Download presentation
Presentation is loading. Please wait.
1
Wireless 101 Workshop
2
Productivity Paradox Why is it that the only location where employees have access to all their productivity tools... ...is the one location where they spend the least amount of time— their desks? Why are you interested in wireless networking? What are you hoping to gain with wireless networking? Where do you hope to implement wireless? Provided by Cisco, Inc. © Copyright 2003
3
Why Wireless Networking?
Saves installation of network cabling Eases relocation and other modifications to network structure Can network areas inaccessible or cost prohibitive to traditional wired networks Some environments/applications perfect for the wireless networking Buildings with large open areas Warehouses Convention Centers Arenas/Stadiums/Gymnasiums Auditoriums Mobile Educational Labs Airports Hospitals Historic Buildings Greenhouses/Botanical Gardens Outdoors May also have wired network in same location Servers and stationary workstations Historic Buildings are a prime use of wireless network technologies today. Wireless networking both protects the aesthetics of the structure as well as keeps modifications to a minimum. You can modernize a historic landmark with the addition of networking without compromising its historic status and beauty. Some Examples:
4
(Metropolitan Area Network) (Personal Area Network)
Wireless Technologies WAN (Wide Area Network) MAN (Metropolitan Area Network) LAN (Local Area Network) PAN (Personal Area Network) “A Personal Area Network is the interconnection of information technology devices within the range of an individual person, typically within a range of 10 meters.” (Retrieved May 21, 2003, from “A Local Area Network is a group of computers and associated devices that share a common communications line or wireless link within a small geographic area.” (Retrieved May 21, 2003, from “A Metropolitan Area Network is a network that interconnects users with computer resources in a geographic area or region larger than that covered by even a large local area network but smaller than the area covered by a wide area network. The term is applied to the interconnection of networks in a city into a single larger network. It is also used to mean the interconnection of several local area networks by bridging them with backbone lines. The latter usage is also sometimes referred to as a campus network.” (Retrieved May 21, 2003, from “A Wide Area Network is a geographically dispersed telecommunications network.” (Retrieved May 21, 2003, from PAN LAN MAN WAN Standards Bluetooth 802.11 HiperLAN2 MMDS, LMDS GSM, GPRS, CDMA, 2.5-3G Speed < 1Mbps 11 to 54 Mbps 11 to 100+ Mbps 10 to 384Kbps Range Short Medium Medium-Long Long Applications Peer-to-Peer Device-to-Device Enterprise networks T1 replacement, last mile access Mobile Phones, cellular data Provided by Cisco, Inc. © Copyright 2003
5
Types of Wireless Networks
Infrared (IR) LANs: Individual cell of IR LAN limited to single room IR light does not penetrate opaque walls Narrowband RF (microwave): Microwave frequencies but not spread spectrum Some require FCC licensing Spread spectrum LANs: Mostly operate in ISM (industrial, scientific, and medical) bands No Federal Communications Commission (FCC) licensing is required in USA What is commonly referred to as Wireless LANS, WLANS, or Wi-Fi. standard. From Data and Computer Communications by William Stallings. © Copyright 2003
6
Infra-Red LAN Spectrum virtually unlimited
Infrared spectrum is unregulated worldwide Extremely high data rates Infrared shares some properties of visible light Diffusely reflected by light-colored objects Use ceiling reflection to cover entire room Does not penetrate walls or other opaque objects More easily secured against eavesdropping than radio Separate installation in every room without interference Inexpensive and simple Uses intensity modulation, so receivers need to detect only amplitude Background radiation Sunlight, indoor lighting Noise, requiring higher power and limiting range Power limited by concerns of eye safety and power consumption From Data and Computer Communications by William Stallings. © Copyright 2003
7
Licensed Narrow Band RF LAN
Cellular common usage Microwave radio frequencies usable for voice, data, and video licensed within specific geographic areas to avoid interference Radium 28 km Can contain five licenses Each covering two frequencies Motorola holds 600 licenses (1200 frequencies) in the 18-GHz range Cover all metropolitan areas with populations of 30,000 or more in USA Use of cell configuration Adjacent cells use non-overlapping frequency bands Motorola controls frequency band Can assure nearby independent LANs do not interfere All transmissions are encrypted Licensed narrowband LAN guarantees interference-free communication License holder has legal right to interference-free data channel From Data and Computer Communications by William Stallings. © Copyright 2003
8
Unlicensed Narrow Band RF LAN
1995, RadioLAN introduced narrowband wireless LAN using unlicensed ISM spectrum Used for narrowband transmission at low power 0.5 watts or less Operates at 10 Mbps 5.8-GHz band 50 m in semiopen office and 100 m in open office Peer-to-peer configuration Elects one node as dynamic master Based on location, interference, and signal strength Master can change automatically as conditions change Includes dynamic relay function Stations can act as repeater to move data between stations that are out of range of each other From Data and Computer Communications by William Stallings. © Copyright 2003
9
What is Spread Spectrum RF?
