moscow wifi

Many people know that your mobile devices spread information about their previous connections. Most have no idea about this.

WiFi probes

To connect to already known networks that do not announce their presence, all your mobile devices send probe packets to find the networks they know. These packets can be captured when the phone turns on or when it disconnects from the network. For this, the usual tools are used - airodump / tcpdump. Example:

# airodump-ng -w wifi-dump wlan0 # tcpdump -n -l -e -r wifi-dump.cap | grep "Probe Request ([^)]"

The output contains the time, the device's MAC address, and the network name. Example:

16:32:26.628209 BSSID:ff:ff:ff:ff:ff:ff DA:ff:ff:ff:ff:ff:ff SA:50:ea:d6:aa:bb:cc Probe Request (SUBWAY)

That is, device 50:ea:d6:aa:bb:cc checked to see if there was a SUBWAY network in range.

Well, what's wrong with that?

Well, they emit these packets with network names. Think about it.

Note that most LANs have unique names. Of course, common names like SUBWAY will come across. But in many homes, the networks are named either by the automatically generated names ProviderNameDEADBEEF or by given users.

That is, the list of trial packets contains approximately the following network names:

Home: ProviderNameXXXXX, StreetNameWifi, etc.
workers: Company, CompanyCity, etc.
edals: standard
hotels: various unique names, excluding chain hotels

So what if you suddenly intercept a trial packet with the network name FooProvider123456, BlahProviderABCDEF, ACME-Fooville, CafeAwesome? Of course, you can guess what kind of provider a person has and where he dine. But these are just names. No BSSID, coordinates and other things. Good. But not much.

For there is WiGLE in the world!

WiGLE (abbreviation for "Wireless Information Logging Engine") is a service that operates under the motto "All Networks All People Find". And most city networks can indeed be found in this service. Moreover, you can find the networks you are interested in by searching by their name. This is how you get information about the networks you are interested in by their names.

Networks in the Kremlin area

[approx. transl.] A large scale of the location of networks on the map is shown only for registered users.

You can make some assumptions. For example, if Wigle returns more than 3-4 networks with the same name, these are most likely some standard networks that can be ignored ... Unless one of them is close to the unique ones that we found. You can filter out those networks that have not been seen for more than a year. Unless they are unique and have not moved over time - otherwise it will mean that the access point has been moved.

Collection of information

What information can we collect based on the list of networks? Let's look at a map that was automatically generated from Wigle's search results. They were downloaded using the wiggle library and mapped:

Green I marked encrypted networks, red - open. Blue - unknown. Each marker actually points to a specific building. You can immediately understand that a person most likely lives and works on the east coast of the United States (several markers), flies to Japan (an encrypted corporate network marker) and vacations in Thailand (networks with hotel names), and also travels around New Zealand (networks with names of campsites). From the name of the corporate network, you can calculate the name of the company.

Here you have social engineering, and the search for a specific person, and the search for company X employees ... And by the MAC address, you can find out the model of the device - and thus find this person in the crowd.

Chief, what to do??

On linux, you can configure wpa_supplicant networks and specify scan_ssid=0. This is the default setting and this setting disables sending probe packets. On other systems, I don't know.

Of course, you can delete saved networks, or turn off wi-fi when you don't need it. But this is not a solution to the problem. You can name your home network by a common name, but this does not solve the problems with the names of other networks that you use.

Everyone loves freebies, but no one loves freebies! If you have a suspicion that someone is stealing your wi-fi traffic, you can’t hesitate, you need to urgently find out who connected to your wifi network. The benefit of seeing all the connected devices to your wi-fi router is quite simple, having the necessary knowledge. Let's find the left connections and punish the lovers of free internet!

Today, Internet routers are used everywhere in offices, apartments, public places, as they allow several devices to simultaneously get fast access to the network. The principle of operation of these devices is to use WI-FI technology using the server-client protocol. The router has a special connector for connecting an Internet cable, after which it distributes the received speed between clients.

However, not all users need their Internet to be used by outsiders, for example, neighbors in the porch or dorm room. Sometimes there is a desire to distribute wireless access only within the apartment, if there are several units of such devices as:

• Notebooks;
• Tablets;
• Smartphones.

In addition, thanks to WI-FI, you can create local networks in offices if the gadgets in use are equipped with an adapter. The main symptoms that someone is using your Internet without permission are:

• Significant drop in access speed;
• Changing the configurations and settings of the router;
• There are unknown devices in the list of connected clients;
• Increased activity of the WAN indicator on the router when you are not using the Internet.

Usually a key indicator of an unauthorized connection to your access point is just the same as a significant decrease in speed, since any router distributes it among all clients.

We look at the connected devices in the admin panel of the router

In various forums, novice users often ask the question of how to find out who connected to my WIFI, but to give an accurate answer, you need to determine the model of the router you are using. Since TP-LINK routers are the most common, it is best to consider this using its example. The most effective, fast and convenient method is to view connected clients in the device's admin panel, but first you need to log into it. So, you need:

1. Connect to an access point via WI-FI or connect a twisted pair (crimped cable on both sides) from the LAN port of the router to a laptop / computer;
2. Open a browser and enter in the address bar: 192.168.0.1 or 192.168.1.1 or tplinkwifi.net;
3. In the window that opens, specify the data for authorization (by default Login - admin, Password - admin).

That's all, after these simple manipulations, the client has the opportunity to configure the router in any way. Regarding the second point, you need to clarify, since the address you enter directly depends on the model of your device, but in most cases one of the above will definitely work. In addition, you can see the exact IP of the router on the sticker, which is located at the bottom of the case.

In the future, it will not be difficult to view connected clients, and for this you need to do the following:

1. Log in to the admin panel in the above way;
2. Go to the Wireless tab;
3. Select Wireless Statistic.

This section contains all the clients currently connected to the access point, but they can also be viewed in the menu item DHCP - DHCP Clients List. This method is beneficial in that it displays more detailed information about the connected gadget, including the MAC address of the network card and the assigned internal IP.

Programs for viewing a list of devices connected to WI-FI

Developers of software to control the network environment today are actively working for the benefit of users. At the moment, there are several high-quality programs that allow you to view the clients of your access point, but the most popular and functional is WiFi Guard. If other applications have a general focus on all sorts of interactions with network connections, then this one is designed for specific purposes. Thanks to it, any administrator will be able to control the number of connected users and, if necessary, block their access. In addition, special green and red markers in front of each connected person give an idea of ​​whether the client is legally consuming traffic.

NETGEAR Genie- this is a very good analogue of the WiFi Guard program with a friendly interface and a wide arsenal of tools. Almost immediately after installing this software, you can get comprehensive information about connected users through the network status map. Acrylic WiFi Professional is a program primarily intended for admins and developers, but at home it can also be very useful. Its functional set provides not only a list of clients, but also the ability to fine-tune your access point. A program with the unambiguous name Who's Is On My WiFi can also help you get information about who is connected to my WIFI. Despite the fact that it is only available in English, it does its job perfectly. The following applications for Windows can be considered no less effective analogues of this software:

1. Wireless Network Watcher;
2. NCS Network Scanner;
3. NetBScanner.

Disable foreign devices from Wi-Fi

The best way to disconnect any user from your access point is to change the password and establish the WPA2-PSK encryption protocol. This procedure requires:

1. Log in to the router's admin panel;
2. Go to the Wireless - Wireless Security section;
3. Select WPA2-PSK encryption type;
4. Set a password of 8 or more characters, it is better to use different case and numbers;
5. Press the Save button.

In addition, in the same settings menu, the maximum number of simultaneous clients is set. This will help if a strictly defined number of devices are always connected to your access point, for example, a laptop, computer and smartphone, so you can set the number 3 in this parameter.

You can protect your WI-FI network from hacking in different ways.
Firstly, it is recommended to change the password to a new one at least once a month, which is a generally accepted security measure for every Internet user.
Secondly, in no case should you use the same password on all sites, and in addition, it must be unique. For example, it is very short-sighted to set the date of your birth, the nickname of the animal or the patronymic of the spouse. It is better to specify a multi-digit code and write it down in notepad. Among other things, it is always required to resort only to the WPA2-PSK encryption type, since other types of protection are easily hacked, but this one guarantees almost 100% security.

How to punish freebie lovers who connected to your WIFI

If you find a "left" client on your access point, then you need to take all measures so that this does not happen again. A great way to punish a negligent neighbor is to permanently block access from his device to your network. For this you need:

1. Log in to the router's admin panel;
2. Go to the Wireless Statistic or DHCP List section and write down the MAC address of the client's network card;
3. Select the Wireless MAC Filtering item in the router settings;
4. Activate it and enter the previously recorded MAC;
5. Save settings.

Thus, an attacker will never be able to connect to the router again. However, you can not disable the user, but set a speed limit for him in the same settings menu, for example, no more than 10 kilobytes per second. After all, what could be worse for modern people who are accustomed to broadband Internet than the main page of Odnoklassniki, which takes a minute to load. Moreover, you have nothing to lose from it. And always try to change the password on the router after someone else has used your laptop or computer, because having access to one of the clients, pulling out the security key is a matter of a few minutes.

Publications on the topic of legislation and "paper" security are not very good for me, so I'll try myself in a different genre - let's talk about practical security. The topic of today's post will be the danger of using other people's Wi-Fi networks.
I think many experts are already familiar with this topic, but they may also find something new in this article.

Let's start the conversation with open Wi-Fi networks, so loved by many for the absence of passwords, availability in many public places and, usually, good Internet speed (when compared with access via mobile networks). But open networks are fraught with a very big danger - all traffic is literally "in the air", there is no encryption and protection against interception. Any user without special knowledge, with the help of ready-made programs, can intercept and analyze all your traffic.

Let's see how this happens - for the sake of demonstration, I put my home hotspot in open network mode:

Then, I connected to this network from a laptop and from an Android tablet, I installed the Intercepter-NG application on the tablet, it is also available under Windows. The application requires super-user rights, after launch, the start window invites you to scan the computers available in the visibility zone:

Having marked my laptop (IP 192.168.0.101), I go to the next screen and start capturing packets. After that, I open Yandex on my laptop:

The sniffer confidently caught the opening of the pages, and if you go to the tab with the cookie image, you can also view a list of all my Cookies that my laptop browser transmitted and received when browsing sites. At the same time, by clicking on any of the lines, Intercepter-NG opens the browser and substitutes the intercepted Cookies, thus, without even catching the moment of authorization of the victim on the site of interest, you can enter its open session. This type of attack is called "session hijacking" - "abduction" of the session.

So, I have demonstrated in practice that there is no protection in an open Wi-Fi network in principle. But the title of this post says "foreign" Wi-Fi networks, not "open". Let's move on to another aspect of wireless security - the interception of traffic within a closed network. I reconfigured the router by enabling WPA2 with a pre-shared key (this type of Wi-Fi network protection is used in 80% of access points):

I reconnect to the network from the laptop and tablet and restart Intercepter-NG - when scanning, it sees the laptop again - I select it and start intercepting traffic, in parallel from the laptop I go to several sites with HTTP-Basic authorization, and this is what I see on the tablet:

The traffic was successfully intercepted - the "intruder" now knows my password to the router's web interface and another site. In addition, session hijacking also works - all traffic is intercepted.
In the case of using WEP and WPA, everything is very simple, the same keys are used to encrypt different devices on the same network. Since the "intruder" also knows this key and sits on the same network, he still intercepts all traffic and decrypts it with a familiar key.
I used WPA2, in which this problem was solved and clients use different encryption keys, however, there is a serious vulnerability in it and, knowing the authorization key and intercepting a certain set of packets, you can reveal the so-called Pairwise Transient Key - the key that encrypts traffic for the one we are interested in client.

As practice has shown, the problem can be partially solved by enabling the AP Isolation option, which is supported by most modern Wi-Fi routers:

However, this is not a panacea, the ability to intercept using Intercepter-NG for Android disappears, but more functional utilities, such as Airodump-ng, continue to work. I did not study in more detail the difference in the operation of these utilities and the reasons for the inoperability of Intercepter-NG, postponing this topic for later. In addition, it is impossible to find out whether isolation is enabled on the network where you connect (for example, in a cafe or at an event) without practical verification.

We figured out the danger of using other people's Wi-Fi networks, the question of protection remains. There are a lot of ways, the main idea is additional encryption of all traffic, and implementation methods are enough - strict use of SSL wherever possible (HTTPS, SSH, SFTP, SSL-POP, IMAP4-SSL, etc.), connection via VPN , using a distributed encryption network like TOR, and so on. This topic is quite extensive and it is worth devoting a separate entry to it.

At the beginning of the development of the Internet, the network connection was carried out with a network cable, which had to be laid indoors in such a way that it did not interfere. They fixed it and hid it as best they could. There are still cable holes in old computer furniture.

When wireless technologies and Wi-Fi networks became popular, the need to run the network cable and hide it disappeared. Wireless technology allows you to receive Internet "over the air" if you have a router (access point). The Internet began to develop in 1991, and closer to 2010 it has already become especially popular.

What is WiFi

This is the modern standard for receiving and transmitting data from one device to another. In this case, the devices must be equipped with radio modules. Such Wi-Fi modules are part of many electronic devices and equipment. At first, they were included only in a set of tablets, laptops, smartphones. But now they can be found in cameras, printers, washing machines, and even slow cookers.

Principle of operation

To access Wi-Fi, you need an access point. Such a point today is mainly a router. This is a small plastic box, on the body of which there are several sockets for connecting the Internet via wire. The router itself is connected to the Internet through a network wire called twisted pair. Through the antenna, the access point distributes information from the Internet to the Wi-Fi network, through which various devices that have a Wi-Fi receiver receive this data.

Instead of a router, a laptop, tablet or smartphone can work. They must also have a mobile Internet connection via a SIM card. These devices have the same communication principle as a router.

The method of connecting the Internet to the access point does not matter. Access points are divided into private and public. The former are used only for use by the owners themselves. The latter give access to the Internet for money, or for free to a large number of users.

Public spots (hot spots) are most often found in public places. It is easy to connect to such networks, being on the territory of this point, or near it. In some places, it requires you to log in, but you are offered a password and login if you use the paid services of this institution.

In many cities, their entire territory is completely covered by a Wi-Fi network. To connect to it, you need to pay a subscription, which is not expensive. Consumers are provided with both commercial networks and with free access. Such networks are built by municipalities and private individuals. Small networks for residential buildings, public institutions become larger over time, use a peer-to-peer agreement to interact freely with each other, work on voluntary assistance and donations from other organizations.

City governments often sponsor similar projects. For example, in France, some cities provide unlimited access to the Internet to those who give permission to use the roof of the house to install a Wi-Fi antenna. Many universities in the west allow students and visitors to access the web. The number of hot spots (public outlets) is steadily growing.

WiFi standards

IEEE 802.11– protocols for low data rates, main standard.

IEEE 802.11a– is incompatible with 802.11b, for high speeds, uses 5 GHz frequency channels. Ability to pass data up to 54 Mbps.

IEEE 802.11b– standard for fast speeds, channel frequency 2.4 GHz, throughput up to 11 Mbps.

IEEE 802.11g– speed equivalent to 11a, channel frequency 2.4 GHz, compatible with 11b, bandwidth up to 54 Mbps.

