Everyone has a wifi network these days and this is good, as wifi networks make it easy to connect all our devices to the net wherever they may be. This of course leads to a question. How secure is your network? Most people seem to think that a passkey/password is enough to keep your network from intruders. I’d like to show you why you need more than a password to keep your network safe.
Please note, I’m not an expert Network Administrator or certified Cisco Engineer (heck, I don’t even know how to make a network cable(that’s not really true, but point is I just know some stuff about networks, but not enough to be called an expert ok?))
That said, I’d like to share with you some tips on how NOT to protect you wifi network. This could also be read as how to infiltrate a weakly secured wifi connection. The side of the river you choose to stand on is totally up to you.
Ok, so let’s get into it shall we?
For the purposes of writing this article, I’ll be infiltrating the wifi network of a certain college in my area, needless to say, this college needs to get a new Systems Admin or sponsor the current one to a lecture on Network Security.
Here is a brief run-down of the network:
1) The network is not hidden, i.e it has a public SSID that any wifi enabled device can pickup on.
2) It uses WEP encryption.
3) There are a number of access points all broadcasting the same SSID
4) The signal strength is excellent from where I’m working from, so I must be near one of the access points.
If you don’t understand the statements above, here’s the simpler version:
1) Any wifi enabled device can see this network.
2) The network is protected using an encryption system that’s very easy to decode(It doesn’t matter how long/complex the password is,decoding it is simple)
3) The wireless signal doesn’t originate from one source, but from three or so.
We’re now familiar with the network. Time to get ourselves in.
First Obstacle: The network key/password
To be able to connect to the network, this is the first obstacle we have to tackle.
There are three effective ways of obtaining the password, you just have to use whichever is easier/more convenient.
1) Ask someone for the key
Sounds obvious, but you’d be surprised how ‘helpful’ people can be when they believe they are helping out a fellow employee.
Call the IT department,and tell them you need the passkey. Adding a moving story about how badly you need to use the net won’t hurt. Might work (usually does if executed well)
2) Get access to a computer/device that has can connect to the network and copy the password from there. Most computers allow you to view the properties for the wireless connections the computer is connected to. Load these up and check for a section that reads “Security”,”Advanced”, “Wireless Security” or something along those lines. There should be info about the type of security used for this network and there’s usually a section containing the key, usually in asterisk form. Clicking the “Show key” check box reveals the key.
It’s important to get as much detail as you can from the computer in question. Get info such as MAC address, IP address and any DNS servers it may be connecting to.
3) If you have to, sniff the network and determine the password.
Most times however, the above methods are simply not possible, so the best way is to sniff the network and decode the key.
There are lot’s of programs that can do this on the internet. Googling network sniffers or WEP crackers should get you the desired result.
After obtaining the key(don’t ask me how I got it), I’ve gone ahead to fill in the necessary proxies and ports.
Second Obstacle : Getting past MAC filtering
Doing the above isn’t enough though, because I still can’t load pages. The proxy settings are correct, the passkey is correct, so this means that the computer controlling the network is using MAC filtering to restrict computers from connecting to the internet.
MAC filtering is a security measure that uses your network card’s unique hardware identifier called a MAC Address to allow/disallow computers from connecting.
Breaking MAC filtering is a synch, especially if you use Ubuntu Linux like me.
The procedure is simple, I turn my wifi adapter off, change the MAC address it broadcasts to the network and turn it back on again.
Just three commands typed in the terminal and that’s it. The key here is to replace your MAC with one that belongs to a computer that can already connect.
Third Obstacle: Restricted Websites
The steps above worked and I’ve managed to load web pages, but can’t load many social media sites like YouTube as they are blocked. For some strange reason, Facebook isn’t.The server seems to be using Squid to restrict access.Now what is Internet without YouTube?
Ok, to get past this, you can employ a number of tricks to fool the server. Here are my favourite:
1) Type in the IP address of the website you’re visiting instead of it’s URL.
2) Use a proxy
Number 2 worked like a charm 🙂
Fourth Obstacle: Downloading media
Okay, so I’ve managed to connect to the network, and access restricted sites, but downloading files that had audio/video extensions is not possible (or is it?) Here’s the logic, whenever you attempt to download a file from the Internet the server scans the file and checks whether you can download files that have the file extension you’re trying to download. If the extension isn’t blacklisted, you can download the file, if it is, you get an error message. I needto download a video, so the only logical way to get around this would be to change the file extension of the file before it gets to the College server.
Again this is not a problem, I used a lovely tool that allows you to archive files from anywhere on the web and download the resulting archive instead of archiving the files yourself. I had no intentions of making an archive though, all I wanted was a file with a different file name and that is exactly what I got.
Having said that, I can safely say that I had managed to use that Internet connection to the full despite the security features protecting the network.
So, to summarise this, here is how not to protect a wifi connection:
- Don’t use WEP and if you have to
- Don’t use the same key forever
- Don’t use MAC Filtering
- Don’t just use a simple Squid IPtable rule
- Don’t block sites based on their IP Address and or url.
- Don’t use Wifi @ all, you’d rather run cables
- Don’t put your signal strength to MAX, or else, people like me can park outside and take advantage
<lisniff network, get key
- use key and connect.
- wifi is mac locked?
Spoof the darn thing, no one will know. Piece of cake in Linux…haha
- Can’t access Youtube?
Use a proxy for crying in a bucket
- Can’t download mp3s/videos?
just change the file extension.
- Web gateway runs on Dan’s Guardian?
Then you’re screwed basically. Unless you know the Syst Admin hehe