HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 13 guests online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Catching a wireless hacker
Ethical Hacker Community Forums
November 23, 2008, 07:40:52 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Catching a wireless hacker  (Read 4327 times)
0 Members and 1 Guest are viewing this topic.
Exige69
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: September 26, 2007, 05:55:13 AM »
Hi,

Could someone help me out here, I think my network has been hacked into.  I'm planning on deploying an intrusion detection system centred around Snort and/or KisMac.  So the next time someone probes by network I will know. 

My question is whether Snort and KisMac/KisMet will alert me whenever someone tries to access my network.  Can they sniff my packets in passive mode and retrieve my passwords, or do they have to be on active sensing mode? I would like to set a trap to entice this person to so that I get alerted.

Thanks

Exige
Logged
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 363



View Profile WWW
« Reply #1 on: September 26, 2007, 07:14:49 AM »
Airsnare can do this for you and it will also alert you when it sees someone spoofing there IP/MAC address. It is easy to use and should do most of what you asked for.

http://www.anti-hacker.info/video/Airsnare/Airsnare.html

Good luck

Brian
aka Slimjim100
Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
LK
Newbie
*
Offline Offline

Posts: 20


View Profile
« Reply #2 on: September 26, 2007, 12:15:16 PM »
Why spend time&effort on setting up a wireless IDS when you can improve your wireless security settings?

If your access point supports it, you should switch to WPA2 encryption (not vulnerable to attacks yet). Scan you computer for keyloggers or backdoors, review your wireless settings, update your wireless card driver and that should do it.

But, if you are willing to spend time in setting up a Wireless IDS, you can use Airsnare in order to be alerted when an unfriendly MAC address associates with your access point, but if you want to be protected for future attacks, my opinion is to use Kismet. Kismet can be set up also as an WIDS. You will be alerted when someone is wardriving near your location, if various attacks are performed (deauthentication etc.). I don't know if Airsnare has the same capabilities as Kismet does, but I am only familiar with Kismet.

The hacker can sniff your packets in passive mode, but if you are using an encryption method that's secure enough you should have no problems.

But, before doing any of the above, maybe it will be a good idea to review your AP logs, you can find out from there if someone else successfully authenticated with your AP.
Logged
Security+,OSCP
EmanoN
Newbie
*
Offline Offline

Posts: 41


View Profile
« Reply #3 on: September 26, 2007, 03:05:21 PM »
Airsnare blows as any kind of protection. It only shows a mac address you dont permit. I can sit with Kismet and see whatever mac addresses that are on your network and change my mac to that. Airsnare will gladly ignore me then and see me as friendly.  Why waste your time with that when you could just set up your security better. 
Logged
Exige69
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #4 on: September 26, 2007, 07:43:33 PM »
Thanks, do you guys know if there is a Mac OS X download for airsnare?  If not, what other tool would be similar?
Logged
dean
Full Member
***
Offline Offline

Posts: 130


View Profile
« Reply #5 on: September 27, 2007, 12:29:37 PM »
"If your access point supports it, you should switch to WPA2 encryption (not vulnerable to attacks yet)."

Actually WPA2 using pre-shared keys is vulnerable to the same offline dictionary attacks that WPA1 is since the key exchange algorithm is the same between WPA2 and WPA1.

Look at tools like CoWPAtty and Aircrack-NG both of which have WPA2 cracking capabilities.

Cheers,
Dean
Logged
<script>alert('%52%54%46%4D')</script>
LK
Newbie
*
Offline Offline

Posts: 20


View Profile
« Reply #6 on: September 27, 2007, 01:54:34 PM »
Looks like dean is right, WPA2 is also vulnerable to an off-line dictionary attack.

Last time I used aircrack-ng suite for a wireless hacking demonstration there was nothing about WPA2 dictionary attack in the aircrack-ng tutorials.

Good thing to know, thanks dean!
Logged
Security+,OSCP
JeffCT
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #7 on: October 15, 2007, 08:24:33 PM »
Much easier to just switch to WPA2 encryption. With a strong password, offline dictionary attacks won't get anywhere.
Logged
CISSP, CEH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.047 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.