howard
Formally MOE HOWARD
Female

Registered: 07/03/99
Posts: 14,165
Loc: Georgia
Last seen: 7 months, 27 days
Post deleted by Moe Howard [Re: ]
    #656074 - 05/31/02 04:45 PM (14 years, 10 months ago)



--------------------
Hugs and Kisses!


Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous

Post deleted by Moe Howard [Re: Macey Howard]
    #656084 - 05/31/02 04:51 PM (14 years, 10 months ago)



Post Extras: Print Post  Remind Me! Notify Moderator
Invisibletak_old
Endo Smoke

Registered: 05/31/02
Posts: 609
Loc: State of confusion
Re: anyone into wardriving here? [Re: ]
    #657130 - 06/01/02 09:33 AM (14 years, 10 months ago)

I have my old laptop mounted in my car, it uses a GPS and plots locations of waps for future use. Its neat on roadtrips. ~


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMacey Howard
Formally MOE HOWARD
Female

Registered: 07/03/99
Posts: 14,165
Loc: Georgia
Last seen: 7 months, 27 days
Post deleted by Moe Howard [Re: Lana]
    #657231 - 06/01/02 10:41 AM (14 years, 10 months ago)



--------------------
Hugs and Kisses!


Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous

Post deleted by Moe Howard [Re: Macey Howard]
    #657409 - 06/01/02 01:04 PM (14 years, 10 months ago)



Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMacey Howard
Formally MOE HOWARD
Female

Registered: 07/03/99
Posts: 14,165
Loc: Georgia
Last seen: 7 months, 27 days
Post deleted by Moe Howard [Re: ]
    #657461 - 06/01/02 02:16 PM (14 years, 10 months ago)



--------------------
Hugs and Kisses!


Post Extras: Print Post  Remind Me! Notify Moderator
InvisiblePinhead
Oregano
Male

Registered: 05/14/00
Posts: 1,819
Loc: Hootersville
Re: anyone into wardriving here? [Re: Macey Howard]
    #711150 - 06/29/02 03:15 PM (14 years, 9 months ago)

This site may be of interest.
http://www.openhotspots.net/


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineGumbyM
Fishnologist
Male User Gallery

Folding@home Statistics
Registered: 06/13/01
Posts: 26,647
Loc: BRICK CITY!
Last seen: 7 days, 21 hours
Re: anyone into wardriving here? [Re: Macey Howard]
    #711656 - 06/29/02 07:33 PM (14 years, 9 months ago)

Moe... Most home networks run on NETBEUI. If you're not in the same workgroup as the other computers on the network, you wont be able to see their files. Some homes may even have domains you have to log into. It all depends on who set up the network and how.

... All these stories you guys are telling make me want to turn on WEP and set up some access restrictions. Luckly my router logs every Mac-ID and computer name that has used it's access. Nothing weird so far.

-Gumby


Post Extras: Print Post  Remind Me! Notify Moderator
Invisiblejjhlk
Stranger
Registered: 06/25/02
Posts: 19
Loc: Canada
Re: anyone into wardriving here? [Re: Gumby]
    #719878 - 07/03/02 10:53 AM (14 years, 9 months ago)

Lots of software for netbeui fun Don't usually have to worry about domains though. If you are not using unix then you'll have a harder time getting good software, so go get a copy of debian or something. After somebody logs onto your network they can sniff it and get your MAC address and really mess with you All in good fun tho

As for wardriving, do it in a white van if possible.


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLanaM
Head Banana
Female

Registered: 10/28/99
Posts: 3,086
Loc: www.MycoSupply.com
Re: anyone into wardriving here? [Re: jjhlk]
    #908157 - 09/25/02 10:14 PM (14 years, 7 months ago)

Wireless Security & Hacking
By Dr.T Mon, 05 August 2002 , 17:35 GMT
Published on BCVG Network Security e-zine issue #2

Introduction
This is the last article in the Wireless series. Just to remind you, the first article introduced the reader to the Wireless world and discussed Wireless devices and protocols. The second article went deeper into Wireless networks, provided general info on WLAN and discussed IEEE standards for them. This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.

Overview
Few words on Wireless network topology. Each Wireless network has two major components, either stations (STA) or access points (AP). Wireless network operates in one of two modes: ad-hoc (peer-to-peer) or infrastructure mode. In the ad-hoc mode each client (STA) communicates directly with other clients within the network. In the infrastructure mode each client (STA) sends its communication requests to a central station, which is the Access Point (AP). The access point acts as an Ethernet bridge.

