Ive been studying 802.11 security for a while now. Actually there is not much to study.....its insecure!!!

www.wardriving.com provides some good insight on the hardware and software needed to do this type of testing. It seems like ever since Shipley released his perl script to find AP's this thing has been going up and up and up.

I am working on writing a secure guide to implementing 802.11b right now and will be posting it soon.

Go to airsnort.shmoo.com to get the latest version of the popular WEP cracking tool Airsnort. This tool has been getting better and better and now supports the Hermes chipset (Orinoco). For all of you with Orinoco cards, they have an external antenna attachment so support for these cards is good. While testing Airsnort in a lab environment I cracked WEP with about 3500 "interesting" packets (packets with weak key sections) in only 2 hours.

I do agree that 802.11 is getting a bit out of control because I cant turn around before another script kiddie puts up a website claiming he is a hacker because he wardrove his local neighborhood. 802.11 is really cool but extremely dangerous because it is so cheap and easy to implement and people just dont know the security implications of it.

Check out the presentation section of www.blackhat.com . They have some great presentations on 802.11 security, advanced explout techniques, and basically anything else you would ever want to know about it.

~Xe