wlan:wlanaudit
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wlan:wlanaudit [2007/05/14 22:33] – 83.215.197.79 | wlan:wlanaudit [2008/04/01 14:28] (current) – 195.64.1.11 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | |||
+ | ======WLAN Security Auditing====== | ||
+ | |||
+ | To check how secure our companys Wireless LAN is I tried different wardriving | ||
+ | tools. Here is a short roundup. | ||
+ | ======Kismet====== | ||
+ | Hallo!!! | ||
+ | Kismet scans for available networks and gives you some interesting information | ||
+ | about them. | ||
+ | |||
+ | #> apt-get -t testing install kismet | ||
+ | |||
+ | You may need to edit the ''/ | ||
+ | and the driver you use. I'm running the hostap driver on my [[NetgearMA401|Netgear MA401]] (Prism | ||
+ | 2.5) so this is the line I use: | ||
+ | |||
+ | source=prism2_hostap, | ||
+ | |||
+ | You need to be root to run kismet. When started it gathers information about the | ||
+ | available networks in an " | ||
+ | interesting network (eg. your own) press '' | ||
+ | choice, then select the network and press '' | ||
+ | |||
+ | Make sure your network has WEP encryption enabled. It is possible to hide the | ||
+ | name of your network (SSID hiding) -- however kismet will detect it nontheless it | ||
+ | will show it as " | ||
+ | |||
+ | Kismet logs received packets to ''/ | ||
+ | later. | ||
+ | |||
+ | =====AirSnort===== | ||
+ | |||
+ | The next tool to use is AirSnort. This is a GTK based networksniffer similar to | ||
+ | kismet but able to break WEP encryption. Install it and run it as root. | ||
+ | |||
+ | #> apt-get -t testing install airsnort | ||
+ | |||
+ | Some theory first. WEP uses the RC4 Algorithm which isn't the safest in world. | ||
+ | In fact it has some known security flaws which are described [[http:// | ||
+ | Simply put, there are a few thousand keys which are weak and easy to | ||
+ | decrypt. A few years ago you just had to run a tool like AirSnort to crack WEP | ||
+ | encrption in a few minutes by fetching these weak keys from the air. | ||
+ | |||
+ | Well nowadays all manufactuers have changed their WEP implementations to avoid | ||
+ | these weak keys so AirSnort will need a large amount of Packets to get the WEP password. If you | ||
+ | get a lot of " | ||
+ | Hardware in your net which needs to be updated. | ||
+ | |||
+ | Update: I haven' | ||
+ | |||
+ | =====WepAttack===== | ||
+ | |||
+ | Even if the manufacturers don't use the weak keys in WEP anymore there is room | ||
+ | for an simple attack: Using brute force to guess the WEP password. The | ||
+ | interesting thing is that this can be done completely undetected. All that is | ||
+ | needed is a single passively sniffed packet. | ||
+ | |||
+ | Lets install the tool first. Get it from http:// | ||
+ | unpack it. For compiling you need some libraries, too. | ||
+ | |||
+ | #> apt-get -t testing install libssl-dev libpcap-dev | ||
+ | $> tar -xzvf WepAttack-0.1.3.tar.gz | ||
+ | $> cd WepAttack-0.1.3/ | ||
+ | $> make | ||
+ | #> cp wepattack / | ||
+ | |||
+ | To brute force attack a WEP encrypted packet you need a wordlist (available | ||
+ | from the above site) and a packet dump from kismet. Then just run the following | ||
+ | command. | ||
+ | |||
+ | $> wepattack -f / | ||
+ | |||
+ | If this finds your password it is too weak. | ||
+ | |||
+ | ===== Summary ===== | ||
+ | |||
+ | If your WLAN passes all these tests it should be considerably safe from most | ||
+ | occasional crackers. At our company all traffic to the internal LAN is additionally | ||
+ | encrypted by IPSEC, but for a home network this may be fine enough even without using stronger encryption. |
wlan/wlanaudit.txt · Last modified: 2008/04/01 14:28 by 195.64.1.11