What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Überhacker II, Chapter 18: Ethernet Hacking: Wireless and Wired LANs

In this chapter you will learn:

· Why break into LANs?
· How to break into wireless LANs
· ARP spoofing
· MAC (Media Access Control) address spoofing
· A slightly stealthy way to add ARP entries
· How to hide or find a sniffer
· An example of MAC address hacking

Why Break into LANs?

Many networks maintain an outer layer of security such as a firewall, network-based intrusion detection system, and physical security to keep people out of their premises. The trouble is, if an intruder does get onto the LAN, there are many ways to compromise computers that take advantage of Ethernet protocol. It's like a bank locking its doors but leaving all its valuables lying in the open, ready for the first intruder to scoop it all up.

In the case of wireless LANs it is often even worse. It's as if the bank also left all the windows open for anyone to crawl through.

Wireless LANs

David Taylor, an information technology manager with UK-based consultancy Equation, has fashioned a unique solution to his neighborhood's lack of high-speed Internet access -- he made an antenna out of dog food cans to link his home to a broadband connection in a nearby neighborhood. With the cooperation of a neighbor who lived in an area that did have broadband coverage, he set up a connection through a wireless transmitter to beam the Internet signal two and a half kilometers to his office. The tin cans act as an antenna, boosting the Internet radio signal and bouncing it from his office to his home. At first Taylor tried several other types of cans to act as a transmitter but found that they weren't waterproof. "Other tins ended up rusting but the dog food tin has worked very well. Now not only do the 20 staff in the office have Internet connectivity, but I also have full access from my home even with the entire area lying off the broadband grid," says Taylor. -- (BBC News 7 Mar 2003) http://news.bbc.co.uk/1/hi/technology/2826617.stm

Getting free Internet access through wireless Ethernet LANs (often called Wi-Fi LANs or WLANs) is the newest and biggest ever hacker scene. In many areas you can get free access legally through Wi-Fi systems run by volunteers. Elsewhere, it's the wild west all over again, with spammers, computer criminals, and mostly harmless hackers running wild on WLANs whose owners have no concept of what they are hosting.

First we will cover the easy stuff: how to break into a WLAN (LANJacking) that doesn't authenticate users. These are fairly common. To do this, get a laptop with a wireless NIC (WNIC). Configure your NIC to automatically set up its IP address, gateway and DNS servers. Then, use the software that came with your NIC to automatically detect and get you online.

For example, with an Orinoco NIC, in Client Manager set the SSID (service set identifier required to be able to exchange packets on that WLAN) to be "any" or "null." Then from the Advanced menu select Site Manager. That should show you all available Wi-Fi access points.

Once you are set up to detect WLANs, then for happiest hunting, start driving (wardriving) or walking (stumbling) around an area with businesses or apartment buildings. Susan Updike points out, "Don't forget airports - many VIP lounges, etc. have wireless hubs accessible from inside the airport or even in the parking lots."

How do you know when you've gotten online? One way is to run an intrusion detection system that alerts you when you get any kind of network traffic.

An easier and faster way to find those access points and choose the one you want to use is to run Network Stumbler, at http://www.netstumbler.com. It shows you all Wi-Fi access points within range of you. Network Stumbler runs on Windows desktop and laptop machines, and Mini Stumbler runs on Wi-Fi-enabled PDAs. Netstumbler-like software is available for MacOSX with either an internal AirPort card or any PCMCIA Wi-Fi card at http://www.mxinternet.net/~markw/.

For NetBSD,OpenBSD,and FreeBSD you can get BSD-Airtools at http://www.dachb0den.com/projects/bsd-airtools.html.

More --->>

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

© 2013 Happy Hacker All rights reserved.