TUCoPS :: Networks :: Wireless :: protwi.txt

Protect your Wireless Network!


by CRYPT0KN1GHT, Fri Aug 23rd, 2002 at 05:06:32 AM EST

Protect your wireless network before someone takes advantage

A few days ago, I was waiting at Delta gate D13 at LaGuardia airport
when I noticed something odd. The connect light on my wireless (IEEE
802.11b or "Wi-Fi") card lit up, indicating that it had found an access
point somewhere to bind to. I sat up in surprise. Some U.S. airports
have installed public-access wireless throughout their terminals, but
LaGuardia isn't so forward thinking. Looking around, I spied the
doorway of the nearby American Airlines Admiral's Club. As innocently
as I could, I walked toward the door, keeping my eye on the signal
power. As I   moved closer, the signal increased. Popping up a Web
browser confirmed my suspicion. Instead of seeing my usual home page, I
was taken to a login page for a wireless Internet service that operates
out of Starbucks, several hotel chains, and, yes, the American Airlines
Admiral's Club. Bingo. I thought I would take advantage of this windfall
by reading my email and surfing the Net. Unfortunately, the service
wasn't free, and the subscription fee was too rich for my blood.
Without purchasing the service, I couldn't get past the registration Web
server. Sniffing the Net So I decided to do a little security research.
I popped up my favorite network sniffing tool, the tcpdump application
that's found on all Unix systems. A few seconds later, I was listening
in on all of the wireless traffic in the Admiral's Club network. I
detected three users on the network. One was actively reading his email
using POP. I intercepted his incoming and outgoing messages, and because
POP sends passwords in the clear, I also captured his login username and
password. The second user wasn't using the Web actively, but his laptop
was checking his office every five minutes for new mail. I soon had his
login information as well. The third user was browsing the Web. I could
see the address and content of each of the Web pages he accessed, along
with all of his cookies and the contents of the online forms he
submitted. Occasionally, he co nnected to a secure site using SSL, and
then all I saw was encrypted gibberish. Well, at least someone was doing
their job. Because the second computer user wasn't actively working on
the network, I borrowed his connection for a while. I noted the IP
address of his laptop and assigned it to my own machine. Seconds later,
I had full Internet access. Having stolen a legitimate owner's IP
address, the registration server now thought that I was a paying
customer. I spent the next few minutes surfing the Internet freely. If
the user noticed anything, he would only have thought that his Internet
connection went down for a short period of time.


Not Just Airports 

Was the ease with which I was able to hack into the Admiral's Club
wireless network an isolated incident? Sadly, no. A few weeks earlier, I
had done essentially the same thing while sitting in a public caf‚
adjacent to the National Science Foundation (NSF) building in
Washington, D.C. Some employee had set up a wireless access point for
mobile access to the NSF's network, but he or she didn't realize that
this gave everyone else in the vicinity access as well. In this case, I
didn't have to do any hacking. The network was wide open. For more
examples, take a look at the article "Exploiting and Protecting 802.11b
Wireless Networks" at Extreme Tech
(www.extremetech.com/article/0,3396,s=1024&a=13880,00.asp). The authors
explain how they drove through the streets of major metropolitan areas
with sensitive antennas. In just a few days, they had identified
hundreds of unsecured corporate networks. Wireless Insecurity If you're
running a wireless network, there are some things you can do immediately
that will make it harder for strangers to hitchhike on your network. You
can activate Wireless Equivalent Privacy, change your network's service
set identifier, and configure your access points to reject connections
from unknown wireless cards. Other wireless security measures are
described in "LAN Sharks" by Paul Sholtz (New Architect, May 2002).
Ubiquitous public mobile networking is the manifest destiny of the
Internet, and nothing will stand in its way. To work, the public mobile
Internet has to be open, letting people join and drop out at will. This
means that public wireless communication will be vulnerable to sniffing,
so there's no longer any excuse for failing to use end-to-end encryption
for email, Web, and login protocols. Encryption must become easier, more
transparent, and ubiquitous. If it doesn't, the innocent-looking fellow
with the laptop at American Airlines gate D13 is sure to find you, too.




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH