Why hax0rs don't care about 802.11

[tampabay420]

Experts at war driving -- scanning communities for the existence of wireless networks that can be tapped -- routinely exchange location secrets and sniffing tips over the Web, the way gamers trade strategies for reaching new levels.


http://www.newsfactor.com/perl/story/19776.html

[x acidreign x]

I would imagine that with the proliferation of wireless devices, the bandwidth involved in a wireless network might be hindered by interference. How do they protect against such things, and if a hacker were to tap into a wireless network, would that give him access to the person's high speed internet connection? because that would be sweet. I think that hijacking a person's highspeed wireless network is more of a "kid-next-door" type of hack than a evil-genius-hax0r type hack.. I know if my neighbor could free from 56k hell then i'd certainly look at the situation with some degree of interest.

[Cemetric]

Wireless ... the stories I can tell

My firm places a lot of wireless LAN & WAN ...
It is very easy to hijack a wireless access line , giving that there is no encryption involved (but I imagine that the better hackers can circomvent this as well) ... you can even drive around with your portable through a place where there are a lot of officebuildings , and see if you can connect to an accesspoint , I've tried this (fo my job , before I get labeled a hacker ;-) ) and it works ... then all you have to do is try to crack the encryption (all I say ... but you know what I mean)..when you hijack this line you get FULL access to the LAN .
It's even easier when they use DHCP ..so you don't need to set a fixed IP or anything.

I can go on for a while but I think you get the picture here,

Gr33tz,

Cemetric.

[nabylbt]

Unfortunatly i agree with Cemetric, the wep standard is too weak, the key size of off 32 if i remember right and after sniffing a while a simple stat anal gives you the right key ....
There are ways to go around the wep using acls, no dhcp, level 2 addressing, static routing .... .... harder to set up and not unbreakable at all.

The oproblme still reside upon the 2 computers agreeing on en encoding scheme and exchanging / renewing the public key fast enough....
Cisco came up with a radius server behind an AP but ....

[dspeidel]

Over the weekend was supposivley a war driving maraton going on in multiple countries. I think some security companies were interested in using it as a selling point. The WSJ carried a story last week somewhere between Wednesday and Friday and a local TV news program spoke of what you can do to make yourself more secure briefly (>15 seconds) this morning. I think most of the war drivers intended to inform the companies that they were valunerable but I'm not sure and there might have been some bad apples.

Cheers,
-D

Sorry I couldn't be more specific of the WSJ story date -but I only glanced at last week

[owen76]

I know this ain't much help, but I believe about 6 months ago jared_c had a thread about using a pringle can to detect wireless networks. I hear that law enforcement is using this technique.

[Cemetric]

Ehhh owen76

A pringle can...can you tell me more about it .. cuzz well ..I've got imagination but this..stretches it a bit or am I barking on the wrong tree here with that pringle can??

Thnx..

Cemetric

[xmaddness]

The pringle can is lined with a reflective material and can be used to direct a signal from your wcard to an office building, home, store, etc. Wireless networks are a problem just waiting to happen. I'm waiting for the day when some group decides to build a zombie, install it on multiple computers (hundreds), and runs a ddos from them. Its a known fact that most wireless networks have a dedicated highspeed line and can be very easily used in this type of attack. Just give it time, it will happen. When it does happen people are going to turn around and blame all the wireless companies for marketing such an insecure product. And once again they will point their fingers at the IT community claiming that we should have informed the world of this problem. *sigh* </rant>


I just hope that these wi-fi companies build in better security in the future, because their products are one hell of a security hole.

[zepherin]

That's why UWB should replace the 802.11.

[SoggyBottom]

I am of the opinion that, although breaking into a Wireless Network is as easy as falling off a chair, it still poses an enormous threat to a companies security.

Companies spend millions upon millions on security infrastructure like VPNs, Firewalls (usually multi-tiered), Routers, IDS .... the list goes on. And all that is required to circumvent all this is one misconfigured access point on the internal network.

I agree, that l33t h@x0r5 may avoid this type on hack method due to its simplicity, but what about disgruntled employees, malicious competitors etc...?? These profiles are the real ones that you have to worry about.