Unix Clan
Lecturer: simprix
Converter: DKsk8
Lecture: Wardriving

<Forbze> lol
<simprix> ok im back
<AZTEK> well now loging works
<AZTEK> i am loging simprix
<simprix> ok
<simprix> anyone can butt in if they want or if i say something wrong
<simprix> ok
<simprix> everyone here
<miteymous> ;]
<Strider> ya
<simprix> ok girls and boys
<simprix> Ok this will be centralized around linux because I have never done this in Windows and Windows sucks
<miteymous> oki
<simprix> one thing i do know if you want to do this in windows then you need to use netstumpler
<miteymous> or ApSniff
<miteymous> from a website i am lookin at :/
<simprix> Ok first off in linux you need to recompile your kernel with netlink and get rid of pcmcia support in the kernel
<simprix> then you have to get the pcmcia source for pcmcia-cd.sourceforge.net
<simprix> there are to ways you can do it now
<simprix> you can use the wireless extensions in the kernel but you need a good card like a cisco aironet card
<simprix> but the wireless extensions does not have as good sniffing techniques as the linux-wlan source
<simprix> so they way i have done it is using the linux-wlan-ng source
<simprix> you can get that from www.linux-wlan.org and you need to compile that
<simprix> any questions so far?
<simprix> or is no one listening
<Strider> nope
<miteymous> is there info on editing the kernel?
<simprix> have you recompiled a kernel before?
<Strider> miteymouse, wheres that site with ApSniff?
<miteymous> no im new sorry :(
<miteymous> strider: www.wardriving.com
<Paranoiac> What he/she/it said^
<Strider> thnx
<simprix> ok well you should read the howto
<miteymous> i plan on it :P
<simprix> ok once you have compiled all that stuff your almost ready to get started
<Paranoiac> Could you just explain what it is that those modifications do?
<Paranoiac> Or is it too lenghty to explain now.
<simprix> oh yea the linux-wlan stuff only works with the prism2 chipset, which are cards like linksys, dlink, netgear, zoom alot of consumer cards
<simprix> what motifications
<Paranoiac> The recompilations
<simprix> they are pretty much drivers for the cards
<simprix> i prefer the zoom wireless cards
<Paranoiac> Ah, ty
<simprix> ok does everyone in here know what snmp is
<Forbze> any aussies here>?
<Forbze> SNMP
* Paranoiac does not....is a know-nothing-newb
<simprix> well the linux-wlan binaries are alot like using snmp
<simprix> like to specify the ssid
<simprix> a ssid is kinda like a network id
<simprix> say one access point is on ssid: ap01
<simprix> and one access point is on ssid: ap02
--- BaGeL[CS] is now known as BaGeL
<simprix> and you want to attach to ap01 then you would use the ssid of ap01
<simprix> it is two specify wireless networks
<simprix> everyone with me?
<simprix> and questions?
<Forbze> SNMP - Simple Network Managment Protocol
<simprix> ep
<simprix> yep
<Paranoiac> Ah
<Forbze> http://www.rad.com/networks/1995/snmp/snmp.htm
<Paranoiac> Ty
<simprix> ok but if you are not familer with snmp and using mibs, you could use a program my friend wrote called wlanfe you can get it from se.rious.net or freshmeat.net
--> r ([email protected]) has joined #bsrf
<simprix> ok now you are ready to go wardriving
--> Sheik ([email protected]) has joined #bsrf
<simprix> i am warning, make sure you are with someone else and make them drive
<Paranoiac> Hehe
<simprix> it is really hard to drive and look at your computer at the same time trust me
<Forbze> wtf?
<Forbze> drive?
<Forbze> and computer
<Strider> heh
<simprix> yes
<simprix> also you should get some programs before you go
<miteymous> so you basically can just use someone elses wireless network?
<simprix> these programs are kismet, airsnort, scanchan, arpping
<simprix> yes miteymous
<miteymous> like...hijack it...an invisible parasite?
<miteymous> ok question
<simprix> yes
-- Sheik has quit (Quit: )
<miteymous> would it be possible to set up your own wireless network, that hijacks your targets, and then spreads it farther via your equipment
<miteymous> maybe letting you have free access at your house
<simprix> yes you could bridge the connection
<simprix> with a wireless bridge
<Paranoiac> he networks would need to overlap, though
<Paranoiac> *The
<miteymous> would the same basic techniques work with cell phone modems
<simprix> well if you have the wireless bridge on the same ssid then your ok
<simprix> and they wont overlap
<simprix> miteymous: i dont know anything about cell phone modems
<miteymous> well i mean they obviously work on different frequencies
<simprix> it might work but i dont know what cell phones use as there protocals
<simprix> well then you could use a frequency counter and use a ham radio
-- Forbze has quit (Ping timeout)
<LiquidKn0wledge> hey is neve campbelle that girl in the movie three to tango?