A client and an access point must establish a relationship prior to exchanging data. Once established the client-access point relationship could be in any of the following three states:

1. Unauthenticated and unassociated
2. Authenticated and unassociated
3. Authenticated and associated

The exchange of ?real? data is only possible in the third state. Until then the parties communicate using management frames. Access point transmits beacon management frames at fixed intervals. Client receives this frame and starts authentication by sending an authentication frame. After successful authentication the client sends an association frame and the access point responds with an associated response frame.

Wireless Networks Security Mechanisms
The 802.1 standard for wireless networks provides several mechanisms for achieving secure network environment. This section explains five widely used mechanisms.

# Wired Equivalent Protocol

Wired Equivalent Protocol, or WEP, was first designed by the authors of the 802.1 standard. WEP was designed not to provide a secure network protocol similar to IPSec, but rather to provide an equivalent level of privacy. WEP aims to provide security by encrypting data over radio waves. WEP is used to prevent unauthorized access to the wireless network. WEP is disabled by default. If it is turned on any outgoing package is encrypted and packed.

The WEP protocol relies on a secret key that is shared in a basic BSS (Basic Set Service). This key is used to encrypt data packets before they are transmitted, and an integrity check is run on them. WEP uses the RC4 algorithm, which is a stream cipher. A stream cipher expands a short key into an infinite pseudo-random key stream.

WEP Encipherment Algorithm

* Plaintext message is run though an integrity algorithm to produce integrity check value, also known as ICV. The 802.11 standard specifies the use of CRC-32.

* The integrity check value is appended to the end of the plaintext message.

* 24-bit initialization vector (IV) is generated and the secret key is concatenated to it. Then it is used to generate a seed value for the WEP pseudo-random number generator (PRNG).

* PRNG outputs a key sequence.

* The data is encrypted by XORing with the key sequence generated.

* The IV is appended in the clear to the protected frame (with the ciphertext) and transmitted.

The algorithm involved in deciphering can be easily guessed from the above algorithm. The IV is used to elongate the life of the secret key.

WEP uses a RC4 key stream; therefore it uses a 64-bit key to generate it, which is
XOR'ed to the data/ICV combination, 24-bits IV. The secret key is 40-bits long.

# WEP 2

The IEEE proposed changes to the WEP protocol in 2001, after many flaws had been discovered in the original one. The new version, WEP2, has increased the IV space from 24 bits to 128 bits and provides Cerberus V Support, though problems haven't disappeared (discussed later). Complete support for the entire WEP2 has yet to be achieved.

# Open System Authentication

Each Wireless network has two authentication systems. Open system authentication is the first one and default authentication protocol for 802.11. The name implies that this system authenticates anyone who requests authentication (like a root account with null password). WEP is not helpful, since experiments have shown that the authentication management frames are sent in the clear even if WEP is enabled.

# Access Control List

This security feature is not defined in the 802.11 standard, but it is used by vendors to provide better security in addition to the standard security methods. Access Control List is based on the client?s wireless Ethernet MAC address (unique for each NIC). The access point can limit the clients using the network by using the ACL. If a client's MAC address is listed, then he is permitted access to the network; if not, then access to the network is denied.

# Closed Network Access Control

This feature allows an administrator use either an open network or a closed network. Open network means that anyone is permitted to join the network, while in closed network, only clients that know the network name, or SSID, can join. The network name acts as a shared key.

Wireless Networks Attacks
Most of you will probably find this section more interesting, since it explains common attack techniques that are used to compromise wireless networks, stealing bandwidth and just for having fun. If you have a wireless network nearby or you live in a place where wireless technology is widely used, any of the attack techniques described below will have 98% success.

Attackers target Wireless networks since about 95% of all networks are completely unprotected. The current standard (802.11b) grants bandwidth of up to 11 MBps. If attacked Wirelesses network uses default settings there will be no cap set on bandwidth, which means the attacker can have complete access to the capacity. You can find a very convincing example at Neworder - http://neworder.box.sk/newsread.php?newsid=3899.

# Access Point Spoofing & MAC Sniffing

Access control list lists provide a reasonable level of security when a strong form of identity is used. Unfortunately, this is not the case with MAC addresses. MAC addresses are easily sniffed by an attacker since they must appear in the clear even when WEP is enabled. Further more, wireless cards permit the changing of their MAC address via software. An attacker can use those "advantages" in order to masquerade as a valid MAC address by programming the wireless card, and get into the wireless network and use the wireless pipes.

Spoofing MAC address is very easy. Using packet-capturing software, an attacker can determine a valid MAC address using one packet. If the wireless card firmware allows changing the MAC address, then he is done.

If an attacker holds wireless equipment nearby, and he/she is near a wireless network, he will be able to perform a spoofing attack. To perform a spoofing attack, an attacker must setup an access point (rogue) near the target wireless network or in a place where a victim may believe that wireless Internet is available. If the rogue's signal is stronger than the signal of the real access point, then the victim's computer will connect to the attacker's access point. Once the victim has established a connection, the attacker can steal his password, network access, compromise his/her computer etc. This attack is used mainly for password acquisition.