IEEE 802.11n- the most advanced commercial standard, channel frequencies 2.4 and 5 GHz, can work in conjunction with 11b, 11g, 11a. The highest speed is 300 Mbps.

To get a better idea of ​​how different wireless standards work, consider the information in the table.

Wi-Fi network application

The main purpose of wireless communication in everyday life is to access the Internet to visit sites, communicate on the network, download files. There is no need for wires. Over time, the distribution of access points across the territory of cities is progressing. In the future, it will be possible to use the Internet using a Wi-Fi network in any city without restrictions.

Such modules are used to create a network within a limited area between several devices. Many firms have already developed mobile applications for mobile gadgets that make it possible to exchange information over Wi-Fi networks, but without connecting to the Internet. This application organizes a data encryption tunnel through which information will be transmitted to the other party.

The exchange of information is carried out much faster (several tens of times) than with the known Bluetooth. A smartphone can also act as a game joystick in connection with a game console or a computer, and act as a remote control for a Wi-Fi TV.

How to use a Wi-Fi network

First you need to buy a router. It is necessary to insert a network cable into the yellow or white socket, configure according to the attached instructions.

On receiving devices with a Wi-Fi module, turn it on, search for the required network, and connect. The more devices connected to one router, the lower the data transfer rate will be, since the speed is equally divided among all devices.

The Wi-Fi module looks like a regular flash drive, the connection is made via the USB interface. It has a low cost. On your mobile device, you can enable an access point that will act as a router. During the distribution of the Internet by a smartphone via an access point, it is not recommended to load the processor too much on it, that is, it is undesirable to watch videos or download files, since the speed is divided between the connected and distributing device according to the residual principle.

Wi-Fi technology makes it possible to access the Internet without a cable. The source of such a wireless network can be any device that has a Wi-Fi radio. The propagation radius depends on the antenna. With the help of Wi-Fi, groups of devices are created, and you can also simply transfer files.

AdvantagesWi— fi

• No wiring required. This saves money on cabling, wiring, and saves time.
• Unlimited expansion of the network, with an increase in the number of consumers, network points.
• There is no need to spoil the surface of walls, ceilings for cable laying.
• Global Compatibility. This is a group of standards that works on devices made in different countries.

FlawsWi— fi

• In neighboring countries, the use of a Wi-Fi network without permission is allowed to create a network in premises, warehouses, and in production. To connect two neighboring houses with a common radio channel, an appeal to the supervisory authority is required.
• Legal aspect. Different countries have different attitudes towards the use of Wi-Fi band transmitters. Some States require all networks to be registered if they operate from premises. Others limit transmitter power and certain frequencies.
• Communication stability. Routers installed at home, of common standards, distribute a signal at a distance of 50 meters inside buildings, and 90 meters outside the premises. Many electronic devices, weather factors reduce the signal level. The range of the distance depends on the frequency of operation and other parameters.
• Interference. In cities, there is a significant density of router installation points, so there are often problems connecting to a point if there is another point nearby operating on the same frequency with encryption.
• Manufacturing options. It often happens that manufacturers do not adhere to certain device manufacturing standards, so access points may have unstable operation, the speed differs from the declared one.
• Electricity consumption. Sufficiently high power consumption, which reduces the charge of batteries and accumulators, increases the heating of the equipment.
• Safety. WEP data encryption is unreliable and easily hackable. The WPA protocol, which is more reliable, does not support access points on older equipment. The WPA2 protocol is considered the most reliable today.
• Function limitation. During the transmission of small packets of information, a lot of proprietary information is attached to them. This makes the connection quality worse. Therefore, it is not recommended to use Wi-Fi networks to organize the operation of IP telephony using the RTP protocol, since there is no guarantee for the quality of communication.

Features Wi-Fi and Wi MAX

Wi-Fi network technology was primarily created for organizations to move away from wired communications. However, this wireless technology is now gaining popularity for the private sector. The types of wireless connections Wi-Fi and Wi MAX are related in terms of tasks performed, but they solve different problems.

