Need to test wireless network security
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Need to test wireless network security

  1. #1
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Need to test wireless network security

    Hi there

    I'm a newbie to networking and I do apologise if I've posted in the wrong part of the forum.

    What I'd like to do ethically is hack into the wirless network in the hotel where I work, obviously to see wether or not the network is secure

    The hotel has just had a pay to surf wireless network put in so guests can access the net with their wirless enabled laptops etc.

    Please can anyone show me how to do this and what software I'd need. I'll be using a latop with Windows XP installed.

    Any help would be greatly appreciated.

    Thank You

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    hey, welcome to AO...

    have you checked with the hotel to see if they are ok with this? I know you probably have the best intentions... but management might not see it that way. I would strongly suggest checking with them before doing any kind of pen testing. just a thought.

    westin
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    Well obviously if you would want to thoroughly and properly test the security, you would need to hire a "professional hacker" to do the job for you.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  4. #4
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Yeah I would check with your employer first. I know you're trying to help but they might see it differently.

  5. #5
    Member
    Join Date
    Sep 2006
    Location
    At a keyboard
    Posts
    82
    Theres no need. All security features of existing wireless networks have all ready been "tested". Why not just read up on the network type they have employeed. If you wanting to know if the wireless wep/wap keys can be broke, then really why would you have to test it? They are all pretty much standard. meh.

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    as far as I know, pay as you go services do not implement WEP or WPA... you are allowed to connect to the wireless network, but must authenticate on the login page to be able to route to the net... correct me if I am wrong... but this has been my experience at Starbucks, the Tokyo airport etc...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi, I think westin has an interesting point. You should be able to work out what is going on from the procedure a customer has to follow to use the service.

    From what I have seen, the local "network" doesn't have much in the way of security..............much like the free hotspots. In the case of the hotel it is just a mechanism to charge the usage to a room.

    I am no expert on this, but I would have thought that there is little to control people who are in range as to what they do on the internal network?..............after all they are all going to look like residents.

    The question would be, do they have to provide authentication to access the network and then again to use the internet, or is it just to use the internet?........... that is they only authenticate to the "billing mechanism".

    I wouldn't want to get personally involved, and would hire a professional outfit if it is an issue. That at least CYA if things go pear shaped

    Once again, look at the process and procedures first, that should tell you all you need to know?

  8. #8
    Junior Member
    Join Date
    Jan 2007
    Posts
    2
    Hi all

    Thanks very much for your replys,

    I'm one of the management team and they've asked me becuase they know I'm into computing, we don't have an I.T department to implment this task so they've asked me to do this.

    Basically when a guest finds and connects to the wirless connection, they'd open up their internet browser window and they'd be taken to a credit card payment page.

    I wanted to test to see if I'm able to bypass this, and if I can then we'd make the company aware of this and if they're unable to anything then we'd get rid of the pay to surf internet.

    All help will be much appreciated

    Thanks

  9. #9
    Junior Member
    Join Date
    Dec 2006
    Posts
    28
    latest issue of 2600 had an article on how to reuse other hotel patrons' accounts, I believe. They may have caught wind of the article because it was directed to your industry.

    check Barnes & Noble

    It's one method of attack

  10. #10
    Junior Member
    Join Date
    Dec 2006
    Posts
    28
    Check
    2600:Hacker Quarterly
    Autumn 2006 issue
    "Never Pay for WiFi Again!"

    Describes a way to reuse other patrons' accounts.
    I'm guessing your mgmt caught wind of this recent article since it targets your industry.
    Issues can be found @ Barnes & Noble & other places

    But, in all practical sense, who gives a ****? So, one in one thousand guests may (know plus care plus attempt) to do something like; it doesn't justify shutting it down.

    Regardless, the system should definitely monitor by MAC address, if anything. Like 2 MACs allowed per customer (one laptop, one PDA).
    This is how a city-wide wireless provider did it here locally and that's what I paid for. And wireless should be a cheap, if not free, courtesy service.
    Last edited by not_it; January 25th, 2007 at 11:42 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •