List of Figures | Special Edition Using Macromedia Studio 8

< Day Day Up >

Chapter 1: Learning to WarDrive

Figure 1.1: The Open Node
Figure 1.2: The Closed Node
Figure 1.3: The WEP Node
Figure 1.4: Results of the NetStumbler Forums Poll about Warchalking
Figure 1.5: A Typical Laptop Computer WarDriving Setup
Figure 1.6: A Typical PDA WarDriving Setup
Figure 1.7: ORiNOCO External Antenna Connector
Figure 1.8: The ORiNOCO Gold Card
Figure 1.9: Cisco Aironet 350 Series Card with Dual MMCX Connectors
Figure 1.10: A Prism2-Based Card
Figure 1.11: A Parabolic Antenna Isn’t Good for WarDriving
Figure 1.12: Signal Donut Comparison of 5 dBi and 8 dBi gain Omni-Directional Antennas
Figure 1.13: An 8 dBi Gain Omni-Directional Antenna
Figure 1.14: A 5 dBi Gain Magnetic Mount Omni-Directional Antenna
Figure 1.15: A 14.5 dBi Gain Directional Antenna
Figure 1.16: The Pringles “Cantenna”
Figure 1.17: Pigtail for Use with ORiNOCO Cards and N-Type Barrel Connectors
Figure 1.18: The Garmin eTrex Handheld GPS
Figure 1.19: PDA GPS Cable Connections
Figure 1.20: Disabling the TCP/IP Stack Step One
Figure 1.21: Disabling the TCP/IP Stack Step Two
Figure 1.22: Disabling the TCP/IP Stack Step Three
Figure 1.23: Setting a Non-Standard IP Address on a Pocket PC Step 1
Figure 1.24: Setting a Non-Standard IP Address on a Pocket PC Step 2
Figure 1.25: Setting a Non-Standard IP Address on a Pocket PC Step 3

Chapter 2: NetStumbler and MiniStumbler: Overview

Figure 2.1: Installation Options
Figure 2.2: Installation Folder
Figure 2.3: Completed Installation
Figure 2.4: Installation Details
Figure 2.5: The Option to View the readme File
Figure 2.6: The MiniStumbler Installer Running
Figure 2.7: Directory Selection
Figure 2.8: Installation Progress
Figure 2.9: View the readme File
Figure 2.10: The Reminder
Figure 2.11: The Network Stumbler Desktop Icon
Figure 2.12: Opening Splash Screens
Figure 2.13: Captured Data Using NetStumbler
Figure 2.14: The Open and Encrypted Network Icons
Figure 2.15: Filtering by Channels
Figure 2.16: Filtering by SSID
Figure 2.17: Filter: Encryption On
Figure 2.18: Filter: Default SSID
Figure 2.19: Signal-to-Noise Ratio Graphic Display
Figure 2.20: Enabling a Scan for Networks in NetStumbler
Figure 2.21: NetStumbler Options
Figure 2.22: The Device Menu
Figure 2.23: New Toolbar Icons
Figure 2.24: Captured Data Using MiniStumbler
Figure 2.25: Enabling a Scan for Networks in MiniStumbler
Figure 2.26: MiniStumbler Options

Chapter 3: Operating NetStumbler and MiniStumbler

Figure 3.1: The Right Pane Has Several Columns
Figure 3.2: Context Menu and Look Up Options in NetStumbler
Figure 3.3: Context Menu and Look Up Options in MiniStumbler
Figure 3.4: Look Up Results in the ARIN WHOIS in NetStumbler
Figure 3.5: Look Up Results in the ARIN WHOIS in MiniStumbler
Figure 3.6: General Tabs for NetStumbler and MiniStumbler
Figure 3.7: Display Tabs for NetStumbler and MiniStumbler
Figure 3.8: GPS Tabs for NetStumbler and MiniStumbler
Figure 3.9: Scripting Tabs for NetStumbler and MiniStumbler
Figure 3.10: The NetStumbler MIDI Tab
Figure 3.11: Using IPCONFIG.EXE to Disable TCP/IP
Figure 3.12: Using WINIPCFG.EXE to Disable TCP/IP
Figure 3.13: Disabling TCP/IP on a PocketPC
Figure 3.14: 3dBi Omni-Directional Antenna with Magnetic Mount Base
Figure 3.15: Pigtail (Type N to Type MC)
Figure 3.16: Typical GPS Receiver Models
Figure 3.17: A “Gender Changer” Plug and a Null Modem Needed to Connect Various GPS Cables
Figure 3.18: A Complete NetStumbler WarDriving Rig: Laptop, GPS Receiver, Omni Antenna, and Pigtail
Figure 3.19: A Complete MiniStumbler WarDriving Rig: PocketPC, GPS Receiver, Omni Antenna, and Pigtail
Figure 3.20: A Minimal MiniStumbler “WarWalking” Rig: PocketPC and GPS Receiver Only