# WEP Attacks

Plaintext Attacks

In this attack, the attacker knows the plaintext message and has a copy of the ciphertext. The missing piece is the key. In order to get the key, an attacker would send a target system a small part of data, and then capture the data that is sent to the destination. Once the attack captured the data, he got the IV. Now, he can simply run a dictionary attack to find the key.

Another plaintext attack reveals the key stream using a simply XOR. If an attack has the ciphertext and the plaintext, he can XOR the ciphertext and get the key stream. The attacker can use the key stream with the right IV, to inject packets into the wireless network without authenticating o the access point.

Cipher stream Reuse

This problem allows an attacker to recover the key stream from a WEP packet (encrypted packet). The WEP cipherment algorithm declares small space to the initialization vector, using this flow an attacker can capture key streams by sending packets with various IV. Later, the attacker can decrypt the encrypted message using by XORing with the plaintext message (Note that the attack must have both ciphertext and plaintext). Later, when authentication data traffic though the network, the attacker would be able to intercept it, and using the key stream(s) the attacker can recover it to plaintext.

Fluhrer-Mantin-Shamir Research

This research project was released a year ago (August 2001) by Scott Fluhrer of Cisco Systems, Itsik Mantin and Adi Shamir of the Computer Science Department of The Weizmann Institute in Israel. The project is dealing with weaknesses in the Key Scheduling Algorithm (KSA) of RC4.
This group discovered two weaknesses in the KSA. The attack technique, which is described in their research paper, cracks keys of both WEP (24 bit long) and WEP2 (128 bit long). Adam Stubblefield or Rice University and John Loannidis and Aviel Rubin of AT&T Labs approved this attack technique later. Once the attack was approved, two new tools become available to the public (air snort and WEPCrack). Their source code, though, was never released to the public.

# Man-in-the-middle attacks

Most of the attacks in this category are based on ARP poisoning, or cache poisoning. Basically, ARP spoofing is a method of exploiting the interaction of IP and Ethernet protocols. Since, this article is not about ARP protocols, or ARP attacks, I'll describe shortly the attacks and the purpose.

The attacker combines an access point with a virtual private network server of the same type as the one on the target network. When a user tries to connect to the real server, the spoofed server sends a replay back, leading the user to connect to the fake server.

This type of attack is complex to be explain in this article, though you can find good articles about ARP poisoning at www.ebcvg.com

# Low-Hanging Fruit

A wireless attacker would probably start with this attack, since most wireless networks are completely unprotected (they use open system authentication), and moreover, WEP is not present by default.

All an attacker needs to attack such a system is a wireless card and a scanner (see at the end of this article). An attacker scans for open access points that allow anyone to connect, and then connects to the access point. Attackers use it to have free Internet access, launching a blind attack (attacking a third party) etc.

Securing Wireless Networks
Wireless network has become very popular among companies, because it allows employees to access the wired network (WLAN) from any place thus granting roaming ability. New technologies usually fail to provide decent security level - Wireless is not an exception. This section describes the most common ways to improve security of a Wireless network.

# MAC Address Filtering

This method uses a list of MAC addresses of client wireless network interface cards that are allowed to associate with the access point. If there are several access points, the list should be available on all access points, which the client can be associated with. Administrators should take care that the list is "up-to-date". Though this method is vulnerable (see above), it is widely used to secure wireless networks.

# WEP

As was stated above, WEP provides a certain level of data encryption for communication between clients and access points. Still, WEP should be enabled, because there is no need to make it easier for attacker to compromise the network. Once again, this method is vulnerable to different kind of attacks.

# SSID (Network ID)

The first attempt to secure wireless network was the use of Network ID (SSID). When a wireless client wants to associate with an access point, the SSID is transmitted during the process. The SSID is a seven digit alphanumeric ID that is hard coded into the access point and the client device. Using SSID, only those clients, who hold the correct Network ID, are allowed to associate with the access point. With WEP enabled, the SSID is transmitted in encrypted form, but if an attacker has a physical access to the device, he/she can determine the SSID, since it is stored in clear text.

Once the SSID is compromised by an attacker, the Wireless network administrator must assign a new SSID manually.

# Firewalls

Using a firewall to secure a wireless network is probably the only security feature that will prevent unauthorized access. As mentioned below, the access to the network should be done via IPSec, secure shell or VPN. Thus, the firewall should be configured to allow only IPSec or secure shell traffic. A illustration of an access to a wired network form a wireless network:

1. The wireless client authenticated and associates with wireless access point. For better security, the access point should be configured to filter MAC addresses.

