This is what someone might do using a linux system in order to use your wap, however the same tools and applications are just as readily available to windows users:

1. Come within range of a WLAN

2. Set your wireless card to promiscuous mode with a command like 'sudo iwconfig eth1 mode Monitor' which will allow your interface to receive frames intended for any MAC

3. Get a tool such as Wireshark or Kismet (my favorite) to sniff frames out of the air, which contain the MAC address of the router and any computers that are connected to it

4. Set your wireless card back to normal mode 'sudo iwconfig eth1 mode Managed'

5. Change your MAC address to use one of the ones that you gathered in step 3 with a command like 'ifconfig eth1 hw ether DE:AD:BE:EF:CO:DE'

6. At this point, you can either associate with the WLAN and piggyback on the same shared network as the user whose MAC you swiped, or you can be even more sneaky (and switch your attack from a passive one to an active one) and send deassociation frames to the WLAN which will kick the legitimate user off with a tool like wlan_jack, File2air,
Void11 or Libwlan and then associate with the WLAN.

7. Surf away.

The details of all of this are covered in Wi-Foo edition one on page
158-161 (a book I highly recommend if you're interested in this sort of thing).



So in short, be sure to use encryption on your wireless access point/or router. : )

i hacked 127.0.0.1!

i hacked 127.0.0.1!

Damn, thats my location!!! :lol:

You are a 1337 h4x0r 4 sho!!!

oh shit...

so? Minute somebody figures this out, they just reset the router.

so? Minute somebody figures this out, they just reset the router.

So the minute you figure out that while you're at work all day the guy next door is using your net connection for malicious reasons you reset the router? :dunno:

The best part of this is that at my buddies house his "personal" network is wired, but he has a wireless honeypot setup. He lives in an apartment complex and has added a high gain antenna so that many people can use this internet "for free". The thing that they don't get is he also has a linux box setup and is doing MITM attacks on them and they don't even know it. He has it completely scripted so that when his neighbors sign into his wireless that the linux box automatically starts the MITM and gets all of their user/passwords for literally everything they have surfed. This includes banks and investments...

FYI.

DO NOT TRY TO "USE" SOMEONE ELSE'S CONNECTION FOR FREE FOR YOUR PERSONAL THINGS...

resetting the router wont help you when the feds are knocking at you door asking why you have sent 5069GB of kiddy porn to Taiwan.

plus running unencrypted leaves you 100% open to password theft since most services use weak(if any) encryption for their web logins.

Hai, Can Be Mac Cloning Times Now ? Kthxbye !

Hai, Can Be Mac Cloning Times Now ? Kthxbye !

I don't get that either. :dunno:

I don't get that either. :dunno:

wow...

wow...

It just looks/sounds like some sort of Japiname or whatever its called to me.... :dunno: care to explain it?

Mac cloning has been around for ages.

I don't use WPA, but I also dont broadcast my SSID. I figure if you want to use my internets, that's cool. I only allow 2 wireless connections at once though, and that means when Im home, they're both used up. Then again, I dont use DHCP either, so have fun getting the internal IP scheme.

Ah, I've always heard it referred to as MAC spoofing, not cloning (I assume from using one thats verified already).

I wonder how long it will be until the producers or wireless routers default them to be locked out from any connections until the user reads the readme or manual that comes with the product....

With consumer devices? Never. It's too much of a PITA for tech support to have to deal with it. They want ease of use, not security.

Despite what WE think in the power user world, consumers really want ease of use, over security.

yeah, I don't broadcast my ssid, have mac filters, an odd ip range, limited number of connections allowed, and times that wireless is disabled, like, when i'm at work.

also, changing your router's IP address, and using https will slow down the majority of the "wifi crackers" (i mean the 16 year old high schoolers who think they know it all)

Oh, my router also stores logs of all activity, including computers that come into range of it, and try to connect, it's backed up on my "box" which will pretty much let me defend myself legally if something ever happened over my connection.

I only use a WEP key and hide my SSID for my wireless, but I only have 3 things that use it so I restrict it to only allow 3 IPs leased at a time (leased time is 3 weeks). I check my log files every weekend to see if anybody uses my WIFI but so far I've been lucky. Oh, and my router is setup to not allow remote or wireless connections to the control panel even though I changed the IP and login credentials for it.

I think that crap is overkill. by securing your network with wep you have shown due diligence. anything that happens is no longer your responsibility because you were not negligent.

WEP is pretty weak too, but a decent step.

I only use WEP because my Nintendo DS has issues with WPA. :lol:

I think that crap is overkill. by securing your network with wep you have shown due diligence. anything that happens is no longer your responsibility because you were not negligent.

I used to live in an apartment complex right across from Tyrone Mall and Best Buy (some of their laptops could pick up my WIFI signal if I didn't have the SSID hidden, this was partially my fault for adding a repeater so I could use the laundry room and use my WIFI also) so I'd get atleast 10-15 attempted connections a day... I normally wouldn't be so paranoid because I lock my boxes up pretty securely, but my fiancee isn't that tech savvy so I'm making up for the steps she doesn't take because the last thing I need is for certain "personal data" to get leaked to our neighbors. :lol:

I used to live in an apartment complex right across from Tyrone Mall and Best Buy (some of their laptops could pick up my WIFI signal if I didn't have the SSID hidden, this was partially my fault for adding a repeater so I could use the laundry room and use my WIFI also) so I'd get atleast 10-15 attempted connections a day... I normally wouldn't be so paranoid because I lock my boxes up pretty securely, but my fiancee isn't that tech savvy so I'm making up for the steps she doesn't take because the last thing I need is for certain "personal data" to get leaked to our neighbors. :lol:

WZC service automatically attempts a connection at every access point it detects. Anyone with the skill(or script) to break WEP isn't going to have a problem with wpa or a hidden ssid.

