Need to test wireless network security

[hypuk]

Hi there

I'm a newbie to networking and I do apologise if I've posted in the wrong part of the forum.

What I'd like to do ethically is hack into the wirless network in the hotel where I work, obviously to see wether or not the network is secure

The hotel has just had a pay to surf wireless network put in so guests can access the net with their wirless enabled laptops etc.

Please can anyone show me how to do this and what software I'd need. I'll be using a latop with Windows XP installed.

Any help would be greatly appreciated.

Thank You

[westin]

hey, welcome to AO...

have you checked with the hotel to see if they are ok with this? I know you probably have the best intentions... but management might not see it that way. I would strongly suggest checking with them before doing any kind of pen testing. just a thought.

westin

[Raion]

Well obviously if you would want to thoroughly and properly test the security, you would need to hire a "professional hacker" to do the job for you.

[JPnyc]

Yeah I would check with your employer first. I know you're trying to help but they might see it differently.

[shatteredsoul]

Theres no need. All security features of existing wireless networks have all ready been "tested". Why not just read up on the network type they have employeed. If you wanting to know if the wireless wep/wap keys can be broke, then really why would you have to test it? They are all pretty much standard. meh.

[westin]

as far as I know, pay as you go services do not implement WEP or WPA... you are allowed to connect to the wireless network, but must authenticate on the login page to be able to route to the net... correct me if I am wrong... but this has been my experience at Starbucks, the Tokyo airport etc...

[nihil]

Hi, I think westin has an interesting point. You should be able to work out what is going on from the procedure a customer has to follow to use the service.

From what I have seen, the local "network" doesn't have much in the way of security..............much like the free hotspots. In the case of the hotel it is just a mechanism to charge the usage to a room.

I am no expert on this, but I would have thought that there is little to control people who are in range as to what they do on the internal network?..............after all they are all going to look like residents.

The question would be, do they have to provide authentication to access the network and then again to use the internet, or is it just to use the internet?........... that is they only authenticate to the "billing mechanism".

I wouldn't want to get personally involved, and would hire a professional outfit if it is an issue. That at least CYA if things go pear shaped

Once again, look at the process and procedures first, that should tell you all you need to know?

[hypuk]

Hi all

Thanks very much for your replys,

I'm one of the management team and they've asked me becuase they know I'm into computing, we don't have an I.T department to implment this task so they've asked me to do this.

Basically when a guest finds and connects to the wirless connection, they'd open up their internet browser window and they'd be taken to a credit card payment page.

I wanted to test to see if I'm able to bypass this, and if I can then we'd make the company aware of this and if they're unable to anything then we'd get rid of the pay to surf internet.

All help will be much appreciated

Thanks

[not_it]

latest issue of 2600 had an article on how to reuse other hotel patrons' accounts, I believe. They may have caught wind of the article because it was directed to your industry.

check Barnes & Noble

It's one method of attack

[not_it]

Check
2600:Hacker Quarterly
Autumn 2006 issue
"Never Pay for WiFi Again!"

Describes a way to reuse other patrons' accounts.
I'm guessing your mgmt caught wind of this recent article since it targets your industry.
Issues can be found @ Barnes & Noble & other places

But, in all practical sense, who gives a ****? So, one in one thousand guests may (know plus care plus attempt) to do something like; it doesn't justify shutting it down.

Regardless, the system should definitely monitor by MAC address, if anything. Like 2 MACs allowed per customer (one laptop, one PDA).
This is how a city-wide wireless provider did it here locally and that's what I paid for. And wireless should be a cheap, if not free, courtesy service.