Hacking Wireless Network For Dummies Complete Ebook.zip

by Kevin Beaver and Peter T.Davis
Foreword by Devin K.Akin
Chief Technology Officer,
The Certified Wireless Network Professional (CWNP) Program[color=orange][/color]
Contents at a Glance
Foreword ..................................................................xvii
Introduction ................................................................1
Part I: Building the Foundation
for Testing Wireless Networks .......................................7
Chapter 1: Introduction to Wireless Hacking .................................................................9
Chapter 2: The Wireless Hacking Process ....................................................................19
Chapter 3: Implementing a Testing Methodology .......................................................31
Chapter 4: Amassing Your War Chest ...........................................................................43
Part II: Getting Rolling with Common Wi-Fi Hacks .......65
Chapter 5: Human (In)Security ......................................................................................67
Chapter 6: Containing the Airwaves .............................................................................81
Chapter 7: Hacking Wireless Clients .............................................................................97
Chapter 8: Discovering Default Settings .....................................................................113
Chapter 9: Wardriving ...................................................................................................131
Part III: Advanced Wi-Fi Hacks ................................153
Chapter 10: Still at War .................................................................................................155
Chapter 11: Unauthorized Wireless Devices ..............................................................177
Chapter 12: Network Attacks .......................................................................................195
Chapter 13: Denial-of-Service Attacks .........................................................................225
Chapter 14: Cracking Encryption ................................................................................255
Chapter 15: Authenticating Users ...............................................................................281
Part IV: The Part of Tens ..........................................301
Chapter 16: Ten Essential Tools for Hacking Wireless Networks ............................303
Chapter 17: Ten Wireless Security-Testing Mistakes ................................................307
Chapter 18: Ten Tips for Following Up after Your Testing .......................................321
Part V: Appendixes ..................................................325
Appendix A: Wireless Hacking Resources ..................................................................327
Appendix B: Glossary of Acronyms ............................................................................341
Index .......................................................................347

Table of Contents
Foreword ..................................................................xvii
Introduction .................................................................1
Who Should Read This Book? ........................................................................2
About This Book ..............................................................................................2
How to Use This Book ....................................................................................2
Foolish Assumptions ......................................................................................3
How This Book Is Organized ..........................................................................3
Part I: Building the Foundation for Testing Wireless Networks ......4
Part II: Getting Rolling with Common Wi-Fi Hacks ............................4
Part III: Advanced Wi-Fi Hacks .............................................................4
Part IV: The Part of Tens .......................................................................5
Part V: Appendixes ................................................................................5
Icons Used in This Book .................................................................................5
Where to Go from Here ...................................................................................6
Part I: Building the Foundation
for Testing Wireless Networks .......................................7
Chapter 1: Introduction to Wireless Hacking . . . . . . . . . . . . . . . . . . . . .9
Why You Need to Test Your Wireless Systems ..........................................10
Knowing the dangers your systems face ..........................................11
Understanding the enemy ..................................................................12
Wireless-network complexities ..........................................................14
Getting Your Ducks in a Row .......................................................................15
Gathering the Right Tools ............................................................................16
To Protect, You Must Inspect ......................................................................17
Non-technical attacks .........................................................................17
Network attacks ...................................................................................18
Software attacks ..................................................................................18
Chapter 2: The Wireless Hacking Process . . . . . . . . . . . . . . . . . . . . . .19
Obeying the Ten Commandments of Ethical Hacking ..............................19
Thou shalt set thy goals .....................................................................20
Thou shalt plan thy work, lest thou go off course ..........................21
Thou shalt obtain permission ............................................................21
Thou shalt work ethically ...................................................................22
Thou shalt keep records .....................................................................22
Thou shalt respect the privacy of others .........................................23
Thou shalt do no harm .......................................................................23
Thou shalt use a “scientific” process ...............................................24
Thou shalt not covet thy neighbor’s tools .......................................24
Thou shalt report all thy findings .....................................................25
Understanding Standards ............................................................................26
Using ISO 17799 ...................................................................................26
Using CobiT ..........................................................................................27
Using SSE-CMM ....................................................................................27
Using ISSAF ...........................................................................................27
Using OSSTMM ....................................................................................28
Chapter 3: Implementing a Testing Methodology . . . . . . . . . . . . . . . . .31
Determining What Others Know .................................................................32
What you should look for ...................................................................32
Footprinting: Gathering what’s in the public eye ............................33
Mapping Your Network .................................................................................35
Scanning Your Systems ................................................................................37
Determining More about What’s Running ..................................................39
Performing a Vulnerability Assessment .....................................................39