<simprix> everyone ready to continue
-- r ([email protected]) has left #bsrf
<Strider> go ahead :)
<miteymous> yah
<miteymous> :D
--> Forbze ([email protected]) has joined #bsrf
--- ChanServ gives channel operator status to Forbze
<simprix> ok well when you are ready to go you need to put your wireless card in promiscuos mode which means it will gather everything that is in the air
<simprix> there are tools that come with kismet
-- LiquidKn0wledge ([email protected]) has left #bsrf
<simprix> ok after that is all set you will start up kismet
<simprix> and go drive around
<simprix> once something pops up on the screen there will be three sections
<zemo> nite all
<simprix> ssid: it will say the ssid here
<Strider> nite
<simprix> WEP: it will say if wep is being used
<simprix> channel it will say what channel the network is on
<simprix> does everyone know what WEP is
<miteymous> no
<Paranoiac> ditto
<simprix> wireless encryption protocal
<simprix> it encrypts the network
<simprix> so you cant attach to the network unless you have the wep key
<Paranoiac> What kind of encryption is it?
<simprix> RC4
-- ro0t has quit (Quit: rm -rf /;reboot&)
<miteymous> so you have to crack the encryption then, does kismet do that?
<simprix> no
--> ro0t ([email protected]) has joined #bsrf
<simprix> ok we will get to what you do if they use wep
<simprix> but first we will talk about a network with out wep
<simprix> while you are watching a kismet it will say what the ssid is remember that
<simprix> if it says under W: N, then they arent using wep
<simprix> ok so once you have got these
<simprix> you will need pop out your card to take it out of promiscues mode
<simprix> and pop it back in
<simprix> then you will open wlanfe
<simprix> and under ssid type the ssid you got from kismet
<simprix> and click apply
<simprix> now you are attached
<simprix> now you need to get a ip
<simprix> if the access point is using dhcp you can get it that way
<simprix> but if it isnt you need to find out what ips they are using
<simprix> to do this we will use arping
<simprix> run that and we will get some ips they are using
<simprix> so you will assign a unused ip using ifconfig
<simprix> and then it is just like you are on a normal network
<simprix> any questions?
<miteymous> so at this point you are connected and have internet access?
<Strider> huh? is this thing still going??
<miteymous> and access to their network?
<Strider> j/k
<Paranoiac> Hehe
<simprix> yes
<simprix> what Strider are you bored
<miteymous> whoah
<Paranoiac> Are there many networks that are unsecured?
<simprix> yes
<simprix> lots
<Paranoiac> Groovy
<simprix> the city hall in my town is not using wep
<simprix> Strider: what can we do to keep you interested
<Strider> me?
<Strider> ermm
<Strider> danece?
<Strider> dance*
<Paranoiac> How can you secure yourself from being detected/accessed?
<miteymous> ok so lets say you are connected now
<miteymous> would you be able to see all the computers that are shared on the network?
<simprix> yes
<miteymous> network neighborhood type thing?
<simprix> if you use samba
<simprix> sorry Strider
<simprix> Paranoiac: i will get to securing them later
* miteymous does the chicken dance for Strider
<Strider> lmao
<Paranoiac> Ahh, ok...thanks
<Paranoiac> Bah....that's nothing
<miteymous> wait i thought samba was used to show graphics
* Paranoiac does the Funky Monkey
<miteymous> when compiling programs etc
<simprix> nope
<simprix> what Strider
<miteymous> ahhsoo o_O
<simprix> ok everyone ready
<simprix> to talk about wep
<miteymous> yup
<Paranoiac> Aye, cap'n
<Strider> go on then
<simprix> ok
<simprix> well out in california two kids figured out how to break wep
<Strider> hold on, whats wep?? is that still the wireless thingy?
<simprix> yes
<Strider> ah ok
<Strider> carry on
<miteymous> wireless encryption protocol :x
<simprix> it is wireless encryption protocal
<simprix> ok when you find a wireless network you need to use airsnort
<simprix> with your card still in promiscuos mode you need to start airsnort and just start to gather packets
--> GOD ([email protected]) has joined #bsrf
<simprix> usually with a 128 bit wep key you should gather 1 gig of traffic
<simprix> then it will list the wep key
<simprix> everyone with me so far
<Paranoiac> So it grabs the key from the other user's packets?
<miteymous> airsnort figures out the key for you?
<simprix> yes and beacon frames
<simprix> yes miteymous
<Paranoiac> That's useful
<simprix> yes
<simprix> ok so once you have the wep key
<Paranoiac> Is the WEP verification a constant activity then? As opposed to using it once, like a password....
--> nosolution ([email protected]) has joined #bsrf
<simprix> you will load up wlanfe and put the ssid you have and click on the wep key tab and type the key
<simprix> yes it is constant Paranoiac
--> Jackel88 ([email protected]) has joined #bsrf
<simprix> ok so once you attach to the network you need to get your ip the same way you did before
<simprix> without wep
-- Jackel88 has quit (Quit: Leaving)
<simprix> ok there are three ways to secure a wireless network besides wep
--- GOD is now known as satan
<miteymous> kewl
<simprix> cause wep sucks
-- bluehaze[BED] has quit (Ping timeout)
<Paranoiac> Hehe
<satan> hey this is already registered
<simprix> ok the three ways are a radius server, a kerbores server, ipsec
--- satan is now known as compaq
<simprix> if you need to know about those ways read the rfc's cause i am not going to explain them this time maybe another lecture
<miteymous> suhweet
<simprix> ok im done any questions
<simprix> or opinions
<miteymous> do you have to have a big antennae?
