One of the reasons for the success of these books is our unique [email protected] program. He is one of the inventors of NoCat and is also an active member of FreeNetworks.org.
Introduction
Whether you're tech-inclined or just a novice, these hands-on tutorials and step-by-step project instructions will help you marry your sense of Wi-Fi adventure with your desire to help promote free wireless networks and improve communities . Now is the time to join a group in your area (or start one!) to help promote community wireless and the philosophy of free and open broadband access.
Introduction to Wireless Hacking
A Brief Overview of the Wireless World
Topics in this Chapter
Introduction to Wi-Fi
The History and Basics of 802.11
See Table 1.1 for a list of all channels. The range (distance) of 802.11b can vary widely, but each access point (with standard antennas) typically covers a few hundred feet (indoors) or a few thousand feet (outdoors). Upside: Relatively high speed; more non-overlapping channels than 802.11b/g; 5 GHz spectrum is less crowded.
Why Wi-Fi?
When it comes to the use of the airwaves in the United States, we find an area of intersection between the FCC and the IEEE. For example, the 802.11a IEEE guidelines for power limits are actually 20 percent lower than the FCC limits. Table 1.3 shows the relative FCC and IEEE power limits.
N OTE …ISP S
Before the advent of the Internet, computers were connected via a network to share files and devices, such as printers. NAT'ing makes all wireless network traffic appear to originate from a single IP address, giving the perpetrator a cloak of anonymity.
Summary
Use of the Terms of Service intercept portal is also necessary to limit the property owner's liability. Finally, you need to be sure that bandwidth sharing is not a violation of your ISP's terms of service.
Building Large Scale Community
However, if you want to cover an area beyond the range of a single access point, there are a number of solutions available. There are two issues you will need to consider. The first is where to place access points to ensure coverage for all clients. The second is how to get bandwidth to access points. APs that provide 802.11 coverage to clients (typically 802.11g or 802.11b) are often referred to as "client access radios". Ideally, you should place the APs close enough to each other that you still have a little overlap (typically 10 to 15 percent) to ensure flawless coverage.
Wireless Distribution System (WDS)
Also in this chapter we will talk about some of the social and community elements of wireless networking as experienced by SoCalFreeNet. APs that support WDS can communicate wirelessly with other APs while still communicating with client devices.
5-GHz Links
The downside of using WDS is that the bandwidth is cut in half every time a frame travels through a WDS AP (sometimes called a "hop"). This happens because all WDS devices must operate on the same channel. Therefore, the WDS AP must listen for the frame and then forward it on the same channel. Another problem with WDS is that not all access points support it.
Working with Client Devices
Competing with the Phone/Cable Companies
Outfitting Coffee Shops and Retail Locations
Getting the Neighborhood Involved
While this type of functionality isn't necessary for home networking, many business owners find this feature incredibly useful. This is happening not only 'digitally', through email and web exchanges that are now possible, but also in the 'analogue' (real) world, as we move 'beyond' the computer screen and involve more and more people in implementation activities. , helping the network grow and encouraging neighbors to help each other with wireless support issues.
Securing
Our Wireless Community
These long-distance eavesdroppers remind us of an age-old reality that some users use (wireless) technology to achieve positive goals, while others use our networks for negative purposes. These malicious users can often create problems for other individuals as well as the architects of our wireless society. These crimes appear when a user tries to break into/hijack computers or attack other users on the Internet.
The Captive Portal
The m0n0wall server acts as a captive portal and PPTP VPN concentrator for the wireless clients. The Cisco Access Point (AP) acts as a basic client access radio. However, the captive portal must be installed separately. The Pebble images come with NoCat bundled and pre-installed.
N OTE …DNS I SSUES
Once we have the images available on a website, we add an tag to our portal page with a fully qualified reference to the image. This is a fancy way of telling us to use the entire web address when referencing the image location. 1.186/images/logo.gif ”>. This tells the user's browser to go to another server to get the image for our portal page.
Building a PPTP VPN
We get a message at the top saying "The changes were applied successfully." See Figure 3.9 for the end result. As you can see in screen Figure 3.14, the Network Connections window will appear with your current network adapters already visible.
Hacking the Mind of a Wireless User
Teach your children about the Internet and how to stay safe in the cyber world. Follow your instincts. The Internet mirrors life in many ways, and the cyber world has its own ghettos and undesirable areas.
Other Hacks
Hacking Projects
Wireless
Access Points
Some access points are newly installed; others are built using single-board computers and Linux. This chapter will serve as an introduction to all of your hardware options.