Manual assessment .............................................................................40
Automatic assessment ........................................................................40
Finding more information ...................................................................41
Penetrating the System ................................................................................41
Chapter 4: Amassing Your War Chest . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Choosing Your Hardware .............................................................................44
The personal digital assistant ............................................................44
The portable or laptop .......................................................................44
Hacking Software ...........................................................................................45
Using software emulators ...................................................................45
Linux distributions on CD ..................................................................55
Stumbling tools ....................................................................................56
You got the sniffers? ............................................................................56
Picking Your Transceiver .............................................................................57
Determining your chipset ...................................................................57
Buying a wireless NIC ..........................................................................59
Extending Your Range ...................................................................................59
Using GPS .......................................................................................................62
Signal Jamming ..............................................................................................63
Part II: Getting Rolling with Common Wi-Fi Hacks .......65
Chapter 5: Human (In)Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
What Can Happen .........................................................................................68
Ignoring the Issues ........................................................................................69
x Hacking Wireless Networks For Dummies
Social Engineering .........................................................................................70
Passive tests .........................................................................................71
Active tests ...........................................................................................73
Unauthorized Equipment .............................................................................74
Default Settings ..............................................................................................76
Weak Passwords ............................................................................................77
Human (In)Security Countermeasures .......................................................78
Enforce a wireless security policy .....................................................78
Train and educate ...............................................................................79
Keep people in the know ....................................................................79
Scan for unauthorized equipment .....................................................80
Secure your systems from the start ..................................................80
Chapter 6: Containing the Airwaves . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Signal Strength ...............................................................................................81
Using Linux Wireless Extension and Wireless Tools .......................81
Using Wavemon ...................................................................................87
Using Wscan .........................................................................................88
Using Wmap .........................................................................................88
Using XNetworkStrength ....................................................................88
Using Wimon ........................................................................................88
Other link monitors .............................................................................88
Network Physical Security Countermeasures ...........................................90
Checking for unauthorized users ......................................................90
Antenna type ........................................................................................91
Adjusting your signal strength ..........................................................94
Chapter 7: Hacking Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .97
What Can Happen .........................................................................................98
Probing for Pleasure .....................................................................................99
Port scanning .......................................................................................99
Using VPNMonitor .............................................................................102
Looking for General Client Vulnerabilities ...............................................103
Common AP weaknesses ..................................................................104
Linux application mapping ...............................................................105
Windows null sessions ......................................................................106
Ferreting Out WEP Keys .............................................................................109
Wireless Client Countermeasures .............................................................111
Chapter 8: Discovering Default Settings . . . . . . . . . . . . . . . . . . . . . . .113
Collecting Information ................................................................................113
Are you for Ethereal? ........................................................................113
This is AirTraf control, you are cleared to sniff ............................114
Let me AiroPeek at your data ..........................................................114
Another CommView of your data ....................................................115
Gulpit ...................................................................................................117
That’s Mognet not magnet ...............................................................119
Other analyzers .................................................................................119
Table of Contents xi
Cracking Passwords ....................................................................................120
Using Cain & Abel ..............................................................................120
Using dsniff .........................................................................................124
Gathering IP Addresses ..............................................................................125
Gathering SSIDs ...........................................................................................126
Using essid_jack ................................................................................127
Using SSIDsniff ...................................................................................128
Default-Setting Countermeasures .............................................................128
Change SSIDs ......................................................................................128
Don’t broadcast SSIDs .......................................................................129
Using pong ..........................................................................................129
Detecting sniffers ...............................................................................129
Chapter 9: Wardriving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Introducing Wa