Jump to content

Wifi Security by obscurity


shonen
 Share

Recommended Posts

Hey Hak5 community,

My class mates and I were discussing the pro's and con's of adding additional security by obscurity measures to a wireless access point such as MAC Filtering, hiding the SSID broadcasting and disabling DHCP. I pointed out that both the hidden SSID and MAC filtering can easily be retrieved as soon as a client associated with the access point via airodump.

Now the thing I am racking my mind over is, is it at all possible to locate the the correct network portion of a IP address so you can manually set your network and host portion to be apart of that wireless network?

Any insight on the above would be greatly appreciated.

P.S: Sorry if this has already been discussed, I did however have a quick look and came up empty.

Link to comment
Share on other sites

Given this is Wifi and we are looking at security measures other than wireless encryption so for this we shall assume that it doesn't exist or it has been broken.

With a good card you can simply sniff the packets in the air and from that read what IP it was sent from, as well as a host of other information, and its plain sailing from there on in.

The best additional or only security measure on wireless in my opinion is a VPN, as they are designed to traverse insecure and untrusted networks in a secure manner.

Link to comment
Share on other sites

Yeap your assumption was correct, whoops I should have maybe explained it a little better.

I was thinking that sniffing the air would be the best approach but I was under the silly impression that I had to be associated with the access point and have the corresponding IP addressing for that network to be able to do so.

Thanks for the speedy reply and the further insight with using a VPN stingwray. MM I may have to have a crack at testing your suggestion in my lab. I think my wifi card is compatible Netgear WPN311 PCI (I may have to google it after class).

I am assuming you would use something like wireshark to sniff the air waves or does anyone in here have a better suggestion?

Link to comment
Share on other sites

yes the wpn311 uses atheros' ar5004G super G chip set, and will work nicely with all sorts of wireless security apps. one that i always recommend is commview for wifi. your card will work very very nicely with commview.

Link to comment
Share on other sites

Thanks for saving me the searching on google Vector, your a legend. XD

ah yeah, now that you mention it I recall you suggesting commview for wifi in another thread on here. I had a quick look at the linkage you had posted back then and it looked pretty nifty, so thanks for the reminder (I have a shocking memory).

Link to comment
Share on other sites

I was planning on having a crack at the above in my lab today but with temperatures at around 35 degrees I think not (lab is a small shed with a tin roof and no air con) sucks to be me.

Anyways I just wanted to clarify something before I took a stab at it. I have pre-configured my wireless access point and disabled DHCP. I have my computer at some random Ip address (obviously not the correct one), associate with the access point and run comview or wireshark to monitor the packets out of the air.

I am guessing from here on in I need to have a mock victim setup who has the correct ip addressing and gateway information. I then have my mock victim associate with the access point. Now all that is left for me to do is inspect the traffic captured via the sniffer and look at the ARP packets source or destination to obtain the correct IP address and gateway information to have my attacker join the network.

Please correct me if I am wrong. =)

Link to comment
Share on other sites

I was planning on having a crack at the above in my lab today but with temperatures at around 35 degrees I think not (lab is a small shed with a tin roof and no air con) sucks to be me.

Anyways I just wanted to clarify something before I took a stab at it. I have pre-configured my wireless access point and disabled DHCP. I have my computer at some random Ip address (obviously not the correct one), associate with the access point and run comview or wireshark to monitor the packets out of the air.

I am guessing from here on in I need to have a mock victim setup who has the correct ip addressing and gateway information. I then have my mock victim associate with the access point. Now all that is left for me to do is inspect the traffic captured via the sniffer and look at the ARP packets source or destination to obtain the correct IP address and gateway information to have my attacker join the network.

Please correct me if I am wrong. =)

ok so commview is a full featured program. and i mean full featured. once you have the commview drivers installed for your card youll be able to monitor all wireless traffic wheather you are associated to a certain AP or not. encrypted traffic you wont be able to view in its unencrypted form until you have the correct encryption key saved, then youll be able to veiw and decrypt traffic on the fly an past data packets youve captured. i wont go into a whole big long post about all the shit you can do with commview, youll have to spend some time experimenting and reading the manual. but you can do things like death clients, inject packets, construct your own custom data packets for injection, reconstruct tcp/ip sessions on the fly, crack wep and capture wpa-psk/eapol data, etc etc. if yuo need any help you can come see me at my irc server im usually there.

Link to comment
Share on other sites

Damn! When you say full featured you sure as hell ain't mucking around. The list of features you posted are pretty cool, almost like backtrack with gui but for wifi.

I ended up downloading the trial version of comview for wifi 6.something during class today and had a quick read through the documentation. I was considering purchasing a copy (shock horror I don't usually pay for software unless its AWESOME) but yeah looked at the price for licensing and I was like =0 ...... ok maybe not.

By the way I may just take you up on that offer if I hit a brick wall on something and pop by your IRC channel. It maybe a while until I get around to it, temp's are still in the high 30's and I have a project to do on Hierarchical internetworking.

I know I have said this a few times in here but seriously thank you for taking time out of your day and lending a n00b a hand.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...