WarDriving and Wireless Penetration Testing
eBook - ePub

WarDriving and Wireless Penetration Testing

  1. 446 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

WarDriving and Wireless Penetration Testing

About this book

Wireless networking has become standard in many business and government networks. This book is the first book that focuses on the methods used by professionals to perform WarDriving and wireless pentration testing.Unlike other wireless networking and security books that have been published in recent years, this book is geared primarily to those individuals that are tasked with performing penetration testing on wireless networks. This book continues in the successful vein of books for penetration testers such as Google Hacking for Penetration Testers and Penetration Tester's Open Source Toolkit. Additionally, the methods discussed will prove invaluable for network administrators tasked with securing wireless networks. By understanding the methods used by penetration testers and attackers in general, these administrators can better define the strategies needed to secure their networks.* According to a study by the Strategis Group more than one third of the words population will own a wireless device by the end of 2008. * The authors have performed hundreds of wireless penetration tests, modeling their attack methods after those used by real world attackers. * Unlike other wireless books, this is geared specifically for those individuals that perform security assessments and penetration tests on wireless networks.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access WarDriving and Wireless Penetration Testing by Chris Hurley,Russ Rogers,Frank Thornton,Brian Baker in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2006
Print ISBN
9781597491112
eBook ISBN
9780080520773
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Foreword v 1.0

Jeff Moss’s Foreword from the first edition of WarDriving: Drive, Detect, Defend A Guide to Wireless Security
When I was thirteen years old and my father got an IBM PC-2 (the one with 640k!) at a company discount, my obsession with computers and computer security began. Back then the name of the game was dial-up networking. 300-baud modems with “auto dial” were in hot demand! This meant that you didn’t have to manually dial anymore!
You could see where this was going. It would be possible to have your computer dial all the phone numbers in your prefix looking for other systems it could connect to. This was a great way to see what was going on in your calling area, because seeing what was going on in long distance calling areas was just too expensive!
When the movie “War Games” came out, it exposed War Dialing to the public, and soon after it seemed everyone was dialing up a storm. The secret was out, and the old timers were complaining that the newbies had ruined it for everyone. How could a self-respecting hacker explore the phone lines if everyone else was doing the same thing? Programs like ToneLoc, Scan, and PhoneTag became popular on the IBM PC with some that allowed dialing several modems at one time to speed things up. Certain programs could even print graphical representations of each prefix, showing what numbers were fax machines, computers, people, or even what phone numbers never answered. One friend of mine covered his walls with print outs of every local calling area he could find in Los Angeles, and all the 1-800 toll free numbers! In response, system operators who were getting scanned struck back with Caller ID verification for people wanting to connect to their systems, automatic call-back, and modems that were only turned on during certain times of the day.
War Dialing came onto the scene again when Peter Shipley wrote about his experiences dialing the San Francisco bay area over a period of years. It made for a good article, and attracted some people away from the Internet, and back to the old-school ways of war dialing. What was old was now new again.
Then, along came the Internet, and people applied the concept of war dialing to port scanning. Because of the nature of TCP and IPV4 and IPV6 address space, port scanning is much more time consuming, but is essentially still the same idea. These new school hackers, who grew up on the Internet, couldn’t care less about the old way of doing things. They were forging ahead with their own new techniques for mass scanning parts of the Internet looking for new systems that might allow for exploration.
System operators, now being scanned by people all over the planet (not just those people in their own calling region) struck back with port scan detection tools, which limited connections from certain IP addresses, and required VPN connections. The pool of people who could now scan you had grown as large as possible! The battle never ceases.
Once wireless cards and hubs got cheap enough, people started plugging them in like crazy all over the country. Everyone from college students to large companies wanted to free themselves of wires, and they were happy to adopt the new 802.11, or WiFi, wireless standards. Next thing you knew it was possible to accidentally, or intentionally, connect to someone else’s wireless access point to get on their network. Hacker’s loved this, because unlike telephone wires that you must physically connect to in order to communicate or scan, WiFi allows you to passively listen in to communications with little chance of detection. These are the origins of WarDriving.
I find War Driving cool because it combines a bit of the old school world of dial up; with the way things are now done on the net. You can only connect to machines that you can pick up, much like only being able to War Dial for systems in your local calling area. To make WarDriving easier, people developed better antennas, better WiFi scanning programs, and more powerful methods of mapping and recording the systems they detected. Instead of covering your walls with tone maps from your modem, you can now cover your walls with GPS maps of where you have located wireless access points.
Unlike the old school way of just scanning to explore, the new WiFi way allows you to go a step further. Many people intentionally leave their access points “open,” thus allowing anyone who wants to connect through them to the Internet. While popular at some smaller cafes (i.e., Not Starbucks) people do this as all over the world. Find one of these open access pints, and it could be your anonymous on-ramp to the net. And, by running an open access point you could contribute to the overall connectedness of your community.
Maybe this is what drives the Dialers and Scanners. The desire to explore and map out previously unknown territory is a powerful motivator. I know that is why I dialed for months, trying to find other Bulletin Board Systems that did not advertise, or were only open to those who found it by scanning. Out of all that effort, what did I get? I found one good BBS system, but also some long-term friends.
When you have to drive a car and scan, you are combining automobiles and exploration. I think most American males are programmed from birth to enjoy both! Interested? You came to the right place. This book covers everything from introductory to advanced WarDriving concepts, and is the most comprehensive look at War Driving I have seen. It is written by the people who both pioneered and refined the field. The lead author, Chris Hurley, organizes the WorldWide WarDrive, as well as the WarDriving contest at DEF CON each year. His knowledge in applied War Driving is extensive.
As War Driving has moved out of the darkness and into the light, people have invented WarChalking to publicly mark networks that have been discovered. McDonalds and Starbucks use WiFi to entice customers into their establishments, and hackers in the desert using a home made antenna have extended its range from hundreds of feet to over 20 miles! While that is a highly geektastic thing to do, demonstrates that enough people have adopted a wireless lifestyle that this technology is here to stay. If a technology is here to stay, then isn’t it our job to take it apart, see how it works, and generally hack it up? I don’t know about you, but I like to peek under the hood of my car.
Jeff Moss,     Black Hat, Inc.
www.blackhat.com
Seattle, 2004
Chapter 1

