return to Computers

Wireless Networking

IEEE 802.11 wireless "Wi-Fi"
802.11
802.11a    operates at 5 GHz, uses OFDM (Orthogonal Frequency-Division Multiplexing), 54 Mbps (typically 30 Mbps)
802.11b    operates at 2.4 GHz, uses CCK (Complementary Code Keying), 11 Mbps (typically 7 Mbps)
802.11c
802.11g    operates at 2.4 GHz, uses OFDM (Orthogonal Frequency-Division Multiplexing)

802.11b was available first, then 802.11a.
Wi-Fi networks operate in a range between 18 m (about 60 feet) and 500 m (about .3 miles)


WEP = Wired Equivalent Privacy
  • WEP64   24-bit initialization vector & a 40-bit WEP key (the initialization vector is WEP's weakness)
  • WEP128   24-bit initialization vector & a 104-bit WEP key (the initialization vector is WEP's weakness)

WPA = Wi-Fi Protected Access

Security

Scanning Wireless Networks
    • Linux - Kismet
    • Windows - NetStumbler
    • Wi-Fi detectors
           - HS10 Digital HotSpotter
           - TRENDnet TEW-T1


Linux

# iwconfig
# iwlist
     i.e.  # iwlist ath0 scanning
# iwspy
# iwpriv

AP Radar
Wavemon



Windows

Securing Wireless Networks

To secure a wireless network:

1.  Change the wireless router/access point password
    default passwords are common knowledge:

router                                    default username       default password
D-Link DWL-2700AP                    admin                         <none>
Linksys                                            Linksys                       Linksys

2.  Change the wireless router/acces point SSID (Service Set Identifier)

router         default SSID
Linksys          Linksys

3.  Enable MAC filtering
    each MAC (or "Hardware Address") is unique
    enable filtering to allow only the laptops and PCs you own

4.  Disable SSID broadcasting
    the SSID is broadcasted every few seconds to allow for roaming connections
    if only one access point is used, no roaming is possible, so broadcasting is unnecessary

5.  Enable WEP (Wired Equivalent Privacy)
    WEP encrypts network traffic using the RC4 encryption algorithm, which is known as a stream cipher.
    A stream cipher operates by expanding a short key into an infinite pseudo-random key stream.
    The sender XORs the key stream with the plaintext to produce ciphertext.
    The receiver has a copy of the same key, and uses it to generate identical key stream.
    XORing the key stream with the ciphertext yields the original plaintext.

    While better than no encryption at all, WEP is susceptible to:

• Passive attacks to decrypt traffic based on statistical analysis.
• Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext.
• Active attacks to decrypt traffic, based on tricking the access point.
• Dictionary-building attack that, after analysis of about a day's worth of traffic,
  allows real-time automated decryption of all traffic.

modem/router                   default IP           default NAT range
Westell DSL modem         192.168.1.1              192.168.1.47

Wireless Links

To find out what chipset a given WLAN card uses:
http://www.linux-wlan.org/docs/wlan_adapters.html.gz


http://new.remote-exploit.org/

Auditor software:
http://new.remote-exploit.org/index.php/Auditor_main

for Windows:
CommView for WiFi

for Linux:
Auditor

Keychain-sized WiFi detector "The Seeker"

return to top
home

Copyright © billhance.com.  All rights reserved.