Background and Context
According to a recently published article by Associated Press an 800-mile drive in the San Jose, Calif. area in which over 3,600 wireless access points were detected. According to the article, nearly 40 percent of those networks were completely wide-open. "Wardriving", as it's called, is a popular hobby, unchecked access to a wireless network can cause quite a bit of damage. CNN even ran a recent report about "warflying" - flying over populated areas to detect wireless hotspots. In the report, they detailed a warflying trip in which over 3,000 wireless networks were detected and over 67 percent of the networks did not have any encryption enabled .
Reasons to select this topic
All the latest tech reports, surveys details about “wayflying” motivate us to choose a project on Wireless Internet Hacking and Protection. We do want to see a wireless network both from hacker's perspective and protector's perspective and this drive my friend and me to select a challenging project where my friend will try to hack my wireless Internet network and break and breach the security to as much extent as possible. I will be the protector and will play the defensive part to protect my wireless network from any sort of breaching or security breaks.
1.1 Aims of the subject
We will share our experiences about hacking and protecting a wireless network in our final report, my basic part will be a comprehensive detail about my experience while protecting my network against all break inns. I will try to device some basic steps which can be very useful to protect a residential home or small business.
As it's illegal to intrude in some one's wireless network, we would like to mention that we are carrying out this activity with mutual agreement and any thoughts shared at the end of the project will be used for making network systems more protected and secured.
1.2 Scope and Objectives
My scope will be to write about wireless network protection techniques, flows, detection, defence, encryption techniques, filtering and repair of a hacked network.
A comprehensive study of Latest Network Routers and their functionality, Network's SSID, Encryption techniques, MAC Addressing, IP Addressing, Fire Walls.
Devising practical approaches for protecting, troubleshooting, and Repairing Wireless Networks.
For the purpose of my dissertation I have thoroughly gone through to Existing IDSs Such as
Ethereal is one of the most popular sniffers available. It performs packet sniffing on almost any platform (Unix, Windows) in both real-time (live), and from saved capture files from other sniffers (NAI's Sniffer, NetXray, tcpdump, and more). Included with this program are many features such as filtering.
TCP stream reconstruction, promiscuous mode, third-party plug-in options, and the capability to recognize more than 260 protocols. Ethereal also supports capturing on Ethernet, FDDI, PPP, token ring, X-25, and IP over ATM. In short, it is one of the most powerful sniffers available on the market today and it is free .
NetStumbler is the "Mother of All" wireless network scanning tools. It includes various features, such as signal strength, ESSID, channel, GPS support, and more. In fact, NetStumbler is more than just a program because of an interactive Web site that enables you to look up known access point MAC addresses and locations, as determined by the optional GPS logs. In addition, the NetStumbler Web site has a script that converts your capture files into files that can be read by Map Point 2002.
The release of this program affected the wireless networking world significantly. Thus, this remarkable tool is part of any war driver's arsenal. If you own a wireless network, you should use this program to help position your wireless network in a central location to reduce your radiation zone. In addition to this 'full' PC-based program, the creator of this program also wrote one for the Pocket PC environment .
CommView for WiFi is a special edition of CommView designed for capturing and analyzing network packets on wireless 802.11a/b/g/n networks. CommView for WiFi gathers information from the wireless adapter and decodes the analyzed data. With CommView for WiFi you can see the list of network connections and vital IP statistics and examine individual packets. Packets can be decrypted utilizing user-defined WEP or WPA-PSK keys and are decoded down to the lowest layer, with full analysis of the most widespread protocols. Full access to raw data is also provided. Captured packets can be saved to log files for future analysis. A flexible system of filters makes it possible to drop unnecessary packets or capture the essential packets. Configurable alarms can notify the user about important events such as suspicious packets, high bandwidth utilization, or unknown addresses.
ManageEngine WiFi Manager is an integrated and centralized management and security solution for wireless networks (WLANs) for enterprises. It enhances the availability and security of your WLANs by continuously monitoring the network as well as the airspace. WiFi Manager offers wireless device monitoring, one-click configuration, access point firmware management, wireless security management and a variety of reports that remove the complexity of wireless network management. WiFi Manager can detect almost all major wireless threats including rogue attacks, intrusions, sniffers, DoS attacks, and vulnerabilities. With WiFi Manager you'll have complete control over your wireless devices as well as your airspace, and more time to focus on core IT operations
AirSnort is an encryption-cracking program. AirSnort is able to capture encrypted radio data and extract the secret key, byte by byte. After capturing roughly 3,000,000-5,000,000 packets, AirSnort can crack the password used by client and host in a few seconds. Although this program was not the first available to demonstrate the weaknesses of WEP, it quickly became the one of the most popular, because it can both capture and crack encrypted data. (Its forefather, WEPCrack, was the first publicly released code to crack archived data.) In addition, the newer releases of AirSnort provide a GUI, which is more appealing to most users than the previously used command-line interface .
WEPCrack is a script program that is coded in Perl. This means that, theoretically, an operating system need only have Perl installed and operational to use WEPCrack. Although this is a great theory, in reality WEPCrack is only fully functional on Unix-based systems.
WEPCrack will selectively capture, log, and crack RC4-protected encrypted packets sent by hardware/software using the 802.11b standard. It does this through the use of several separate scripts, each of which performs an essential part of the cracking process. In addition to the necessary cracking scripts, WEPCrack also includes a testing script that will generate a sample "weak IV" file based on a given password.
- AiroPeek NX
AiroPeek NX is the most comprehensive and feature-packed wireless analyzer available. This program not only performs real-time monitoring and analysis of 802.11b traffic, but it also provides virtual mapping, traffic filtering, and intrusion detection. In short, this program is the only diagnostic software you need to keep a watchful eye on any WLAN.