Wi MAX devices have special digital communication certificates. Full protection of data streams is achieved. Based on Wi MAX, private confidential networks are formed, which make it possible to create secure corridors. Wi MAX transmits the necessary information, regardless of the weather, buildings and other obstacles.

Also, this type of communication is used for high quality video communication. You can highlight its main advantages, consisting in reliability, mobility, high speed.

The information that you can obtain in this article can be used to obtain unauthorized access to networks, and your actions may fall under articles 272-273 of the Criminal Code of the Russian Federation. This information is published here for informational purposes only, and you are solely responsible for its use for illegal purposes.

This article is devoted to the topic, which was consecrated at the meeting of the MGUPI User Group "Ensuring the security of wireless networks."

Introduction

Wireless networks is a technology that allows you to create networks that fully comply with the standards for conventional wired networks (Ethernet), without the use of cable wiring. On the one hand, this technology is aimed at “lazy” home users, on the other hand, it has found wide application in large businesses, both IT and non-IT.

IEEE 802.11 is a common wireless networking standard, a set of communication standards for communication in a wireless local area network area of ​​2.4 frequency bands; 3.6 and 5 GHz.

Thus, WiFi is designed to build wireless local area networks where the use of wired communication channels is undesirable, for various reasons, for example:

1. Cost savings when building a network
   If the projected local network includes laptops and other devices equipped with a Wi-Fi module as workstations, then the acquisition of a Wi-Fi access point (points) will be more cost-effective than laying a cable.
2. Building a local network in places where cabling is impossible or has a high cost
   For example, you need to connect a warehouse or another office located within the line of sight to the local office network, while pulling a cable there is problematic for various reasons.
3. Building a simple public network
   It is often required to provide fast access to the network / Internet to a large number of users in a hotel, cafe, airport and other similar places. At the same time, users and devices are dynamic. In this case, the most rational solution would be to use Wi-Fi.

Topologies of wireless networks

Ad-hoc(point-to-point)

Ad-Hoc is a type of wireless network in which all connected devices send data directly to each other, using the peer-to-peer network principle.

Typically, Ad-Hoc is used to create a temporary network for fast file transfers between computers. In corporate scenarios, Ad-Hoc is rarely used, with the exception of the aforementioned scenario of networking in two buildings. The disadvantages of this topology is the decentralization of the network, which leads to a forced data transfer rate in the case of using a large number of computers. Therefore, there is a more manageable topology like AP.

AP(access point, infrastructure)

AP is a type of wireless network in which data transmission is controlled by using a specialized device - an access point, which plays the same role as a switch plays in a wired network. There are also wireless routers that route traffic between the wireless network, the wired segment, if any, and the external network.

By increasing the centralization of the network, both manageability and data transfer speed increase.

Safety

Obviously, in wireless networks, radio is used as a data transmission medium. At the same time, due to its high availability, the issue of ensuring the security of data transmitted via a wireless network is acute. Therefore, security in wireless networks is provided at three levels:

• Physical
• ducted
• Transport

At the physical layer, there are two methods of protection - jammers and SSID broadcast. Interference devices can be installed around the perimeter of the required network radius so that the wireless network operates only in a given area, and its signal cannot be caught outside this zone.

It is also possible to disable SSID broadcasting. SSID is the Service Set Identifier, in other words, the network name that is broadcast to the network using special packets every 100ms.

For enhanced security, it is recommended to disable SSID broadcasting. Thanks to this, you will be able to "hide" your network, and connection to it will be possible only after specifying the SSID. However, this protection method is not a panacea, since an attacker will be able to find out the SSID after analyzing the packets.

At the data link layer, there is also a security method such as MAC address filtering. When connecting to an access point, the MAC address of the client device is checked, and if it matches the white list, then connection to the network is allowed. Similarly, there is the possibility of working on the principle of a "black" list. However, this mechanism is an access control mechanism, not a data encryption mechanism.