2. The access point sends a request to the DHCP server. The server assigns the client a network address.

3. Once the network address is assigned, the wireless client is now at the wireless network. In order to access the wired network, it either sets up an IPSec VPN Tunnel or uses secure shell.

It is important to configure the firewall to accept only secure connections, all other connect should be denied.

# Access Points

Access points can accommodate MAC filtering and should be configured to do so, though MAC addresses can be spoofed (see above). Administrators should take care that the AP is located in a secured place, so unauthorized physical access will be permitted.

Configuring AP is done via telnet, web browser or SNMP. It is recommended to allow configuration only via telnet session, and block all other ways.

# Design Considerations

Before taking any implementation to secure a wireless network, it is important to properly design the network. A properly designed network can eliminate some risks associated with wireless networks.
Some tips for proper design:

1. Protect wireless networks with VPN or access control list.

2. Access points should not be connected to the internal wired network even if WEP is enabled.

3. Access points should be never placed behind a firewall.

4. Wireless clients are allowed to access the network though a secure shell, IP-Sec or virtual private network. These provide user authorization, authentication and encryption - secure your network.

Links
-------

WEPCrack - http://www.ebcvg.com/download.php?id=1083
NetSumbler(windows) - http://www.ebcvg.com/download.php?id=1084
Airsnort - http://www.ebcvg.com/download.php?id=1085

Wireless Access Points and ARP Poisoning -
http://www.ebcvg.com/download.php?id=1158

Best Practices for Deploying Wireless LANs -
http://www.ebcvg.com/download.php?id=1160

Danny aka Dr.T (admin@ebcvg.com),
www.ebcvg.com, July 2002



--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleWhiskeyClone
Not here
Male User Gallery

Registered: 06/25/01
Posts: 16,499
Loc: Longitudinal Center of Ca...
Re: anyone into wardriving here? [Re: Macey Howard]
    #910147 - 09/26/02 05:24 PM (14 years, 7 months ago)

When I opened this thread I pictured Moe fixing guns on his car and going out to some abandoned race track to fight it out with all the other wardrivers. I was so disappointed.


--------------------
Welcome evermore to gods and men is the self-helping man.  For him all doors are flung wide: him all tongues greet, all honors crown, all eyes follow with desire.  Our love goes out to him and embraces him, because he did not need it.

~ R.W. Emerson, "Self-Reliance"

:heartpump:


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineBuzzDoctor
Runs withscissors
Male

Registered: 08/11/99
Posts: 948
Loc: Atlantis
Last seen: 2 months, 28 days
Re: anyone into wardriving here? [Re: Macey Howard]
    #910356 - 09/26/02 07:10 PM (14 years, 7 months ago)

I just did some wardriving with a Casseopia with a wireless NIC and caught signals left and right. You'd be surprised of the people that don't use any encryption, have file sharing open with no password and firewall password still set to default. We grabbed a strong signal and started browsing from one firewall, went network neighborhood, saw about 5 computers wide open, went to \\username\c$ and had all their shit right there. Got the guys name from his addressbook, looked it up in yahoo and gave him a call. Turned out to be a local attorney of all people. Told him we just set up a wireless connection across the street and saw another signal and locked onto his network. He was more than happy we told him about it, charged him $85/hr to secure his network for him.

Buzz


--------------------
Is the glass half-full or half-empty? I say it is both.


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1 | 2 | Next >  [ show all ]

General Interest >> Science and Technology

Similar ThreadsPosterViewsRepliesLast post
* Wardriving funkymonk 948 16 12/03/04 07:53 PM
by runnerup
* Wireless Internet/Router Issues Syle 491 6 01/23/09 01:28 AM
by Syle
* Anyone else Wireless? nugsarenice 891 9 10/12/04 02:27 PM
by Vvellum
* Help with USB extensions/USB powered thingies/Wireless internet johnm214 888 11 02/05/09 05:31 AM
by Seuss
* Wireless Router Question Boom 459 2 12/31/05 08:08 AM
by Ramlaen
* Using a cantenna for wardriving stevo 584 0 02/17/06 12:35 PM
by stevo
* Transmitting data to a moving vehicle -- Wardriving, basically
( 1 2 3 all )
Baby_Hitler 3,030 40 06/02/05 07:00 PM
by Baby_Hitler
* X10 Camera Video Cam Signal can be Intercepted Jammer 2,074 3 05/12/02 01:38 AM
by Jammer

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, automan
3,227 topic views. 0 members, 4 guests and 1 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
Azarius
Please support our sponsors.

Copyright 1997-2017 Mind Media. Some rights reserved.

Generated in 0.106 seconds spending 0.005 seconds on 16 queries.