Chapter 4: Installing Kismet in Slackware Linux 9.1

Figure 4.1: Using the su Command to Switch the User to root
Figure 4.2: Copying pcmcia-cs to /usr/src
Figure 4.3: Uncompressing and Un-tarring pcmcia-cs
Figure 4.4: Change to the /usr/src/pcmcia-cs-3.2.3 Directory
Figure 4.5: Configuring the New pcmcia-cs
Figure 4.6: Compiling the New pcmcia-cs
Figure 4.7: Installing the New pcmcia-cs
Figure 4.8: Save or Copy the Patch to the /usr/src/pcmcia-cs-3.2.3 Directory
Figure 4.9: Patching the pcmcia-cs Module
Figure 4.10: Successful Output of the Orinoco Monitor Mode Patch
Figure 4.11: Changing Directories to /usr/src/pcmcia-cs-3.2.3/wireless
Figure 4.12: Rebuilding the Patched Files
Figure 4.13: Creating a Backup Directory and Copying Your Files
Figure 4.14: Placing the Drivers in the pcmcia Directory
Figure 4.15: Placing the Drivers in the Modules Directory
Figure 4.16: Verifying the Presence of the ORiNOCO Card
Figure 4.17: Verifying the ORiNOCO Patch Allows Monitor Mode
Figure 4.18: Using the su Command to Switch the User to root
Figure 4.19: Uncompressing and Untarring the Drivers
Figure 4.20: Changing to the Newly Created Directory
Figure 4.21: Building the Drivers
Figure 4.22: The Configure Script Questions
Figure 4.23: The Configuration Was Successful
Figure 4.24: Issuing the make all Command
Figure 4.25: Installing the New wlan-ng Drivers
Figure 4.26: A Successful Installation
Figure 4.27: Uncompressing and Untarring the Kismet Files
Figure 4.28: Changing to the Kismet Directory
Figure 4.29: Configuring the Installation Script
Figure 4.30: Generating Dependencies
Figure 4.31: Compiling Kismet
Figure 4.32: Installing Kismet
Figure 4.33: Success!

Chapter 5: Installing Kismet in Fedora Core 1

Figure 5.1: Checking for Monitor Mode
Figure 5.2: Using the su Command to Switch User to root
Figure 5.3: Directory Listing of Appropriate Driver Files
Figure 5.4: Patching the ORiNOCO Drivers
Figure 5.5: Compiling the ORiNOCO Drivers with make
Figure 5.6: Installing the ORiNOCO Drivers with make install
Figure 5.7: Restarting the PCMCIA Service in Fedora
Figure 5.8: Restarting Your Network
Figure 5.9: Verifying Monitor Mode on the ORiNOCO Card
Figure 5.10: Using the su Command to Switch User to root
Figure 5.11: Uncompressing and Untarring the Drivers
Figure 5.12: Changing to the Newly Created Directory
Figure 5.13: Building the Drivers
Figure 5.14: The Configure Script Questions
Figure 5.15: The Configuration Was Successful
Figure 5.16: Issuing the make all Command
Figure 5.17: Installing the New wlan-ng Drivers
Figure 5.18: Fedora Installation of PCMCIA
Figure 5.19: Restarting the PCMCIA Services
Figure 5.20: A Successful Installation
Figure 5.21: Uncompressing and Untarring the Kismet Files
Figure 5.22: Changing to the Kismet Directory
Figure 5.23: Using yum to Install the flex and ncurses Packages
Figure 5.24: Using yum to Install the gcc-c++ Package
Figure 5.25: Configuring the Installation Script
Figure 5.26: Generating Dependencies
Figure 5.27: Installing Kismet
Figure 5.28: Success!