It becomes clear that in order to protect data, it is necessary to use encryption mechanisms at the transport level.

Wi-Fi Encryption

open system

As the name implies, this type of encryption does not encrypt the transmitted data, and from the protection mechanisms it only has MAC address filtering. Thus, packets are transmitted over the air without encryption, in an open data stream.

The data transmitted in this way is not encrypted, but encoded according to the protocol used.

Thus, an attacker can easily intercept your traffic and extract confidential information from it.

WEP

Wired Equivalent Privacy (WEP) is an algorithm for securing Wi-Fi networks.

Used to ensure confidentiality and protect the transmitted data of authorized users of the wireless network from eavesdropping. There are two flavors of WEP: WEP-40 and WEP-104, differing only in the key length.

WEP is based on the RC4 stream cipher, chosen for its high speed and variable key length. CRC32 is used to calculate checksums.

WEP frame format:

• unencrypted part

1. Initialization vector (24 bits)
2. Empty space (6 bits)
3. Key ID (2 bits)

Encrypted part

1. Data
2. Checksum (32 bits)

WEP keys are 40 and 104 bits long for WEP-40 and WEP-104, respectively. Two types of keys are used: default keys and assigned keys. The assigned key corresponds to a specific sender-receiver pair. It can have any value previously agreed by the parties. If the parties choose not to use the assigned key, they are given one of the four default keys from a special table. For each data frame, a seed is created, which is a key with an initialization vector attached to it.

In order to transmit data over a wireless network, it is necessary to perform encapsulation, in other words, pack the data in accordance with the algorithm. Encapsulation is done like this:

1. The checksum from the "data" field is calculated using the CRC32 algorithm and added to the end of the frame.
2. The checksum data is encrypted using the RC4 algorithm, which uses the seed as the key.
3. An XOR operation is performed on the plaintext and ciphertext.
4. An initialization vector and a key identifier are added to the beginning of the frame.

As soon as the data frame is received, decapsulation occurs in the end device:

1. An initialization vector is added to the used key.
2. Decryption takes place with a key equal to seed.
3. The XOR operation is performed on the received text and ciphertext.
4. The checksum is checked.

WEP VULNERABILITY

Since the initialization vector and the key identifier are entered at the beginning of each frame, there is a possibility of hacking by collecting and analyzing packets.

Thus, WEP cracking is performed in literally 15 minutes, provided there is a lot of network activity. Therefore, it is highly discouraged to use it when building a wireless network, since there are more secure algorithms, such as WPA and WPA2.

WPA\WPA2

WPA is based on 802.1x security standards, as well as TKIP and AES protocols, and an extensible EAP authentication protocol (optional) /

TKIP is a temporary key integrity protocol in the WPA secure wireless access protocol. Uses the same RC4, however the initialization vector has been doubled. A new key is generated for each package.

Advanced Encryption Standard (AES) is a symmetric block cipher algorithm. As of 2009, AES is one of the most widely used symmetric encryption algorithms. A new key is generated for each packet, just like with TKIP.

WPA2 is defined by the IEEE 802.11i standard, adopted in June 2004, and is intended to replace WPA. It implements CCMP and AES encryption, making WPA2 more secure than its predecessor. Since WPA supports EAP as an optional protocol, it contains an implementation of WPA- Enterprise, designed to authenticate the user before connecting.

An access point that supports WPA-Enterprise requires a username and password when connecting to the network, and verifies these credentials through a so-called RADIUS server located on the local network. In Windows Server 2008 R2, this requires deploying NAP services and a domain controller for advanced user management. Thus, domain users can easily and securely access the wireless network.

The WPA2 protocol also has an enterprise implementation.

For home users, there is an implementation of WPA-Personal. Connection to the network is carried out only after the successful entry of the passphrase.

Method for gaining unauthorized access to a WEP network

In this section, you will find an example of how to quickly access a WEP network. It is recommended that you use the x86 version of Windows XP\Vista\7.