Wi-Fi Meets Linux
You will notice that the look and feel of the Sveasoft management interface is identical to the standard Linksys interface. One of the more interesting features of Wifi box is a built-in PPTP VPN server.
Soekris Single-Board Computers
It includes 64 MB of RAM, two Ethernet ports, one serial (console) port, a Compact Flash slot, one Mini-PCI slot, and one PCMCIA slot. The net4511 supports Power over Ethernet (PoE) using the IEEE 802.3af standard. Soekris also sells PCI and Mini-PCI hardware accelerator encryption cards. The cards work perfectly as VPN accelerators or for scenarios where AES encryption is required. The vpn1401 (PCI) and vpn1411 (mini-PCI) support throughput of up to 250 Mbps.
Proxim 8571 802.11a Access Point
For configuration purposes, you can connect to the device using an 802.11a wireless client or by connecting an Ethernet cable directly to the 8571 device. If you are curious, the antenna connectors on the PCMCIA card are Radiall UMP series. You can find more information here: www.firstsourceinc.com/PDFs/ump.pdf.
Wireless Client Access Devices
In this chapter, we discuss the different types of client access to a wireless network. After you finish this chapter, you will understand everything you need to know to get your client device up and running on a wireless network.
Notebook Computers
As you can see in Figure 5.1, the antenna (the black part at the top of the card) extends about half an inch or so from the card. This design is required to get better reception than if the antenna were buried inside the card slot. The antenna connectors of the card in Figure 5.3 are located on the upper left; they are the two small dots next to the big silver sink.
Desktop Computers
As you can see in Figure 5.4, modern cards often have more powerful detachable antennas that can improve your reception. Figure 5.5 shows an example of an ORiNOCO USB client adapter. These were very common a few years ago.
PDAs
Although the Compact Flash interface was originally used to expand the amount of memory in a device, it can now be used for network devices, such as the Linksys Compact Flash device shown in Figure 5.8. PCMCIA to CF adapter as shown in Figure 5.9, the only downside would be if the card manufacturer never published any drivers for the device.
WarDriving
Some Wi-Fi SDIO cards also include storage (memory) in addition to wireless functionality. WarDriving can be accomplished using almost any notebook computer or PDA equipped with a Wi-Fi card. There is free software available for almost every operating system.
N OTE …WWWD4 (J UNE 12–19, 2004)
Your WarDriving software will record this information when an AP is detected. Accuracy depends on how fast you're driving and the effective range of that particular AP. If your AP supports a "Closed Mode" feature, you can use it to disable broadcasting the SSID in the management beacon. This is the actual data that most WarDriving packs are looking for.
Other Resources
Please note that this will not stop all WarDrivers, as some software may capture the SSID in the probe requests/responses of legitimate users associating with the network. Enable WEP or WPA security. This won't stop a WarDriver from locating your network, but it will prevent the regular WarDriver from automatically connecting to your network.
Software Projects
Operating Systems
In the "Access Points" chapter, we looked at some of the hardware available to build your own access point. Installation techniques vary widely across distros and your hardware of choice. You'll need a different computer, other than your access point's hardware, to prepare the distro for use.
To complete the m0n0wall configuration, use your Internet Service Provider (or WAN), as shown in Table 6.4. Click Save and you will see the entry at the bottom of the DHCP table, as shown in Figure 6.18.
Pebble—Powerful, Raw, Complete
Accordingly, the Compact Flash card (or custom CD-ROM) must be created from a Linux operating system. It will copy the Pebble files to the compact flash and then write down the appropriate passwords and security keys.
Monitoring Your Network
But if you use some of the advanced equipment and techniques suggested in this book, chances are your network will be used by many others. In this chapter we will talk about some different monitoring systems that provide graphical displays of your equipment and its operation.
Enabling SNMP
How much you worry about this depends on how you use your network. Once you've enabled SNMP, you can get started using the tools described in this chapter. The first, Getif, is a good tool for confirming basic device functionality and configuration.
Getif and SNMP
Exploration for Microsoft Windows
It is shown in Figure 7.3 with an IP address of 10.0.0.1 (the m0n0wall firewall is used as an example in this section). The Read Community field is set to "public". This corresponds to the value shown in Figure 7.1 and is the default value for a device, unless you have changed it. Click the Start button. The white area immediately below must be filled with input. This is shown in Figure 7.6.
STG and SNMP Graphs for Microsoft Windows
Of course, you also need an available SNMP device to query. This was discussed earlier in this chapter in the "Enabling SNMP" section. Go to the View menu and select Settings, or press the hotkey F9. This will bring up the settings window shown in Figure 7.10.