Chapter 6: Configuring and Using Kismet

Figure 6.1: Downloading GPSD
Figure 6.2: Becoming the Root User
Figure 6.3: Uncompressing and Untarring GPSD
Figure 6.4: Changing to the gpsd-1.10 Directory
Figure 6.5: Executing the Configure Script
Figure 6.6: Compiling the GPSD Binaries with make
Figure 6.7: Issuing the make install Command
Figure 6.8: Verifying the Installation of GPS and GPSD
Figure 6.9: Starting GPSD with a Serial Data Cable
Figure 6.10: Establishing a Telnet Session with GPSD
Figure 6.11: Viewing the GPSD Process
Figure 6.12: Starting GPSD with a USB Data Cable
Figure 6.13: Editing the /usr/local/kismet.conf File
Figure 6.14: Preparing to Edit the kismet.conf file
Figure 6.15: Setting the suiduser Variable
Figure 6.16: Editing the kismet.conf File to Use Your ORiNOCO Card
Figure 6.17: Editing the kismet.conf File to Use Your Prism 2 Card
Figure 6.18: Kismet is Configured to Hop Seven Channels Per Second
Figure 6.19: Disabling Channel Hopping
Figure 6.20: Kismet Is Configured to Use a GPS
Figure 6.21: Kismet Is Configured for Use without a GPS
Figure 6.22: Kismet Fails to Start as suiduser
Figure 6.23: Changing to root Using su -
Figure 6.24: Kismet Fails to Start as root
Figure 6.25: Privileges Are Dropped to the suiduser
Figure 6.26: The Difference between su - and su
Figure 6.27: Kismet Starting
Figure 6.28: Kismet Running
Figure 6.29: The Initial Kismet User Interface
Figure 6.30: The Network Display
Figure 6.31: The Statistics Frame
Figure 6.32: The Status Frame
Figure 6.33: The Help Display Begins
Figure 6.34: The Help Display Continues
Figure 6.35: The Initial Kismet Popup
Figure 6.36: Changing to the /usr/local/etc Directory
Figure 6.37: Editing the kismet_ui.conf File
Figure 6.38: Changing the showintro Value
Figure 6.39: The Welcome Message No Longer Appears

Chapter 7: Mapping WarDrives Using StumbVerter

Figure 7.1: Unzipping the StumbVerter Files to a New Directory
Figure 7.2: The StumbVerter Setup Files
Figure 7.3: Installation Begins
Figure 7.4: Specifying the Destination Folder
Figure 7.5: Verifying the Installation Options
Figure 7.6: Installation Complete
Figure 7.7: The NetStumbler NS1 of Your WarDrive
Figure 7.8: Preparing to Export the NS1 File
Figure 7.9: Exporting to Summary
Figure 7.10: Starting StumbVerter
Figure 7.11: Using StumbVerter to Open the Map
Figure 7.12: Choosing the Summary File to Import
Figure 7.13: Import Complete
Figure 7.14: Determining an Area to Zoom in On
Figure 7.15: Your First Map
Figure 7.16: Saving Your Map
Figure 7.17: Choosing a Filename for Your Map
Figure 7.18: The WiGLE Registration Page
Figure 7.19: Browsing to Your Data Set
Figure 7.20: Changing to the DiGLE Directory
Figure 7.21: The DiGLE Client
Figure 7.22: Unzipping the New MapPack
Figure 7.23: The New MapPack Is Available
Figure 7.24: Preparing to Open Your WarDrive Log
Figure 7.25: Displaying Available NetStumbler Logs
Figure 7.26: The DiGLE Map Is Generated
Figure 7.27: Zooming In

Chapter 8: Organizing WarDrives

Figure 8.1: The DefCon 10 WarDriving Contest Legal Disclaimer
Figure 8.2: The WorldWide WarDrive Organizer Agreement
Figure 8.3: The WorldWide WarDrive Coin
Figure 8.4: The DefCon 11 WarDriving Contest Logo
Figure 8.5: The DefCon 11 WarDriving Contest Dog Tag