To begin with, you need to intercept a significant number (100-200 thousand) of packets transmitted on the network. To do this, you need to allow your WiFi network card to receive not only those packets that are intended for it, but also all packets within its range. This is called sniffer mode. To transfer the Wi-Fi adapter to this mode, there are special drivers. Also, you need software that allows you to capture these packets.

I suggest using the CommView for WiFi tool, a 30-day trial version of which you can download for free from http://tamos.ru/

However, not all WiFi adapters are supported by the CommView for WiFi sniffer mode drivers, so it is recommended to check the list of supported and recommended adapters on the site.

Installation of CommView for WiFi is fast, a reboot may be required when installing drivers for sniffer mode. After installing the program, you need to make the appropriate settings. Open the "Settings" menu and execute the "Settings" command, on the "Memory Usage" tab, make the settings shown in the screenshot.

The last step in the configuration will be to specify the capture of only DATA packets, ignoring beacon packets, in the "Rules" menu.

The meaning of these settings is to increase the system resources that will be allocated for the program. Logging parameters are also configured to enable writing large amounts of data to disk. The rules setting is designed to capture only those packets that contain the seeds necessary to extract the WEP key from them.

After the settings are made, you can start capturing. To do this, you need to execute the "Start Capture" command from the "File" menu, or click the corresponding button on the toolbar. In the dialog box that opens, click the "Start Scan" button. Wireless networks that are found within range of the adapter will be displayed.

After that, you need to select the network whose packets you want to intercept, and click the "Capture" button.

The packet capture process will begin. In total, it is necessary to collect 100-200 thousand packages.

This is necessary to simplify data visualization in the future.

On average, as already mentioned, to successfully extract a WEP key, you need 100-200 thousand packets. On average, this is 30-40 MB of captured traffic. This can be viewed by opening the folder where the log files are saved.

After the required number of packets has been captured, it is necessary to convert them to the CAP format. To do this, press the key combination Ctrl + L in the CommView for WiFi program window, and in the dialog box that opens, execute the command “Load CommView log files”, in the file selection window that opens, select ALL ncf files that were captured while the program was running, press the "Open" button. After a few seconds, depending on the total size of the files, the packages will be loaded into the analyzer window. Next, execute the "Export log files" command, and in the submenu that opens, select the "Wireshark / Tcpdump format" item, and specify the file name.

The captured traffic will be converted to the CAP format. This is for compatibility with the Aircrack utility, which will allow you to extract the WEP key from the captured traffic.

After downloading the archive, go to the bin folder and run the program "Aircrack-ng GUI.exe" In the window that opens, click the "Choose ..." button, and select the previously created CAP file.

Next, you need to select the encryption method, in our case WEP, as well as the key length. The most commonly used key is 128-bit, but you can choose other key lengths. If you assume that there are a significant number of ARP packets among the captured packets, then it makes sense to use a PTW attack. Otherwise, do not select the corresponding checkbox.

After completing the settings, you can click the “Launch” button, after which the aircrack utility itself will be launched on the command line. You will be prompted for a list of wireless networks whose packets are contained in the specified CAP file. If you enabled capture of management packets for several minutes, then the SSIDs of the networks will also be displayed. Enter the number of the network whose encryption key you want to obtain from the keyboard and press the Enter key.

After that, the process of searching for the key will begin. The table displays statistical information for each specific key byte.

As soon as the key is found, the corresponding message and the key itself are displayed.

Note that the time it takes to crack a WEP network is 90% of the time it takes to capture the required number of packets, so the time it takes to crack a network is directly proportional to the amount of data being sent over it.
It is also worth understanding that a very low signal level is enough for an attacker to successfully crack a WEP key, since he only needs to intercept packets.

Conclusion

In this article, we talked about the basic principles of security in wireless networks, and also showed how, in a fairly short period of time, you can access a network using WEP encryption.

The next article will talk about the WPA\WPA2 security mechanism.