Data being sent over the air waves Two-way radio communications (half duplex) Same radio frequency for sending and receiving The goal of sending data over radio frequencies to to send as much data as far and as fast as possible. Two ways to increase the amount of data you can send on air waves More frequency spectrum Modulation History Lesson: Both the allies and the Axis powers experimented with simple Spread Spectrum systems. Much of what was done is still shrouded in secrecy, however. The first publicly available patent on Spread Spectrum came from Hedy Lamarr, the Hollywood movie actress, and George Antheil, an avant gard composer. This patent was granted in 1942, but the details were a closely held military secret for many years. The inventors never realized a dime for their invention; they simply turned it over to the US Government for use in the war effort, and commercial use was delayed until after the patent had expired. The design was used to make torpedoes less susceptible to jamming. Most of the work done in Spread Spectrum throughout the '50s, '60s and '70s was heavily backed by the military and drowned in secrecy. GPS (Global Positioning System) is now the world's largest single Spread Spectrum system. Most of the details on GPS are now public information. A nice detailed history can be found at
10
Spread Spectrum LAN ACCESS POINT CONFIGURATION:
Usually use multiple-cell arrangement Adjacent cells use different center frequencies Access Point is typically mounted on ceiling Connected to wired LAN Connect to stations attached to wired LAN and in other cells May also control access IEEE point coordination function May also act as multiport repeater Stations transmit to hub and receive from hub Stations may broadcast using an omnidirectional antenna Logical bus configuration Access Point may do automatic handoff Weakening signal, hand off From Data and Computer Communications by William Stallings. © Copyright 2003
11
Spread Spectrum LAN Issues
Licensing regulations differ from one country to another USA FCC authorized two unlicensed applications within the ISM band: Spread spectrum - up to 1 watt Very low power systems- up to 0.5 watts MHz (915-MHz band) GHz (2.4-GHz band) GHz (5.8-GHz band) 2.4 GHz also in Europe and Japan Higher frequency means higher potential bandwidth Interference Devices at around 900 MHz, including cordless telephones, wireless microphones, and amateur radio Devices at around 2.4 GHz, including cordless telephones, wireless microphones, microwaves, wireless stereos, and some fluorescent lighting Little competition at 5.8 GHz Higher frequency band, more expensive equipment From Data and Computer Communications by William Stallings. © Copyright 2003
12
Types of Spread Spectrum
Frequency Hopping Spread Spectrum (FHSS) FCC requires 75 channels before repeating in the 78 channel spectrum Synchronized channel hops every .4 seconds Minimal time on interfered channels. Hard to intercept because of hopping. Packets can be lost due to interference Cordless phones often use this. Direct Sequence Spread Spectrum (DSSS) – Standard Single bit converted into chips. With 11 bits, the bandwidth is 22 Mhz. 11 channels – each channel is 22 Mhz wide. 3 non-overlapping channels (1,6,11) Regulatory channels (US – 11, Mexico 2, Japan 14, Israel 6) Packets can push through interference with redundant bits.