Chapter 9: Attacking Wireless Networks

Figure 9.1: The Administrative Tools Window
Figure 9.2: The Services Window
Figure 9.3: The Wireless Zero Configuration Service
Figure 9.4: The Wireless Zero Configuration Properties Window
Figure 9.5: Networks Detected
Figure 9.6: Available Wireless Networks
Figure 9.7: A Final Warning
Figure 9.8: The Wireless Client Manager
Figure 9.9: The Add/Edit Configuration Profile Window
Figure 9.10: The Basic Configuration Tab
Figure 9.11: A Connection Is Made
Figure 9.12: Commenting Lines in wireless.opts
Figure 9.13: The Windows Registry Editor
Figure 9.14: Expanding the Registry
Figure 9.15: Wireless Network Adapter Registry Entry
Figure 9.16: Entering the New MAC Address Value
Figure 9.17: Kismet Running
Figure 9.18: AirSnort Running
Figure 9.19: AirSnort Opens
Figure 9.20: Choosing the Card Type
Figure 9.21: AirSnort Starts Monitoring
Figure 9.22: Increasing the Crack Breadth
Figure 9.23: Executing WEPCrack.pl in Cygwin
Figure 9.24: Executing WEPCrack.pl at the Windows Command Prompt
Figure 9.25: The Wireless Network Properties
Figure 9.26: Preparing to Enter the Captured Key
Figure 9.27: Accessing the Network
Figure 9.28: The ORiNOCO Client Manager
Figure 9.29: Preparing to Add a New Configuration Profile
Figure 9.30: Naming the Target
Figure 9.31: The Edit Configuration Window
Figure 9.32: Entering the Cracked WEP Key
Figure 9.33: Open wireless.opts for Editing
Figure 9.34: Configuring the wireless.opts File
Figure 9.35: More Configurations for the wirless.opts File
Figure 9.36: Restarting PCMCIA Services

Chapter 10: Basic Wireless Network Security

Figure 10.1: The Linksys WAP11 Initial Setup Screen
Figure 10.2: A Unique AP Name and SSID Are Set
Figure 10.3: The Advanced Settings
Figure 10.4: The Advanced Wireless Settings
Figure 10.5: Making WEP Mandatory on the Linksys WAP11
Figure 10.6: The WEP Key Setting Window
Figure 10.7: Select 128-Bit WEP
Figure 10.8: Generating WEP Keys
Figure 10.9: Enable MAC Address Filtering
Figure 10.10: Finding the MAC Address on the Card Label
Figure 10.11: Using ipconfig /all in Windows to Determine the MAC Address
Figure 10.12: Using ifconfig to Determine the MAC Address in Linux
Figure 10.13: The Linksys BEFW11SR Initial Setup Screen
Figure 10.14: Entering a Unique SSID
Figure 10.15: Disable SSID Broadcast on the Linksys BEFW11SR
Figure 10.16: Select the Mandatory Radio Button
Figure 10.17: Generate a WEP Key
Figure 10.18: The Advanced Wireless Settings Window
Figure 10.19: Enable Station MAC Filter
Figure 10.20: The Wireless Group MAC Table Window
Figure 10.21: Enter Allowed MAC Addresses
Figure 10.22: The Linksys WRT54G Initial Setup Screen
Figure 10.23: Setting a Unique SSID on the WRT54G
Figure 10.24: Disable SSID Broadcast
Figure 10.25: Enable WEP on the WRT54G
Figure 10.26: The WEP Keys Window
Figure 10.27: The Advanced Wireless Screen
Figure 10.28: The Wireless MAC Filter Options
Figure 10.29: The MAC Address Filter List Window
Figure 10.30: Enter Allowed MAC Addresses
Figure 10.31: The D-Link DI-624 Initial Setup Screen
Figure 10.32: The Wireless Settings Screen
Figure 10.33: Set a Unique SSID
Figure 10.34: Enable WEP
Figure 10.35: Require 128-Bit WEP Encryption
Figure 10.36: Assign WEP Keys
Figure 10.37: The Advanced Options Screen
Figure 10.38: The Advanced Filters Options
Figure 10.39: The MAC Filtering Options
Figure 10.40: Filter by MAC Address
Figure 10.41: The Advanced Performance Options
Figure 10.42: Disabling SSID Broadcast
Figure 10.43: The Windows XP Wireless Network Connection Properties Window
Figure 10.44: Configuring Windows XP Clients for Use
Figure 10.45: The Configuration Profiles
Figure 10.46: Entering the WEP Key
Figure 10.47: Editing the wireless.opts File
Figure 10.48: Commenting Lines Out of the wireless.
Figure 10.49: Entering the SSID and WEP Key
Figure 10.50: The Linksys WET 11 Initial Setup Screen
Figure 10.51: Set the SSID and Enable WEP
Figure 10.52: Enter the WEP Keys