I get your concern, but anything you send can be intercepted and with enough time, no encryption will help. Of course WPA2 with hidden ssid and a strong hash will give you a good 6 months before its broken compared to the 30 second to 4 minutes with WEP :p

If you forget to take your wlan0 or eth0 off of promiscuous mode it results in head aches galore.

Seriously. I can see your interwebz by the way! = )

Broadcasted or not you're signals be hanging out. ; )

You guys should check it out where I live.... Out of the 16 wlan withing range mines and some other nerd are actually secured the others are wide open son, all it takes is that 'tcpdump' on that wireless interface and passwords galore here I come son.

It's kind of fucked up if you think of it, the more you know the more paranoid you get and then people start calling you crazy.

I turned the wireless off of my router months ago.....it's retarded to think that anything being transmitted wirelessly is "encrypted" or secured in anyway.

Given a long enough time span all your packets are belong to someone.

That's why I stopped sending e-mail, carrier pigeon FTW! Can't fuck with that kind of encryption unless you're packing birdshot... and frankly, if you got a shotgun in my face you can haz my passwords.

The way I figure it is that there's only a handful of people in my zip code that are actually smart enough (and malicious enough) to break into my wireless connection by hacking my WEP. That being said, out of those handful of people there are hundreds and hundreds of other, wide open access points for them to get their grubby little hands on. If some one really wants to break into my wireless connection and actually monitor my usage for hours on end while I play WoW and possibly check my bank account when almost the whole Eastern United States is sleeping, I can't stop them.

I'm more concerned with stopping my annoying ass neighbors from hopping on my wireless and clogging up my interweb tubes with their pr0n d/l's. That may be naive of me but I've yet to have a bank statement lower than it should be and I haven't had a virus in years.

http://i32.tinypic.com/wqtz68.jpg

I had never seen this thread, I'm glad I did though. I like hearing about security problems because the conversations normally let me know where I stand.

You can't stop the signal, Mal. Everything goes somewhere, and I go everywhere.

You can't stop the signal, Mal. Everything goes somewhere, and I go everywhere.

Awesome movie.

Guy killed me Mal, guy killed me with a sword!

User Rating: 9.5/10 (20,012 votes)

Was it really that good?

Did you see us talking? Were we fighting? Trap!

Was it really that good?

I dunno about 9.5 but it was good.

MAC Spoofing and Cloning have been around alot longer then people here may think. I use it to trap packets via wireshark on a LAN. It's pretty simple, and there are some cool utilites out there for this.

As far as wireless at my house, I have a gigabit LAN tiesd to my Sonicwall, which is connected to FIOS. My AP is WEP secured, odd IP address range, requires VPN permissions to connect to LAN (via Sonicwall WLAN), and is disabled 99% of the time. I only use wireless when I want to use my laptop on the couch (which isn't often).

Wireless is convienent, but is overrated in homes. Nothing beats the security of WIRE. (except FIBER of course ;))

You're only going to pick up wireless traffic using wireshark, etc.

If you ever want to have fun...

Jump on unencypted wireless at a place like a school, airport, or starbucks, and create a rule to only read AIM traffic. Then, start talking out loud to either yourself, or a friend, about the same topic that someone is talking about on AIM...and explain to your friend how you've been studying ESP.

You're only going to pick up wireless traffic using wireshark, etc.

If you ever want to have fun...

Jump on unencypted wireless at a place like a school, airport, or starbucks, and create a rule to only read AIM traffic. Then, start talking out loud to either yourself, or a friend, about the same topic that someone is talking about on AIM...and explain to your friend how you've been studying ESP.

thats a great way to get yourself arrested seeing as it is a felony to intercept wireless transmissions of any type regardless of encryption if they were not intended to be received by the interceptor.

If you're reading unencrypted packets, and not intercepting (meaning to take possession of, and stopping the flow between intended recipients), I don't see the law on that. :dunno:

If you're reading unencrypted packets, and not intercepting (meaning to take possession of, and stopping the flow between intended recipients), I don't see the law on that. :dunno:

interception of a signal doesn't imply termination of the signal.

Its not like you can actually get caught unless you come across the bright idea to start telling people.

thats a great way to get yourself arrested seeing as it is a felony to intercept wireless transmissions of any type regardless of encryption if they were not intended to be received by the interceptor.

Can you post the law on this?

Can you post the law on this?

http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm

Law is there to be interpreted. A judge gets the ultimate decision, which will be heavily influenced by your lawyer. ; )

Edit: Just to preemptively answer it's an electronic communication, which could possibly fall under that code, but again it falls on the judge.

thats just the beggining, Patriot act is even more stringent. Its illegal to use 512kb encryption in the us as well.

512kb encryption

That's some serious entropy.

All of my pgp/gpg keys are well over 512, no one has said anything to me about that yet. :dunno:

That's some serious entropy.

All of my pgp/gpg keys are well over 512, no one has said anything to me about that yet. :dunno:

Do you send the ciphers overseas? (don't answer that)

I don't think its illegal for communication within the us, I think you just cant send or receive strong encryption from other countries that aren't US allies.

I'm not a lawyer but it would sure suck to be detained in some overseas prison for years because of the American government's mistrust of its citizens.