BREAKING INTO A WIRELESS NETWORK | Steal This Computer Book 3: What They Wont Tell You about the Internet

Wireless networks deal with the paradox of making access easily available while also making it secure, which means that most wireless networks emphasize convenience over security. While many wireless networks don't take any security measures at all, a few use the built-in wireless encryption standard known as WEP (Wired Equivalent Privacy).

Of course, WEP is considered insecure, which means it's like locking your screen door and expecting that to keep intruders out. To defeat any WEP-encrypted wireless networks, war-drivers have created a program called AirSnort (http://airsnort.shmoo.com), which passively gathers encrypted packets off a wireless network. When it has gathered enough of them (approximately 5 to 10 million), it can guess the encryption password, thus granting anyone access to the wireless network.

To ensure that you can crack WEP encryption, try another program called WEPCrack (http://wepcrack.sourceforge.net). Both AirSnort and WEPCrack come with source code so you can study how the programs work and either add new features or create a similar program on your own.

For added security, wireless network manufacturers also include two additional features: SSID (Service Set Identification) and MAC (Media Access Control) address authentication. SSID identifies every wireless network with a unique identifier, so only computers that know this identifier can access that particular wireless network. Likewise, every wireless access point can include a list of MAC addresses of computers that it will allow into the wireless network. If a computer has a MAC address that doesn't match the list of allowable MAC addresses, the wireless access point won't let the computer use the network.

Both SSID and MAC addresses act like passwords, but many people don't bother turning either of these features on. If they do turn these features on, they don't customize the settings. As a result, most wireless networks use the default passwords that every wireless network manufacturer ships with their products. Hackers also know these default passwords, so they just try these known passwords until they find one that works.