Do you think your wireless network is secure?
If the answer is yes. The BackTrack (BackTrack 4 – www.backtrack-linux.org) pentration testing OS would beg to differ.
BackTrack 4 manifests itself in an entirely customised distribution of Linux. The underlying Linux distro is Ubuntu, but has been specifically enhanced, configured and packaged for the purposes of penetration testing. Within the package you receive a wide variety of wireless cracking, network scanning and password breaking tools.
There are several options you can select for running BackTrack to start your activities. You can install it as an OS on your harddrive, you can install it and run it from a USB stick and you can even run the entire OS from CD. The latter option requires no installation at all. You simply select a machine, boot from the CD and then remove the CD when finished. I chose the latter option for running my tests to see if it really worked.
I started by booting the OS and starting x windows. Most work is doen from the Konsole terminals. In short there are 4 key utilities you can use to crack WEP and WPA keys. These are:
airmon-ng: Used to put your own wirless card into monitor mode.
airodump-ng : Used to collect wireless packets and save them to disk.
aireplay-ng: Used to implement a number of replay attacks on the Wireless Access Point(AP). In our scenario this is useful to make the AP accept or generate more packets. Cracking wireless is generally about getting enough packets (100k-500k) to derive keys.
aircrack-ng: Used on the collected packets to find the keys.
Check out these videos for a step by step example.
Disclaimer: You should be aware that is illegal to hack into a wireless network that you do not own. This example is for test and education purposes only.
Any determined attacker can usually find away to get access to your networks, but here are four tips to make it much more difficult:
Use WPA encryption – its more difficult to crack than WEP.
Restrict network access to known MAC addresses – MACs can be spoofed but it’s another hurdle to delay.
Switch it off when you are not using it – If there is nothing in the air, there is nothing to analyse. The information an attacker requires to crack the keys is simply not there.
Change the Key.. Regularly.