OESF Portables Forum
Everything Else => Zaurus Distro Support and Discussion => Distros, Development, and Model Specific Forums => Archived Forums => Angstrom & OpenZaurus => Topic started by: grog on February 05, 2005, 01:29:11 pm
-
Hi all. I've been playing around with wireless connections for the last couple of weeks, mainly using wellereiter to scan for networks & attempting to connect to them. It's been a frustrating experience so far with no successes.
Even for networks that I know to be free & open (people with 'doze laptops connecting happily, for instance), nothin' works for me. Wellenreiter sees the network and when I click & hold & select 'join network' it brings up the wlan network settings tabs where I remove my home settings (which do work BTW, and I've saved into a separate file so I can easily retore them after) & save & still I'm not on. I use wep @ home so I know not to try to connect to the ones that have it (hey, I'm not looking to crack secure networks, I just wanna read my email & new zaurus ng posts once in a while while travelling around).
I've searched the archives for tips on wireless scanning (which let me to both kismet & wellenreiter, the latter being much easier to use). Besides getting both of the programs working fine (or so it seems). still no joy.
Could somebody please give me some tips I can try? thks
-
There's more to connectivity than just setting an ESSID.
1.) Check if you're actually able to authenticate. Hint: Use iwconfig to see if you get an access point.
2.) If there's no DHCP server running you need to specify an IP, a subnetmask and a default gateway. You also need to specify DNS servers. Contact the operator of the network you want to join for these information.
-
You may be dealing with MAC filtering. The sniffers will not indicate this. Our local state U campus systems seem to be open but the IT admins require that all wifi be registered for access. If your MAC is not on the lists you either fail or spoof.
Just a possibility.
-
1.) Check if you're actually able to authenticate. Hint: Use iwconfig to see if you get an access point.
That would be if iwconfig shows the MAC address of the access point in it's output, correct? But wellenreiter shows a MAC & saves that in the nerwork settings, so it should be set correctly, right?
2.) If there's no DHCP server running you need to specify an IP, a subnetmask and a default gateway. You also need to specify DNS servers. Contact the operator of the network you want to join for these information.[div align=\"right\"][a href=\"index.php?act=findpost&pid=65722\"][{POST_SNAPBACK}][/a][/div]
AH. I wouldn't have considered there being no DHCP server. If I can't get the gateway address, can I just specify my own (like IP 10.0.0.100 and gateway 10.0.0.1 or another reserved subnet)? How do the winddoze folks do it when they don't know the gateway address either? And I guess I can just leave my own DNS server's address's in there.
You may be dealing with MAC filtering. The sniffers will not indicate this. Our local state U campus systems seem to be open but the IT admins require that all wifi be registered for access. If your MAC is not on the lists you either fail or spoof.[div align=\"right\"][a href=\"index.php?act=findpost&pid=65724\"][{POST_SNAPBACK}][/a][/div]
errgh. I should have thought of that, considering I have that enabled @ home :?). I understand that the MAC can be spoofed, but then you'd have to know what it's spoofed to, of course %^>.
Thanks.
-
You guys do know that you're talking about commiting a felony on an open fourm? Just because the owner of an access point has it open doesn't mean you can use it.
-
You guys do know that you're talking about commiting a felony on an open fourm? Just because the owner of an access point has it open doesn't mean you can use it.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=65733\"][{POST_SNAPBACK}][/a][/div]
I did say at the beginning I wasn't interested in hacking, but thanks for clarifying that :?). Actuallty the ones I'm mostly interested are for public use, I've just haven't been able to connect to them. So now I know I need to contact the owner(s) to get their info.
-
Just because we talk about it, doesn't mean we've committed it. All I have seen here is wireless networking 101. None of the information is *only* used for aquiring other peoples networks. How does one protect his network intelligently if he doesn't know how the hackers are going to get in?
-
Just saying be careful.
-
I'm almost positive it's not a crime to use a publicly accessible wifi APs, even if they are not commercial hotspots. However, if you have to pop encryption or poison arp tables, then yeah, you've entered the realm of illegality.