Introduction to WarDriving and Penetration Testing

Solutions in this chapter:
image
The Origins of WarDriving
image
Tools of the Trade or “What Do I Need?”
image
Putting It All Together
image
Penetration Testing Wireless Networks
image
Summary
image
Solutions Fast Track
image
Frequently Asked Questions

Introduction

Wireless networking is one of the most popular and fastest growing technologies on the market today. From home networks to enterprise-level wireless networks, people are eager to take advantage of the freedom and convenience that wireless networking promises. However, while wireless networking is convenient, it is not always deployed securely. Insecure wireless networks are found in people’s homes and in large corporations. Because of these insecure deployments, penetration testers are often called in to determine what the security posture of an organization’s wireless network is, or to verify that a company has deployed its wireless network in a secure fashion. In this chapter, we discuss WarDriving and how it applies to a wireless penetration test.
Later in this chapter, you will gain a basic understanding of the principles of performing a penetration test on a wireless network. You will learn the history of wireless security and the vulnerabilities that plague it. Additionally, you will begin to understand the difference between performing a penetration test on a wireless network vs. a wired network, and some of the stumbling blocks you will need to overcome. Next, you will gain a basic understanding of the different types of attacks that you are likely to use. Finally, you will put together a basic tool kit for wireless penetration tests.

WarDriving

Before you begin WarDriving, it is important to understand what it is and, more importantly, what it is not. It is also important to understand some of the terminology associated with WarDriving. In order to successfully WarDrive, you need certain hardware and software tools. Since there are hundreds of possible configurations that can be used for WarDriving, some of the most popular are presented to help you decide what to buy for your own initial WarDriving setup.
Many of the tools that a WarDriver uses are the same tools that an attacker u...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. VISIT US AT
  5. Copyright
  6. Acknowledgments
  7. Technical Editor and Lead Author
  8. Technical Editor and Contributing Author
  9. Contributing Authors
  10. Foreword Contributor
  11. Foreword
  12. Foreword v 1.0
  13. Chapter 1: Introduction to WarDriving and Penetration Testing
  14. Chapter 2: Understanding Antennas and Antenna Theory
  15. Chapter 3: WarDriving With Handheld Devices and Direction Finding
  16. Chapter 4: WarDriving and Penetration Testing with Windows
  17. Chapter 5: WarDriving and Penetration Testing with Linux
  18. Chapter 6: WarDriving and Wireless Penetration Testing with OS X
  19. Chapter 7: Wireless Penetration Testing Using a Bootable Linux Distribution
  20. Chapter 8: Mapping WarDrives
  21. Chapter 9: Using Man-in-the-Middle Attacks to Your Advantage
  22. Chapter 10: Using Custom Firmware for Wireless Penetration Testing
  23. Chapter 11: Wireless Video Testing
  24. Appendix A: Solutions Fast Track
  25. Appendix B: Device Driver Auditing
  26. Index