General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-20-2006, 03:08 AM
|
#1
|
LQ Newbie
Registered: Nov 2006
Posts: 13
Rep:
|
Questions About Wireless Security Measures
Because of everything I've done for my school, they let me take a shot at their wireless network. The terms are if I gain access, I can use the internet connection for my personal use and the administrators buy me lunch.
I was able to crack the WEP key, but I can't connect to the network.
All of the clients on the network have a strict pattern of MAC addresses, so I'm sure the access point uses MAC filtering.
I changed my card's MAC address, but I still had no luck. The next day I went to school, it turns out that even the established clients could not connect to the network(this is a usual thing at my school). Now I'm not sure if I did everything I needed to do but didn't succeed because of the network downtime, or if I had no luck and the network happened to go down the next day.
My question is: what are other security measures on wireless networks that could be standing in my way?
Is there a way to check progress besides trying to log on with windows and seeing whether I get an IP address or not?
I am still only able to use windows because I do not have linux on my laptop yet, but I expect to have linux on my laptop within a month. I didn't have any luck with linux on a laptop last time I tried, hopefully this time it will be better.
|
|
|
11-20-2006, 04:17 AM
|
#2
|
Member
Registered: Dec 2005
Location: Portugal
Distribution: Slackware64 13.0, Slackware64 13.1
Posts: 538
Rep:
|
Do they use a dhcp server to provide access, or is the IP leasing static?
If it is static you will need to know the valid IP range, gateway and netmask for your school's access point.
I suggest you try using Kismet, a wireless network sniffer:
http://www.kismetwireless.net/
Ethereal and airsnort are also good, but if you need to use a GUI program Ethereal is probably better. Those are for linux by the way (i think ethereal is also for windows).
There is another great network tool for Linux distros which in my opinion is way better than any provided by default in Windows: NeworkManager
http://www.gnome.org/projects/NetworkManager/
I think NetworkManager is already provided in FedoraCore 6 (or availible as a package anaway). If you wish to use any other distro, you might have to compile NM for it, but, we'll help.
good luck
Last edited by easuter; 11-20-2006 at 01:40 PM.
|
|
|
11-20-2006, 09:42 PM
|
#3
|
LQ Newbie
Registered: Nov 2006
Posts: 13
Original Poster
Rep:
|
DHCP is enabled on the clients.
I would have done some testing today but I'm downloading FC6 on my laptop, but I guess that will be going on my laptop as well.
Yeah, Ethereal is now called Wireshark, and I have it installed, even though I did most of the work with aircrack.
I'll check out NetworkManager as soon as I can. Any other ideas about what they might have?
The MAC address of the access point is changed, so I can't tell what it is, and nobody at the school has any idea where the district monkeys put it.
Thank you for your help, very much appreciated.
|
|
|
11-21-2006, 10:17 PM
|
#4
|
Member
Registered: Jun 2006
Distribution: Slackware 11
Posts: 92
Rep:
|
Hi. I'm kinda new to this,but I'll say what I know. You could use airodump to give you the MAC of the ap. Backtrack 1.5 (available from here) is an awesome livecd that had airodump. If you download backtrack,I would get the 1.0 because the 2.0 is still beta. When airodump is started,there will be two sections that look like this screen shot. The top section should be the BSSID(MAC)of the ap,while the bottom section is the mac of the associated clients. You should be able to tell if the client is associated if the bssid is the same as the top section. From here,you could try spoofing that mac and connecting to the network(it sounds like they may have mac filtering in place). Also,you could set up a sniffer like you have done and look at what comes across it,there may be an arp request or something that would be useful. I hope this helps a bit,like I said,I am fairly new to this and linux in general.
|
|
|
11-22-2006, 02:31 AM
|
#5
|
LQ Newbie
Registered: Nov 2006
Posts: 13
Original Poster
Rep:
|
I used airodump to get the packets for the cracking process, I thought it was part of aircrack already.
I do have some sniffer logs, I guess now I just need to learn about ARP and how to recognize it.
I do have direct access to the clients, and near-admin privileges. I am able to change any of the network configuration.
What I'm wondering about is the district-installed programs on the computers, could anything like that affect what I'm trying to do? As far as connecting to the access point, the default windows program is used.
Thank you for your help everybody.
|
|
|
11-22-2006, 05:36 PM
|
#6
|
Member
Registered: Jun 2006
Distribution: Slackware 11
Posts: 92
Rep:
|
Are you just trying to get connected to the network,or do you need to gain access to a domain controller or something? If you just need to be on their network(meaning your box is assigned an ip address),then I don't believe any installed programs on their servers could do anything. The only things that would restrict access for you is encryption such as wep like you stated,which was already defeated and mac address filtering. The way I understand it,you have the key,but you still can't connect to the network,is this correct? If that's the case,it's probably just mac address filtering in which case you could run a deauth attack with aireplay and then use a sniffer to sniff the traffic which should reveal client macs and the ip of the ap. You could also just run airodump and get the client macs that way. Someone please correct me if I am wrong,like I said I'm new to this.
|
|
|
11-23-2006, 04:09 AM
|
#7
|
LQ Newbie
Registered: Nov 2006
Posts: 13
Original Poster
Rep:
|
I already have a list of allowed MAC addresses, I just haven't been able to verify whether MAC spoofing has worked or not.
What I'm trying to do in the meantime, until I can take another shot at it, is gather a list of other possibilities(if any).
To answer your question, I only need to gain access.
Thank you for your help, I'll post again when I try again.
|
|
|
11-23-2006, 05:21 AM
|
#8
|
Moderator
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
|
Even though, supposedly, your network admins have said you can try to crack the network, this does violate the LQ terms and conditions and is therefore closed.
|
|
|
All times are GMT -5. The time now is 03:05 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|