-
errgh. I should have thought of that, considering I have that enabled @ home :?). I understand that the MAC can be spoofed, but then you'd have to know what it's spoofed to, of course %^>.
This is what got my attention. And yes using an open network without the owners permission is illeagle. Just because it's open, doesn't make it a hotspot. It's most likely a TOS violation with the service provider in any case.
-
This is what got my attention. And yes using an open network without the owners permission is illeagle. Just because it's open, doesn't make it a hotspot. It's most likely a TOS violation with the service provider in any case.[div align=\"right\"][a href=\"index.php?act=findpost&pid=66088\"][{POST_SNAPBACK}][/a][/div]
BarryW -
While I assume that your intentions are good, I disagree with any attempts to stifle conversation regarding these matters.
To my understanding, "using an open network without the owners permission" is not necessarily in all cases & states illegal. This is still a very grey area of law. And, while I am not a lawyer myself, my sister IS.
I agree that such actions may be of questionable honesty & morality. But when the simple DISCUSSION of such topics becomes banned or illegal, then it has become, IMHO, "time to take up arms" as one of the Founding Fathers so aptly said.
Your point is taken. But we reserve the right to discuss items with which others, as yourself. might disagree. OK?
-
This is what got my attention. And yes using an open network without the owners permission is illeagle. Just because it's open, doesn't make it a hotspot. It's most likely a TOS violation with the service provider in any case.[div align=\"right\"][{POST_SNAPBACK}][/a][/div] (http://index.php?act=findpost&pid=66088\")
BarryW -
While I assume that your intentions are good, I disagree with any attempts to stifle conversation regarding these matters.
To my understanding, "using an open network without the owners permission" is not necessarily in all cases & states illegal. This is still a very grey area of law. And, while I am not a lawyer myself, my sister IS.
I agree that such actions may be of questionable honesty & morality. But when the simple DISCUSSION of such topics becomes banned or illegal, then it has become, IMHO, "time to take up arms" as one of the Founding Fathers so aptly said.
Your point is taken. But we reserve the right to discuss items with which others, as yourself. might disagree. OK?
[div align=\"right\"][a href=\"index.php?act=findpost&pid=66157\"][{POST_SNAPBACK}][/a][/div]
I'm not trying to stop the thread, I was just pointing out the law. It is a federal law, by the way. That makes it all 50 states.
[a href=\"http://www.ncsl.org/programs/lis/cip/hacklaw.htm]http://www.ncsl.org/programs/lis/cip/hacklaw.htm[/url] Like I said I was just pointing out that not all open access points are "hot spots". Sorry if it seems like I'm beating a dead horse here, but when I see "connecting to multiple networks" and "wardriving" wardrivers never connect, by the way, bells start going off in my head.
-
I'm not joining in to stop people talking about it but in the eyes of a court if it went that far accessing an unprotected WLAN without permission would be like walking into somebody's house because the door was unlocked.
Technically you have something that is private, regardless of the ease of access and this, although you may not be forging credentials to access it, could be likened to trespass and use of resources (bandwidth etc.).
It is true that Kismet etc will give you a list of mac addresses connected to an access point and if filtering were enabled and you had the incling to do it you could spoof one of those addresses when it wasn't on, however, you just entered the realms of impersonation and that adds to the rap sheet.
Finally, many organisations with a good security policy will protect their real access points by putting up honeypot WLANs that are either unprotected or have minimal protection. The rationale here is to identify the hacker and start to gain information about them before they get to a real network.
- Andy
-
Ah, can't find it now.... there was an artical on Security Focus or somewhere that I wanted to bring to your attention.
It's about being extremely careful in public Wifi hotspots.
Apparently kiddies are going in with a host configured for hostap and proxying connections onto the Wifi hotspot so they can act as man in the middle. Apparently they have a full suite of scripts to proxy the outbound authentication page that you normally hit in a public hotspot - not such a big problem if it's a 'Starbucks one off login' but it is a problem if you have subscribed to a carriers premium service and are being billed by credit card. Anyway once onto those environments be additionally careful that you don't get your POP mail unless your client AND your ISP support SSL based authentication rather than plain text etc. Being on a public network means just that so careful even on legitimate use.