13
DSSS Channels (Global)
Regulatory Domain Channel Frequency Americas EMEA Israel Japan Mexico X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X 5 MHz offset between each channel. 3 Non-Overlapping Channels exist in US: 1, 6, and 11 These are very important when doing Access Point layout and Site Surveying. Provided by Cisco, Inc. © Copyright 2003
14
WECA and WiFi™ WECA Wireless Ethernet Compatibility Alliance
Members include Cisco, Avaya, Intel, Symbol, Proxim, IBM, 3Com, IBM, Nokia, Compaq, Dell… Mission: Certify interoperability of WLAN products (802.11) Wi-Fi™ is WECA’s stamp of approval Goal is to promote Wi-Fi™ as the global standard. WECA/Wi-Fi WECA’s mission is to promote standards and its members hope to help design those standards. Standards include such areas as Quality of Service Roaming Interoperatiblity Power Management Security WECA certifies products and projects that pertain to the wireless data communications industry.
15
Wi-Fi Alliance Wi-Fi Certification Wi-Fi ZONE
Wi-Fi (which stands for "Wireless Fidelity") certification gives consumer and business buyers assurance that wireless LAN products bearing the Wi-Fi CERTIFIED logo have been tested for interoperability and actually meet the standard. Such PC products include PCMCIA cards for notebooks and PCI cards for desktops, and USB modules that can be used with either one. Wi-Fi ZONE Wi-Fi is Freedom - the freedom to connect to your network or the Internet without wires wherever you are, indoors or outdoors. The Wi-Fi ZONE program allows travelers to easily identify locations that offer Wi-Fi services allowing them to stay connected while away from home or the office. This program is free to both provider and users. The ZONE finder and provider sign up can be found at
16
WLAN IEEE 801.11 Standards 802.11a: 5GHz, 54Mbps
802.11b: 2.4GHz, 11Mbps 802.11d: Multiple regulatory domains 802.11e: Quality of Service (QoS) 802.11f: Inter-Access Point Protocol (IAPP) 802.11g: 2.4GHz, 54Mbps 802.11h: Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) 802.11i: Security 802.11j: Japan 5GHz Channels ( GHz) 802.11k: Measurement 802.11x refers to a group of wireless local area network standards that are still being developed as part of overall IEEE standard. As of March 2003, these incomplete standards were: 802.11e - Quality of Service 802.11f - Access Point Interoperability 802.11h - Interference 802.11i - Security Provided by Cisco, Inc. © Copyright 2003
17
802.11 Enabled Devices PDA’s Printers Projectors Tablet PC’s
HP iPAQ 5450 PDA Epson Printer PDA’s Printers Projectors Tablet PC’s Barcode scanners Custom devices for vertical markets: Healthcare Manufacturing Retail Restaurants SpectraLink Sharp M25X Projector HHP Barcode Scanner Compaq Tablet PC Provided by Cisco, Inc. © Copyright 2003
18
Ad Hoc Wireless Network
Peer-to-peer network Set up temporarily to meet some immediate need E.g. group of employees, each with laptop or palmtop, in business or classroom meeting Network for duration of meeting Great for sharing files between two people From Data and Computer Communications by William Stallings. © Copyright 2003
19
Infrastructure Wireless Network
From Data and Computer Communications by William Stallings. © Copyright 2003
20
Bridged Wireless Network
Government Buildings Connect buildings’ data networks Cheaper than T1 (fast ROI) Cheaper than trenching fiber Backup system for when cables get cut Education Public school system sharing WAN link Colleges expanding into leased facilities Connecting classroom trailers to main bldg. Municipal Applications Emergency response (police, fire, city hall) Public transportation (buses) Courthouse Temporary Broadband Link Construction sites Sporting events County Fairs Provided by Cisco, Inc. © Copyright 2003
21
Line of Sight/Earth Curvature
Many obstructions may block line of sight. Topographic features such as hills or mountains Vegetation such as trees or vines Man-made objects like buildings or towers The curvature of the Earth. Line of Sight disappears at 6 miles (9.65 km) due to the curvature of the earth. It is highly recommended if you are going beyond a mile to seek professional assistance. The equipment necessary for lining up antennas properly at those distances can be quite expensive.
22
Fresnel Zone (pronounced 'fre-nel' the "s" is silent) The area around the visual line-of-sight that radio waves spread out into after they leave the antenna. This area must be clear or else signal strength will weaken. Fresnel Zone is an area of concern for 2.4 GHz wireless systems. Although 2.4 GHz signals pass rather well through walls, they have a tough time passing through trees. The main difference is the water content in each. Walls are very dry: trees contain high levels of moisture. Radio waves in the 2.4 GHz band absorb into water quite well. Wireless Link ~Value "F" ft (2.4 GHz) ~Value "C" Value "H" ft. Distance (miles) (60% Fresnel Zone) (Earth Curvature) (mounting Ht) (Beyond 25 miles is very difficult to implement without hopping) “Note that as path loss increases and distance decreases with frequency, these distances are only applicable to the 2.4 GHz band. A 10dB fade margin is included for dependable communications in all weather conditions. Outdoors, every increase of 6 dB will double the distance. Every decrease of 6 dB will halve the distance. Shorter cable runs and higher gain antennas can make a significant difference to the range.” (Retrieved May 21, 2003, from Fresnel Zone can be improved by raising the antenna, cutting down problem trees, and/or changing the mount point. (Retrieved May 21, 2003, from
23
Wireless Network Requirements
Same as any Local Area Network High capacity, short distances, full connectivity, broadcast capability Throughput: Efficient use of wireless medium Number of nodes: Hundreds of nodes across multiple cells Connection to backbone Local Area Network: Full network access Service area: 100 to 300 meters Low power consumption: Need long battery life on mobile stations Transmission robustness and security: Interference prone and easily eavesdropped Collocated network operation: Two or more wireless LANs in same area License-free operation: Public bands. Handoff/roaming: Move from one cell to another Dynamic configuration: Addition, deletion, and relocation of end systems without disruption to users
24
802.11a Data rates supported: 54, 48, 36, 24, 12, and 6 Mbps
Client will automatically “downshift” to lower data rate when it gets further from AP 15 Countries have approved the use of today’s a products: U.S., Australia, Poland, Denmark, France, Sweden, New Zealand, Ireland, U.K, Germany, Japan, Singapore, Canada, Belgium, Netherlands 802.11h will ultimately permit worldwide usage of 5 GHz Transmit Power Control (TPC) Dynamic Frequency Selection (DFS) 5 GHz band has more channels than 2.4 GHz band UNII-1 + UNII-2 = 8 channels (vs. 3 channels for 2.4 GHz) However, depending on distance between APs, you may only be able to use half of the 5 GHz channels due to adjacent channel interference 5 GHz band subject to less interference than 2.4 GHz band However, 2.4 GHz interference not a major problem in most business environments Not compatible with b or g. From Data and Computer Communications by William Stallings. © Copyright 2003
25
802.11b Data rates supported: 11, 5.5, 2 and 1 Mbps
Client will automatically “downshift” to lower data rate when it gets further from AP 2.4 GHz band. Chipping rate 11 MHz Same as original DSSS scheme Same occupied bandwidth Complementary code keying (CCK) modulation to achieve higher data rate in same bandwidth at same chipping rate Industry (global) accepted standard. Wi-Fi™ approved. Every major computer company producing products. Can be purchased in many retail stores. Integrated into brand name computers. Available in coffee shops, airports, restaurants, schools, and at most conferences held today. Very affordable. Dropping in price quickly. Not compatible with a. Compatible with g. From Data and Computer Communications by William Stallings. © Copyright 2003
26
802.11g Data rates supported: 54, 48, 36, 24, 18, 12, 11, 6, 5.5, 2, and 1 Mbps Client will automatically “downshift” to lower data rate when it gets further from AP 2.4 GHz using OFDM/CCK technology Full forward/backward compatibility with b 54 Mbps g products available now Higher-speed extension to b Combines physical layer encoding techniques used in a and b to provide service at a variety of data rates Not compatible with a. From Data and Computer Communications by William Stallings. © Copyright 2003
27
802.11b Data Rates 1 Mpbs DSSS 2 Mpbs DSSS 5.5 Mpbs DSSS 11 Mpbs DSSS
802.11g Adds In: 12, 18, 24, 36, 48, and 54 Mpbs
28
Diversity and Multipath
Like light, radio signals bounce off objects. Thus, a radio signal can take ore than one path to travel from the radio transmitter (client) to the radio receiver. This is call Multipath signalling. Multipath signals can cause high RF signal strength but poor signal quality. As the signals of different paths and different times to delivery are combined within a device, distortion can results. If a signal were to return to an antenna from two paths exactly 180 degrees out of phase, this would cause a dead spot. Dead spots are very common in buildings. As well, antennas receiving multiple copies of the same signal at different strength levels can cause noise. The best way to compensate for Multipath is to move the antenna. Moving antennas can remove you from the dead spots but cannot compensate for mixing of signals and the resultant distortion. Wireless Access Points commonly compensate for Multipathing by using Diversity Antennas. Two antennas connected to a device receive the various multiple path signals at different times and can determine the strongest individual signal and utilize it, ignoring the others.
29
Multipath Distortion Provided by Cisco, Inc. © Copyright 2003
30
Antennas Directionality – Which way the antenna broadcasts the RF signal Omni directional (360 degrees) Directional (limited range of coverage) Gain – The amount of increase in energy that an antenna appears to add to the RF signal. Measured in dBi and dBd (0 dBd = 2.14 dBi) As gain goes up, the coverage area or angle diminishes (called beamwidth) Polarization – Physical orientation of the element of the antenna that actually emits the RF signal. Antennas are used in the vertical polarization LAW FCC requires that ALL Spread Spectrum antennas be certified with the radio they are to be sold with. Any removable antenna must use a unique “non-standard” connector. Provided by Cisco, Inc. © Copyright 2003
31
Antenna Coverage Omni Directional Directional Patch Yagi/Parabolic
Examples of antenna coverage. Omni Directional Dipole “Duck” antennas are the most common. In most locations, they are quite adequate and provide the most ideal coverage. Purchasing separate antennas is often not necessary. Omni Directional Directional Patch Yagi/Parabolic Provided by Cisco, Inc. © Copyright 2003
32
Interference Signal Interference
Other 2.4 GHz equipment (Cordless Phones/Speakers/Rogue Access Points) Radio/Cellular Humidity/Dampness/Water X-Ray/MRI/Lab Equipment Newer radio based fluorescent lighting Intercom Systems Fire/Security Alarm Systems Computer Equipment High Voltage Microwave Ovens Physical Interference Walls Shelving Shielding (Lead lined walls, Firewalls) Paints/Wall Coverings Some interference is very obvious and can be accounted for. Others are best found, tested and confirmed by doing a Site Survey. Even those that you know exist should be tested to see what impact they have. Sometimes just rotating or moving an access point a few feet can make a big difference.
33
Channel Setup Channel 1 Channel 11 Channel 6 Channel 11 Channel 1
Most critical step to good deployment in a multiple Access Point topology is Access Point layout based upon non-overlapping channels and dead zones. Desired bandwidth has a major impact on overlapping channels If your WLAN topology calls for a coverage area at any bandwidth, then the radio signals can have minimal overlap If your WLAN topology calls for 11 meg access everywhere, then you will have major overlap of the 5.5, 2, and 1 meg bandwidth zones Channel 6 Channel 1 Channel 11 Channel 6 Channel 11
34
Overview of Wireless Security
As a Wireless Network administrator you need to understand: What is available What works with your network and equipment What systems work with what other systems Basic security - SSID/WEP has inherent weaknesses Other methods of security need to be implemented Problem for ALL technologies of WLANS— a, b and g IEEE i is working on an industry standard Wi-Fi is working on an industry standard (WPA) Today security solutions for Wireless Networks are very strong, scalable and manageable and are being improved quickly.
35
WLAN Security Hierarchy
Enhanced Security 802.1x, TKIP/SSN Encryption, Mutual Authentication, Scalable Key Mgmt., etc. Basic Security Open Access 40-bit or 128-bit Static WEP Encryption No Encryption, Basic Authentication Prior to deploying an education institution needs to conduct a risk assessment of its environment and decide how much security it needs No Security – Open Access Security Options - SSID; Public/Private WLAN segregation Drawbacks - “Promiscuous mode” drivers; Null association Basic Security Security Options – SSID; WEP Encryption; Public/Private WLAN Segregation Drawbacks - Static keys; Easily hacked Enhanced Security Security Options – 802.1x Authentication Framework; Drawbacks – Cost and management Maximum Security – Special Applications requiring maximum security Provides the following: Tunneling Encryption Packet integrity User and device authentication Policy management Public “Hotspots” Home Use Business Virtual Private Network (VPN) Business Traveler, Telecommuter Remote Access Provided by Cisco, Inc. © Copyright 2003
36
Wireless Network Security
A secure wireless solution is in addition to, not a replacement for, your physical network security. Wireless Network Security Options Non-Broadcast SSID WEP/WPA MAC Filtering Physical Access Authentication (EAP) Firewall Access Control Lists VLANs Proxy Filters VPN NAT/PAT In some networks, wireless access is more secure than physical networking access just by the addition of encryption. You must judge the necessity of security on your wireless network based on how important security on your physical network is.
37
WLAN Risks “Out of the Box” (default) configurations
SSID is well documented (linksys for Linksys, tsunami for CISCO) WEP and other security disabled by default “Rogue” Access Points Employee receives free Access Point at conference/gift or purchases one Recommend “War Driving” to find these on your own network Stolen Equipment Contains SSID and/or Static WEP keys Have IP addresses and perhaps network SNMP settings Signal “Bleed” Misplaced Access Point “bleeds” signal over into unnecessary locations Possible to adjust the radio transmission power on access point to limit “bleed” Placement of Access Point also affects “bleed”
38
WLAN Hacking Wireless networks have garnered the interests of curiosity seekers looking for free bandwidth and true hackers seeking bandwidth or access to your internal network. And it is increasing in popularity and occurrences. Reasons Published Standards Minimal equipment costs Lack of security Many tools available to WLAN Hackers today. The Wireless Access Network Card Client Air Snort/Kismet Netstumber Cantenna War Driving War Chalking War Jacking War Spamming
39
Common WLAN Attacks Bit flipping
Bits are flipped in WEP encrypted frames, and ICV CRC32 is recalculated Replay Bit flipped frames with known IVs resent AP accepts frame since CRC32 is correct Layer 3 device will reject, and send predictable response Response database built and used to derive key Man-in-the-Middle Attacks Network sniffing. Same as sniffing your physical network. Provided by Cisco, Inc. © Copyright 2003
40
WLAN Risks “Out of the Box” (default) configurations
SSID is well documented (linksys for Linksys, tsunami for CISCO) WEP and other security disabled by default “Rogue” Access Points Employee receives free Access Point at conference/gift or purchases one Recommend “War Driving” to find these on your own network Stolen Equipment Contains SSID and/or Static WEP keys Have IP addresses and perhaps network SNMP settings Signal “Bleed” Misplaced Access Point “bleeds” signal over into unnecessary locations Possible to adjust the radio transmission power on access point to limit “bleed” Placement of Access Point also affects “bleed”
41
WLAN Hacking Wireless networks have garnered the interests of curiosity seekers looking for free bandwidth and true hackers seeking bandwidth or access to your internal network. And it is increasing in popularity and occurrences. Reasons Published Standards Minimal equipment costs Lack of security Many tools available to WLAN Hackers today. The Wireless Access Network Card Client Air Snort/Kismet Netstumber Cantenna War Driving War Chalking War Jacking War Spamming
42
Wireless Client Software
The drivers themselves often contain useful hacking tools Network idenfication Firmware versions IP address of Client and/or WAP Hop information SSID Signal Strength Signal Quality Network Type MAC Addresses Example is of Cisco Aironet Client Utility.
43
Air Snort/Kismet Air Snort and Kismet snagged wireless network packets
Currently only unix/linux versions. Windows in development. WEP Key recovery possible due to statistical analysis of plaintext and “weak” IV (initialization vector) Leverages “weak” IV (initialization vector)—large class of weak IVs that can be generated by RC4 Passive attack, but can be more effective if coupled with active attack Features of Kismet: Multiple packet sources Channel hopping IP block detection Cisco product detection via CDP Ethereal/tcpdump compatable file logging Airsnort-compatable "interesting" (cryptographically weak) logging Hidden SSID decloaking Grouping and custom naming of SSIDs Multiple clients viewing a single capture stream Graphical mapping of data (gpsmap) Cross-platform support (handheld linux and BSD) Manufacturer identification Detection of default access point configurations Detection of Netstumbler clients Runtime decoding of WEP packets Multiplexing of multiple capture sources
44
Netstumbler Netstumbler available for many OSes
“Who should use this program? Security folks wanting to check that their corporate LAN isn't wide open Systems admins wanting to check coverage of their Wireless LAN Gatherers of demographic information about popularity Drive-by snoopers Overly curious bystanders.” Quoted from Netstumbler, like many other “tools” on the internet, claim that it is designed for administrators. In truth, its primary use is for hacking and war driving. It is highly recommended that wireless network administrators familiarize themselves with this software so they know how to combat it.
45
Netstumbler MAP The Netstumbler Map Database is currently down ( ) but as you can see it has depth. They are constantly adding to the map and the database as users throughout the US and the world contribute. As you can see, having secure Access Points is very important.
46
Cantenna Cantenna (htttp://www.cantenna.com)
Extends the range of a client and/or access point Legitimate uses as well The Famous Pringles Can Antenna You can make your own antenna quite cheep and they work to. The benefit of the Cantenna is it is truly engineered perfectly in length and size for the 2.4GHz wavelengths.
47
War Driving “Wireless LAN war drivers routinely cruise their immediate areas in cars equipped with laptops loaded with a wireless LAN card, an external high-gain antenna and a GPS receiver. The wireless LAN card and GPS receiver feed signals into freeware, such as NetStumbler, which detects APs and their identifiers along with their GPS-derived locations. NetStumbler also automatically detects whether or not built-in Wi-Fi Wired Equivalent Protocol (WEP) is turned on or off. More malevolent war-drivers may use Air-Snort or Kismet, tools designed to crack WEP. The term war-driving is derived from the "war-dialing" exploits of a teenage hacker in the 1983 movie WarGames who has his computer randomly dial hundreds of numbers and eventually winds up tapping into a nuclear command and control system. “ “War-walking Think of it as war-driving, but on foot instead of in a car. The NetStumbler Web site offers MiniStumbler software for use on Pocket PC hardware, saving war-walkers from toting around laptops. War-walkers like to use MiniStumbler and Pocket PCs to sniff shopping malls and big-box retail stores. “ “War-flying Just as the name implies, it's sniffing for wireless networks from the air. The same equipment is used, but from a private plane. Just last month, a Perth, Australia war-flier picked up s and Internet Relay Chat sessions from an altitude of 1,500 feet on a war-flying trip.” (Retrieved May 22, 2003, from Legal Side War Driving is NOT against the law and some states are considering enacting laws that make it legal. (Retrieved May 22, 2003, from
48
War Chalking War Chalking is a hobo inspired language devoted to publicly labeling Wireless Networks across the world (this is more of a myth…not been proven this is done at all). Standardization of nomenclature has already begun. Still not widely done but growing in interest. Often anti-graphiti laws are enacted to prosecute those involved in War Chalking.
49
War Jacking/War Spamming
“War-jacking or Air-jacking Knocking out a real AP with a denial-of-service attack and then setting up a new AP that will serve as a new hub to devices that homed on the legitimate AP.” “War-spamming Taking over a network connected to an unsecured AP and using it to inject spam into the Internet. Although there has been much speculation about wireless war-spamming in the hacker community of late, no egregious instances have yet been reported. “ War Jacking is similar to ARP Poisonings and DoS attacks on your routers. As always keep your IP address lists secure. War Spamming is real and growing in strength. It is a combination of finding access to your network through an open Access Point and finding an open SMTP server in your internal network. (Retrieved May 22, 2003, from
50
Primary Sources Linksys Group, Inc http://www.linksys.com Cisco, Inc.
Data and Computer Communications (Seventh Edition) By William Stallings Copyright 2003 Personal Experience and Research T.R. Knight Network Services Manager Taylor University
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.