Wifi Security 101 ~ Are You Secure?

So, you got your self a wireless network eh? Are you sure it’s secure? Read on to find out!

My EEEPC(Above my EEPC, Had some good WEP Cracks with it…)

There are two methods of security, Mac authentication and encryption.

Mac Authentication

Every single modern network adapter has what is called a Media Access Control address, or Mac for short. This is unique to every device, no two devices share the same mac (except if you buy a REALLY cheap network card from china). An easy way to lock people out of your  network is to only allow certain Mac addresses (IE Laptops/Computers) to connect.There are some cons however. If your friend comes over, you have to program his Mac into your router/access point so he can get online. Also Mac’s  can be spoofed quite easily, All a person needs is the Mac of something connected to the network and it is done. Using special tools, (More on that later) You can get the mac address in no time.

Encryption

Although Mac Authentication prevents unwanted users from connecting, all the traffic you are sending can be “heard” and easily read. There are two main types of encryption available WEP and WPA

WEP 64/128bit

Wired Equivalent Privacy is not what the name is all cracked up to be. This is the first type of encryption ever used, and it is also the easiest to hack. This requires a static key in order to connect to the wireless network. Note how I said “Static”. The key never changes, and as such, with enough packets the encryption can be broken. Getting the password requires recording the traffic, then running it through a program. The only catch is that you need to get over 60,000 packets for WEP 64Bit and 100,000 for WEP 128Bit. There is another security whole which allows this to be done quite easily however. It’s all about the ARPs. ARP stands for Address Resolution Protocol. When a computer needs the MAC address for a certain IP address, it sends out a ARP, which is then answered by what ever device has that IP. WEP does a VERY bad job hiding this traffic. ARP Packets are very small and have a fixed size. This size when encrypted stays the same so it is very easy to see ARP’s. The funny thing is, if you retransmit a ARP traffic, you can usually get another response. This makes it very easy to get a large number of packets really fast since you can spam the access-point that you want into with arps! It only takes about 2 minutes to capture enough packets to crack the network code.

WPA and it’s variants

Wi-Fi Protected Access is the next step up from WEP. It uses dynamic keys that change on a set interval. This means the same method used to crack WEP can not be used to crack WPA. But since it uses dynamic keys, when a Client connects to the access point, the “handshake” will involve giving out the key. If this handshake is captured, it can be ran against a dictionary attack, and get the key. The crappy part is that it is completely possible to send deauth packets to the client forcing the client to disconnect, then reconnect, thus repeating the handshake. There is good news however, it takes a lot of CPU power to crack the password using a dictionary attack, and as such your network is as secure as your password. At the same time however, some geniuses down at House of Wifi have made up some tables for cracking passwords. Using this method, they can crack to the order of 3 magnitudes faster! (On his test unit, a 700Mhz Laptop, it was 12 tries per second with out the tables, 18,000 tries per second with the tables!)  The only downfall to this attack is that the SSID (Network Name) of the network in question is hashed into the handshake and has to match-up with one of the tables. Now I know that there are different levels of WPA encryption, but all are dead to this attack.

Using both Encryption and Mac filtering

I don’t recommend this at all to anyone. If some one has the brains to crack you network security, then they will know how to spoof your Mac Address! In rare cases you may need to, (for example, you don’t want to re-enter the password to a bunch of computers to just prevent one computer from connecting) but even then it’s a bad idea that is going to cause a lot of headaches!

How to Protect yourself

WPA is the only really option when it comes to protecting your network. Yes, I understand that it can be hacked, but it has to use a dictionary attack. If you have a good password (With both numbers and letters and over 12 digits long) your pretty much locked down like the FBI. Just remember however, it is ALWAYS possible to break into your network. It’s just that it will be really really REALLY hard and no one will want to :) .

Special Tools

At this point you maybe thinking, is wireless really that insecure? Well… Yes it is. The upside is that not a lot of people know how to hack Wifi yet. The Bad side is that you can get into a LOT of trouble if you do this! I only ever hacked my own special networks and a few friends after they told me it was not possible :)

So if you still want to hack some Wifi, here is what you need:

-A Good WiFi Card ~Not all wireless cards work for this type of hacking. You must have the right card for the job.

-Backtrack4 ~ This pretty much is the BEST hacking OS ever, although remember, it’s for legit uses only!

-Aircrack ~ This is included with backtrack4 and it has all the tools you need for hacking. Just remember, use for awesome, not bad!

Happy Hacking!

You can leave a response, or trackback from your own site.

Leave a Reply


5 + one =