- Andy
-
Ah, can't find it now.... there was an artical on Security Focus or somewhere that I wanted to bring to your attention.
It's about being extremely careful in public Wifi hotspots.
Apparently kiddies are going in with a host configured for hostap and proxying connections onto the Wifi hotspot so they can act as man in the middle. Apparently they have a full suite of scripts to proxy the outbound authentication page that you normally hit in a public hotspot - not such a big problem if it's a 'Starbucks one off login' but it is a problem if you have subscribed to a carriers premium service and are being billed by credit card. Anyway once onto those environments be additionally careful that you don't get your POP mail unless your client AND your ISP support SSL based authentication rather than plain text etc. Being on a public network means just that so careful even on legitimate use.
- Andy
[div align=\"right\"][a href=\"index.php?act=findpost&pid=115569\"][{POST_SNAPBACK}][/a][/div]
I've probably already read it, would be good reading here though. You can set up a linksys wrt as a man in the middle access point. What's really cool is you can run them off a few D cell batteries.
-
or since 99.9% of broadband wifi boxes have integrated switches/gateways/routers/flux capacitors, you run an ARP MITM attack anyway and still win the day...
By the way... anything you transmit in the 2.4ghz spectrum is elligable to be collected legally. You are not protected unless you are taking active measures such as WEP and mac filtering, which to circumvent require an effort to compromise an information system, which is where the technical illegality comes in. At least in the states anyway.
Same with your cordless phones, which are up for collection without warrants as there is no technical wiretap occurring, although that's possible now through USAPATRIOT anyway. Radio privacy is a very sketchy issue from a legal standpoint, especially now that every given joe owns and operates probably 25 RF devices through the course of a day without even knowing it.
As for wardriving, yes, the points above regarding how to associate are valid. Personally I have a laundry list of reliable DNS servers in my head to pick from should DHCP not be operational. Beyond that theres just the issue of subnetting and choosing an address, which have already been mentioned.
There are cards which are capable of dropping into a raw dump mode for validly formed radio packets in the 802.11b spectrum, which will sniff every packet in the sky within range of your station and simply perform a dump of the data within to a file or stdout. With such a setup you can glean extremely precise information on unencrypted and even wep'd networks simply through passive enumeration. It is not difficult to discern the traffic's destination and break it down to specific APs and clients, and I believe there are automated discovery tools like Cheops that even perform it for you in a pretty graphical interface.
It is possible through toolsets like dsniff and ethereal's text dump feature, to map active wireless clients and APs, login information for things like snmp, telnet, ftp, aim, most other plaintext transmitted protocols, versions of active servers through banner grabbing, client and AP hardware identifications through mac analysis, client and AP software/firmware identification through banner grabbing and packet data analysis, and a host of other information without transmitting a single packet or even associating with the AP. After all, with consumer electronics, if the user's hardware can decypher the packets, so can yours. This of course is useful for casing nearby networks, and monitoring your own.
I would warn though, that if busted doing silly things to anyone's network, you would likely have a hard time defending yourself. While using 802.11b is similar to using a CB radio in that you're not entitled to privacy, this argument rarely stands when a wealthy corporation is paying a skillful lawyer who can spin it against you. Any sort of network enumeration is playing with fire, but if you're benevolent and simply poking around, nobody is likely to notice, or if they do notice, care. Your best bet if you wish to explore networks without causing harm or trouble (as you can do this without even realizing it) is to investigate passive approaches to sniffing the air. This way you have no chance of interfering with operations, as you are not transmitting anything at all. It is a more difficult route than associating validly, but it reaps a good amount of rewards and can be useful for learning how wifi packet navigation works.
Hope this helps, wow I've been winded.
Edit: here's a good quick read on some of the concepts involved.
http://perform.wpi.edu/wsniffer/wsniffer.html (http://perform.wpi.edu/wsniffer/wsniffer.html)
and
http://www.cs.wright.edu/~pmateti/Internet...relessHacks.htm (http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm)