Index

W

war drivers, 265

war driving, 8, 264

WarDriving Display (AiroPeek), 141-144

watts, 21

waveguide antennas, 119

wavelength, 19-20

weak IV avoidance, 183, 228

.weak Kismet file, 151

websites for downloading

Darwin Ports, 276

plug-in used for mapping, 158

websites for further information

802.11 standard, 166

AiroPeek driver installation, 140

airpwn, 286

Bluetooth, 288, 289, 331

Cain & Able, 286

cowpatty, 211

CVS snapshots, 109

Darwin Ports, 286

device driver version resolution code, 358

D-Link Pocket Access point, 286

dsniff, 286

Ettercap, 286

Google Earth, 161-162

Google maps, using with Kismet, 286

Google Wifi, 286

ICMPTX, 286

IEEE specifications, 361

KARMA, 286

Kismac, 286

Kismet, 286

Metasploit, 213, 286, 357

Network Stumbler, 286

NSTX, 286

NTIA Office of Spectrum Management, 43

peap tutorial, 163

pigtails, 119

static method, 173

tools in Bluetooth example, 330

Wget, 286

wireless cards list, 104

Wireshark, 286

Wellenreiter scanner, 153-154

WEP (Wired Equivalent Privacy). See also WEP keys, defeating

advanced attacks against, 185-188

dynamic WEP keys, 228-229

flaw in, 8

security of, 227-229

statistical attacks against, 344-347

WEP keys, defeating, 173-184

aircrack to break WEP, 180-183

basics of brute-forcing, 174

brute-forcing 40-bit keys created with Neesus Datagram algorithm, 179

countermeasures for brute-forcing WEP keys, 177

defending against statistical attacks, 183-184

dictionary attacks against algorithms, 179-180

dictionary attacks against WEP, 177-179

dynamic WEP keys, 228-229

hardware-accelerated WEP cracking, 175-176

Linux and OS X brute-forcing, 174-175

Neesus Datacom passphrase algorithm vulnerabilities, 178

Playstation 3 to crack WEP keys, 177

preventing Neesus Datacom and generic dictionary attacks, 180

statistical attacks against WEP, 180

Windows brute-forcing, 177

WepAttack, 180

WEPCrack, 180

weplab, dictionary attacks and, 180

WEP/Privacy fields, 65

WEPWedgie attacks, 188

WEP/WPA key recovery, 199-200

WIDS (wireless IDS), 235-236

Wi-Fi

vs. 802.11, 55

Wi-Fi attacks, 283

Wi-Fi Protected Access. See WPA

WiFiME rt2560 custom driver, 116-117

wigle.net (Wireless Geographic Logging Engine) mapping service, 161

WildPackets

Atheros driver, 117

download of AiroPeek and, 140

WinDbg, Microsoft, 359

Windows. See also AiroPeek; NetStumbler

aircrack to break WEP on, 182

brute-forcing, 177

Cain & Abel for, 271

deauthentication attack on, 170

defeating MAC filtering on, 172-173

drivers, 116-117

GPS on, 121

operating system, 126

Wireless Zero Configuration service, 128, 137-140

Wireless Zero Configuration utility, 264, 265

XP client configurations, 244-246

windows

Kismac main, 155-156

NetStumbler main, 128, 131-133

windows/driver/dlink_wifi_rates exploit, 356

wired cards, 95-96

Wired Equivalent Privacy (WEP). See WEP

wireless cards

basics of, 104-106

in monitor mode, 95-96

RF and, 35-36

wireless communications history, 14

wireless extensions, 108

Wireless Geographic Logging Engine (wigle.net) mapping service, 161

wireless hotspots. See hotspots

wireless IDS (WIDS), 235-236

wireless LAN standards, 45-50

802.11a, 45-47

802.11b, 47

802.11g, 47-49

802.11n, 49-50

wireless networks, 194-200

connecting to, 67-68

CTS attacks with pcap2air, 197

finding, 264

locating, 66-67

Michael countermeasures attack on, 197-198

miscellaneous attacks on, 198-200

RTS attacks with pcap2air, 196

RTS/CTS attacks, 195, 197

wireless security advances, 10-11

wireless setup case study, 2

wireless standards, 44-50

802.11a, 45-47

802.11b, 47

802.11g, 47-49

802.11n, 49-50

wireless LAN, 45-50

Wireless Statistics (WarDriving Display), AiroPeek, 141-144

wireless technologies, 4-12

defined, 5-6

history of, 5

risks of, 7-9

security of, 10-11

standardization and regulation of, 6-7

use and spread of, 4

Wireless Zero Configuration service (WZC), 128, 137-140

Wireless Zero Configuration utility, 264, 265

Wireshark

colors in, 165-166

described, 163, 275

monitoring DHCP traffic with, 340

WiSPY

intrusion detection and, 236

WiSpy tools and frequency analysis, 98

WPA (Wi-Fi Protected Access)

enterprise authentication exchange, 207

hardware-accelerated cracking, 210-211

pre-shared keys, 285

with TKIP (RC4-based encryption), 229

WPA2, 10

wpa_supplicant, configuring, 250-251, 303

wpa_supplicant.conf file, 205

WPA/802.11i, 68-78, 204-212. See also WPA/802.11i enterprise authentication attacks

802.1X standard, 76-77

breaking WPA-PSK, 208-211

decrypting WPA-PSK packet captures, 211-212

Extensible Authentication Protocol and, 70-73, 207-208

groundwork for, 69-70

preventing WPA-PSK dictionary attacks, 212

RADIUS, 73-75

WPA/WPA2 in enterprise mode, 206

WPA/802.11i enterprise authentication attacks, 212-223 See also PEAP/EAP-TTLS

attacking EAP-TLS, 213

attacking LEAP, 215-216

LEAP overview, 214-215

protecting EAP-TLS, 214

protecting LEAP, 216

WPA-PSK

breaking, 208-211

configuring, 230

cracking with cowpatty, 209-210

dictionary attacks, preventing, 212

disadvantages of, 229-230

packet captures, decrypting, 211-212

WPA/WPA2

deploying securely, 229-231

in enterprise mode, 194

Wright, Joshua, 215

WRT54GL, 193

WZC (Wireless Zero Configuration service), 128, 137-140

wzcook, 199-200