Chapter 11: Advanced Wireless Network Security

Figure 11.1: The DI-624 Initial Configuration Screen
Figure 11.2: The Wireless Configuration Options Window
Figure 11.3: The WPA Configuration Screen
Figure 11.4: The WPA-PSK Configuration Screen
Figure 11.5: The Linksys WRV54G Initial Configuration Screen
Figure 11.6: The Wireless Networks Settings Screen
Figure 11.7: The Wireless Security Settings
Figure 11.8: The WPA RADIUS Settings
Figure 11.9: The WPA Pre-Shared Key Settings
Figure 11.10: The Connection Properties Window
Figure 11.11: WPA Client Settings
Figure 11.12: Dolphin Provides Gateway Services for the Wireless Network
Figure 11.13: Configuring the Network Adapter
Figure 11.14: Finding the Wireless Side of the Dolphin Server
Figure 11.15: Making the Dolphin Connections
Figure 11.16: Verifying the DHCP Lease
Figure 11.17: Connecting to the Dolphin Server
Figure 11.18: Logging into the Dolphin Web Page
Figure 11.19: Login Is Successful
Figure 11.20: Logging In to the Administrative Interface
Figure 11.21: Changing the Wired-Side Network Properties
Figure 11.22: Changing the Wireless-Side Network Properties
Figure 11.23: Dolphin Provides Quality of Service Controls for Wireless Clients
Figure 11.24: Creating Users for the Dolphin Database
Figure 11.25: Creating or Modifying Security Policies
Figure 11.26: Changing the Administrator Password
Figure 11.27: Using the Dolphin_status.tcl File to Log In
Figure 11.28: Local Security Settings
Figure 11.29: Naming the Local Security Policy
Figure 11.30: Deactivate the Default Response Rule
Figure 11.31: Completing the Local Policy Creation
Figure 11.32: The Policy Properties
Figure 11.33: The IP Filter List Window
Figure 11.34: The IP Filter Settings
Figure 11.35: Creating the Second Filter
Figure 11.36: The Filter Properties Window
Figure 11.37: The Require Security Properties Window
Figure 11.38: The Security Methods Options
Figure 11.39: Entering the Pre-Shared Key
Figure 11.40: The Tunnel Setting Tab
Figure 11.41: Select the Connection Type
Figure 11.42: Assigning the Security Policy
Figure 11.43: The WRV54G VPN Settings
Figure 11.44: The Completed VPN Settings
Figure 11.45: The Cisco LEAP and RADIUS Solution
Figure 11.46: SBR Has a “Try It Before You Buy It” Feature
Figure 11.47: Choosing the Installation Options and Location
Figure 11.48: Launching the Admin Application
Figure 11.49: Configuring SBR for LEAP
Figure 11.50: Configuring the RAS Client Properties
Figure 11.51: Entering the Shared Secret
Figure 11.52: Creating Native Users
Figure 11.53: Entering the User Password
Figure 11.54: Selecting the Authentication Methods
Figure 11.55: Enabling EAP Authentication
Figure 11.56: Entering the Broadcast WEP Key
Figure 11.57: Configuring the RADIUS Server Information
Figure 11.58: Configuring Reauthentication
Figure 11.59: Using the Cisco ACU
Figure 11.60: Creating a New Profile
Figure 11.61: Configuring the SSID for the Profile
Figure 11.62: Configuring the Authentication Method
Figure 11.63: Configuring LEAP Options
Figure 11.64: Logging into the Wireless Network Using LEAP
Figure 11.65: Monitoring the RADIUS Server Statistics
Figure 11.66: Modifying the eap.ini File for Domain Authentication
Figure 11.67: Checking Authentication Methods
Figure 11.68: Adding a Domain User
Figure 11.69: Configuring LEAP Options for Domain Authentication
Figure 11.70: 802.1X Authentication Process Using EAP-TLS
Figure 11.71: Certificate Snap-In Showing Trusted Root Certification Authorities
Figure 11.72: Configuring a Domain Group Policy for Auto-Enrollment of Computer Certificates
Figure 11.73: Choosing a Computer Certificate Template for Auto-Enrollment
Figure 11.74: Requesting a User Certificate
Figure 11.75: Choosing a Certificate Type
Figure 11.76: Adding a NAS-Port-Type Condition to Remote Access Policy
Figure 11.77: Adding Wireless NAS-Port-Type Conditions
Figure 11.78: Configuring the Dial-In Profile for 802.1X Authentication
Figure 11.79: Adding a RADIUS Client
Figure 11.80: Configuring an ORiNOCO AP 500 for 802.1X Authentication
Figure 11.81: Authentication Properties for Wireless Client
Figure 11.82: Configure Smart Card or Other Certificate Properties
Figure 11.83: Configuring Windows XP Wireless Properties for 802.1X Authentication

< Day Day Up >