<simprix> no
<miteymous> and how far away can you be
--> Ravish ([email protected]) has joined #bsrf
<simprix> 500 feet is 2 megs a second
* Strider is away (finger lickin the chicken)
<miteymous> hmm
-- Forbze has quit (Quit: Vive La Revolution)
<miteymous> thats not that far
<Paranoiac> What kind of wireless is this?
<simprix> i would not go past 500 feet
<simprix> its 802.11b
<Paranoiac> Ahh good
<Paranoiac> At least I've heard of it
<simprix> 802.11a, 802.11g are supposed to be better
<miteymous> but you said earlier you could bridge it, so itd be possible to get within say 100 feet, bridge the connection to a landline that went back to your house?
<simprix> yea you could do that
<miteymous> to keep the speeds?
<Ravish> hi
<simprix> bridges go up to 2 miles
<simprix> hey ravish
<miteymous> oh wow
<Paranoiac> What is a bridge, exactly?
<miteymous> can i build one using a coke can and a piece of twine? :p
<simprix> not a bridge maybe a antenna
<Paranoiac> Hehehe
<miteymous> lol
<miteymous> omgggggggg
<miteymous> coke all over my pc
--> criven ([email protected]) has joined #bsrf
<Paranoiac> .....that's not goof
<Paranoiac> *good
<simprix> ok everyone done
<Paranoiac> Groovy
<simprix> or more questions
<Paranoiac> By the way, where do you get your tools from?
<simprix> the internet
<Paranoiac> ......thanks
<simprix> freshmeat
<Paranoiac> Thank you
<simprix> so do you guys think i did a good job on my first lecture
<miteymous> yes :)
<Paranoiac> Yep
--- compaq is now known as AOL
<miteymous> im gonna try it out next year, and maybe get free internet access :x
<Paranoiac> This is my first, and it was damned good
--- AOL is now known as GODFATHER
<simprix> ok well if you suys have any questions you can email me at [email protected]
<simprix> or [email protected]
<Paranoiac> Here's a question: Is there any way to cloak your connection, so that they network can't see your pc?
<simprix> well you could drop ping packets and setup a firewall and close all ports
<simprix> but if your doing something on the network they will see you
<Paranoiac> Ahh
-- misguidedpoet has quit (Quit: gonna have some fun with dreamweaver)
--> th0rn ([email protected]) has joined #bsrf
--> Sub-0 ([email protected]) has joined #bsrf
<miteymous> oh
<miteymous> so eventually they will find you
<Paranoiac> Another stupid question: Which OS are you people running?
<simprix> yea if you camp out their
<miteymous> :/
<simprix> i run linux
<miteymous> i run winxp atm
<Paranoiac> Which distro?
<GODFATHER> i run mandrake also
* Strider is back (finger lickin the chicken) - was away 11mins 38secs
<BaGeL> night guys
-- BaGeL has quit (Quit: )
<simprix> crux
<Paranoiac> Ah
<Paranoiac> Ty
<miteymous> umm
<miteymous> corporate pro
<Paranoiac> Is there a lecture at this time every week?
<simprix> not that i know of
<miteymous> i think there should be :x
<simprix> yea
<Paranoiac> How does one find out when there will be one?
<simprix> ask AZTEK
--- Sub-0 is now known as Liquid-is-away
<simprix> i think there hadn't been one in awhile
<Strider> anyone wanna do a lec on summin a bit more n00b orientated?
<miteymous> yah, like spoofing your ip :x
<Paranoiac> Wasn't this n00b orientated?
<Strider> pfft
<Strider> it is if u know about it
<miteymous> i know about it now, so i would say it was :P
<Paranoiac> ...crazy...I thought it was
<Strider> well i dont know jack shit about linux so i didnt understand a bit of it
<miteymous> you can do it on windows too though :/
<th0rn> hey can someone please help me find a nice big FAQ on totalitarianism?
<Paranoiac> You don't use Linux?
<th0rn> :-)
<th0rn> lol
<th0rn> damn research paper
<Strider> nope
<th0rn> i've been lookin all over
<simprix hey guys im going to bed
<miteymous> thanx a lot simprix
<Paranoiac> Thanks
<simprix> no problem
--- Strider is now known as The_Don
<Paranoiac> You've made a simple n00b very happy
<simprix> ok
<simprix> see ya
--- simprix is now known as simprix[away]
<miteymous> bye
--- The_Don is now known as Strider
<Strider> them logs should come in handy when i do get linux :)
-- AtnNn has quit (Quit: g2g)
<Paranoiac> Hehe...I would have got it a long time ago if it weren't for my crappy 56k
* Paranoiac doesn't like 7-day downloads...