LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Closed Thread
  Search this Thread
Old 11-20-2006, 03:08 AM   #1
Stan27
LQ Newbie
 
Registered: Nov 2006
Posts: 13

Rep: Reputation: 0
Questions About Wireless Security Measures


Because of everything I've done for my school, they let me take a shot at their wireless network. The terms are if I gain access, I can use the internet connection for my personal use and the administrators buy me lunch.

I was able to crack the WEP key, but I can't connect to the network.
All of the clients on the network have a strict pattern of MAC addresses, so I'm sure the access point uses MAC filtering.

I changed my card's MAC address, but I still had no luck. The next day I went to school, it turns out that even the established clients could not connect to the network(this is a usual thing at my school). Now I'm not sure if I did everything I needed to do but didn't succeed because of the network downtime, or if I had no luck and the network happened to go down the next day.

My question is: what are other security measures on wireless networks that could be standing in my way?

Is there a way to check progress besides trying to log on with windows and seeing whether I get an IP address or not?

I am still only able to use windows because I do not have linux on my laptop yet, but I expect to have linux on my laptop within a month. I didn't have any luck with linux on a laptop last time I tried, hopefully this time it will be better.
 
Old 11-20-2006, 04:17 AM   #2
easuter
Member
 
Registered: Dec 2005
Location: Portugal
Distribution: Slackware64 13.0, Slackware64 13.1
Posts: 538

Rep: Reputation: 62
Do they use a dhcp server to provide access, or is the IP leasing static?
If it is static you will need to know the valid IP range, gateway and netmask for your school's access point.

I suggest you try using Kismet, a wireless network sniffer:

http://www.kismetwireless.net/

Ethereal and airsnort are also good, but if you need to use a GUI program Ethereal is probably better. Those are for linux by the way (i think ethereal is also for windows).

There is another great network tool for Linux distros which in my opinion is way better than any provided by default in Windows: NeworkManager
http://www.gnome.org/projects/NetworkManager/

I think NetworkManager is already provided in FedoraCore 6 (or availible as a package anaway). If you wish to use any other distro, you might have to compile NM for it, but, we'll help.

good luck

Last edited by easuter; 11-20-2006 at 01:40 PM.
 
Old 11-20-2006, 09:42 PM   #3
Stan27
LQ Newbie
 
Registered: Nov 2006
Posts: 13

Original Poster
Rep: Reputation: 0
DHCP is enabled on the clients.

I would have done some testing today but I'm downloading FC6 on my laptop, but I guess that will be going on my laptop as well.

Yeah, Ethereal is now called Wireshark, and I have it installed, even though I did most of the work with aircrack.

I'll check out NetworkManager as soon as I can. Any other ideas about what they might have?
The MAC address of the access point is changed, so I can't tell what it is, and nobody at the school has any idea where the district monkeys put it.


Thank you for your help, very much appreciated.
 
Old 11-21-2006, 10:17 PM   #4
JAKK
Member
 
Registered: Jun 2006
Distribution: Slackware 11
Posts: 92

Rep: Reputation: 15
Hi. I'm kinda new to this,but I'll say what I know. You could use airodump to give you the MAC of the ap. Backtrack 1.5 (available from here) is an awesome livecd that had airodump. If you download backtrack,I would get the 1.0 because the 2.0 is still beta. When airodump is started,there will be two sections that look like this screen shot. The top section should be the BSSID(MAC)of the ap,while the bottom section is the mac of the associated clients. You should be able to tell if the client is associated if the bssid is the same as the top section. From here,you could try spoofing that mac and connecting to the network(it sounds like they may have mac filtering in place). Also,you could set up a sniffer like you have done and look at what comes across it,there may be an arp request or something that would be useful. I hope this helps a bit,like I said,I am fairly new to this and linux in general.
 
Old 11-22-2006, 02:31 AM   #5
Stan27
LQ Newbie
 
Registered: Nov 2006
Posts: 13

Original Poster
Rep: Reputation: 0
I used airodump to get the packets for the cracking process, I thought it was part of aircrack already.
I do have some sniffer logs, I guess now I just need to learn about ARP and how to recognize it.

I do have direct access to the clients, and near-admin privileges. I am able to change any of the network configuration.

What I'm wondering about is the district-installed programs on the computers, could anything like that affect what I'm trying to do? As far as connecting to the access point, the default windows program is used.


Thank you for your help everybody.
 
Old 11-22-2006, 05:36 PM   #6
JAKK
Member
 
Registered: Jun 2006
Distribution: Slackware 11
Posts: 92

Rep: Reputation: 15
Are you just trying to get connected to the network,or do you need to gain access to a domain controller or something? If you just need to be on their network(meaning your box is assigned an ip address),then I don't believe any installed programs on their servers could do anything. The only things that would restrict access for you is encryption such as wep like you stated,which was already defeated and mac address filtering. The way I understand it,you have the key,but you still can't connect to the network,is this correct? If that's the case,it's probably just mac address filtering in which case you could run a deauth attack with aireplay and then use a sniffer to sniff the traffic which should reveal client macs and the ip of the ap. You could also just run airodump and get the client macs that way. Someone please correct me if I am wrong,like I said I'm new to this.
 
Old 11-23-2006, 04:09 AM   #7
Stan27
LQ Newbie
 
Registered: Nov 2006
Posts: 13

Original Poster
Rep: Reputation: 0
I already have a list of allowed MAC addresses, I just haven't been able to verify whether MAC spoofing has worked or not.

What I'm trying to do in the meantime, until I can take another shot at it, is gather a list of other possibilities(if any).

To answer your question, I only need to gain access.
Thank you for your help, I'll post again when I try again.
 
Old 11-23-2006, 05:21 AM   #8
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Even though, supposedly, your network admins have said you can try to crack the network, this does violate the LQ terms and conditions and is therefore closed.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 02:02 AM
addtl security measures slug420 Linux - Security 1 06-10-2005 07:45 PM
additional firewall measures Syncrm Linux - Networking 1 04-18-2002 11:09 AM
802.11b wireless access security questions. Mr Smith Linux - Security 8 10-10-2001 12:15 PM
Measures for accident!? Rex_chaos Linux - General 1 09-25-2001 01:12 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 03:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration