I think most people have used open networks when an Internet connection is needed and no other option is available but using someone else’s connection for an extended period of time is a security risk and probably illegal where you live.

Watch video the below where a lady calls into Leo Laporte’s Tech Guy Show claiming that the “Linksys” WiFi access she has been using for over a year has “disappeared”. She purchased a Linksys 802.11n extender thinking that would bring “Linksys” back. Leo discovers that she was really using her neighbors WiFi and explains the potential risks of using open networks.

Related posts:

1. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
2. iPhone WiFi Scanner Apps Banned By Apple iPhone WiFi Scanner Apps Banned By Apple Apple has...
3. Free Web Based WiFi Stumbler Free Web Based WiFi Stumbler Some how I missed the...

Rogue Wireless Access Point Scanner is an online rogue wireless acces point scanner scans for wireless devices and then outputs a list of MAC addresses that belong to the wireless device that is plugged into the network.

Windows Vista and Windows 7 with IE or Firefox works best. XP is partially supported and the program doesn’t support Mac OS X at this time.

The utility has been updated with features below.

• Vendor OUI Display
• Lat/Long Coordinates of Access Points
• Display Access Points on Google Maps
• Display Access Points in Googe Earth
• Access Point/Rogue AP Tracking
• Display Access Point Details Such as SSID, RSSI

Vendor OUI Display

Double click on results in wireless devices window to access scanner monitor window. From this window you will be able to access lat/long info, display access point on Google Maps, display access point in Google Earth, and track the access point using an audible alert.

Lat/Long Coordinates of Access Points

Display Access Points on Google Maps

Display Access Points in Googe Earth

Access Point/Rogue AP Tracking Using Audible Alert

Clicking the Audio On/Off button for a “beep” sound that will increase/decrease in frequency based on the RSSI value. As the RSSI approaches -50 dBm the audible alert will increase in frequency.

Try iWIDS

iWIDS – Wireless Intrusion Detection System

Related posts:

1. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
2. WiFi Scanner v1.1 For Mac OS X WiFi Scanner v1.1 For Mac OS X Snow Leopard WiFi...
3. Free Mac OS X Wifi Scanner for Snow Leopard Download updated WiFi Scanner v1.1 Free Mac OS X Wifi...

BridgeChecker v1.3 Beta Available for Download

BridgeChecker is a windows utility that can automatically disable/enable wireless interfaces. Whenever your computer is connected to an Ethernet port and the link state is good, the utility can automatically turns off the IEEE 802.11 wireless network interface. This conserves IP address allocation, reduces security risks, resolves dual interface routing issues, and prolongs battery life.

Please read the BridgeChecker User Guide before installing and using BridgeChecker v1.3 beta.

BridgeChecker v1.3 has several new features that are summarized below.

BridgeChecker v1.3 Adds Location Awareness

BridgeChecker v1.2 has two modes, BridgeChecker Mode and OneNIC Mode. BridgeChecker v1.3 adds a Location Mode for enabling and disabling adapters based on the client location being “Work” or “Remote”.

To determine if the client’s location is work or remote the administrator can use a ping test, URL test, or gateway IP check. Based on the results of the test the adapters selected for Work or Remote location will be enabled and all other non whitelisted adapters will be disabled. The test will be rechecked every 1, 2, 3, 4, or 5 minutes with 5 minutes being the default check interval.

Location Ping Check

Location URL Check

Location Gateway IP Check

BridgeChecker v1.3 Adds Service Startup Delay

v1.3 adds the ability to delay the start of the BridgeChecker service during the boot cycle. This feature is accessed via Manage Settings screen and can be set to 0, 1, 2, 3, 4, or 5 minutes. The default setting is zero minutes delay.

BridgeChecker Service In “Starting” Status During Delay Period

BridgeChecker Service In “Started” Status After Delay Period Ends

BridgeChecker v1.3 Adds Support for x64 Bit Operating Systems

BridgeChecker now supports x64 Windows Vista and Windows 7. If you previously experienced the error message below, BridgeChecker v1.3 solves this issue.

System.InvalidOperationException: The ‘Microsoft.Jet.OLEDB.4.0′ provider is not registered on the local machine.
at System.Data.OleDb.OleDbServicesWrapper.GetDataSource(OleDbConnectionString constr, DataSourceWrapper& datasrcWrapper)
at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection)

The program runs in 32 bit mode and installs in the Program Files (x86) directory. Make sure to install by running setup.exe as administrator.

BridgeChecker v1.3 Beta Download

BridgeChecker v1.3 Beta Download. (offsite)

BridgeChecker v1.3 Beta Bug Report and Feedback

Please use comment form below to send in bug reports or feedback regarding BridgeChecker v1.3 Beta.

BridgeChecker Mailing List

Related posts:

1. BridgeChecker v1.2 Available for Download BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous...
2. BridgeChecker Update BridgeChecker BridgeChecker is a windows utility that can automatically...
3. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...

DoD Commercial WLAN Technologies Instruction 8420.01

The US Department of Defense (DOD) released a commercial wireless local area network (WLAN) devices, systems, and technologies Instruction (NUMBER 8420.01) that implements the DoD Directive 8100.2 related to commercial wireless that was released in 2004 and updated in 2006 [DoD Instruction Number 8420.01].

DoDD 8100.2

Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) – April 14, 2004. [source]

DoDD 8100.2 Supplement

Use of Commercial Wireless Local-Area Network (WLAN) Devices, Systems, Technologies in the Department of Defense (DoD) Global Information Grid (GIG) -June 2, 2006. [source]

The 8420.01 Instruction mainly applies to DoD owned 802.11 devices and networks.

The Instruction does not apply to non 802.11 technologies such as Bluetooth and WIMAX and non DoD systems that use 802.11 such as hotspots, hotel, and home networks.

Policy for Unclassified WLANs

Unclassified WLAN systems shall be standards-based and IEEE 802.11 compliant, employ certified RF communications functions for interoperability, and employ certified and/or validated information assurance (IA) and cryptographic functions.

Unclassified WLAN-enabled PEDs shall use antivirus software, personal firewalls, data-at-rest encryption, and implement strong identification and authentication (I&A) (e.g., two factor, at a minimum) to access the device and the network.

PED = Portable Electronic Device (aka PDA, PDA phone)
WLAN-enabled PEDs = Devices like the iPhone, Palm Pre, and newer Blackberry smartphones

Policy for Classified WLANs

Employ National Security Agency (NSA)-approved encryption end-to-end and secure the storage, processing, receipt, and transmission of information accessed using NSA-approved encryption.

The WLAN must include information assurance measures:

• Classified WLAN-enabled PEDs shall use NSA, Type 1 encryption to protect classified data-in-transit and data-at-rest on PEDs.
• Unclassified and classified DoD wired and wireless LANs shall have a wireless intrusion detection capability that can be used to monitor WLAN activity and identify WLAN-related policy violations.
• Unclassified and classified WLAN-enabled PEDs used to access DoD e-mail systems shall support the signing and encrypting of e-mail.

Download DoD WLAN Instruction 8420.01 PDF

Download and read the entire DoD Instruction Number 8420.01.

Related posts:

1. BridgeChecker v1.2 Available for Download BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous...
2. WLAN Book On Twitter WLAN Book On Twitter WLAN Book is on Twitter!...
3. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...

iWIDS is an online wireless instrusion detection system (WIDS) that leverages the wireless scanning capabilities of a Windows XP/Vista/7 PC to discover rogue access points and determine if they are plugged into the wired network.

Rogue Router Access Points (AP)

The most common type of rogue access point is a consumer grade access point router. These devices usually cost less than $75 and can be purchased from almost any electronic store.

The ease in setting up these devices to provide wireless connectivity is also why they tend to be the most common rogue access point found in enterprise networks.

Detecting Rogue Router APs

Rogue router APs are part access point, part router, and part multi-port switch.

They can be connected to a wired network using the LAN (trusted) port or the WAN (untruested port). Between the LAN and WAN port NAT is enabled so that that the single IP provided by the ISP can be shared by multiple users connected wirelessly or via teh wired switch.

In almost every case, the last octect of the LAN, WAN, and wireless interface MAC addresses are adjacent to each other. This means that the MAC addresses are +/- a few values from each other.

Leveraging this common MAC address characteristic of router APs, a combination of wired and wireless analysis can be used by iWIDS rogue wireless access point scanner to correctly determine if the router access point is plugged into your wired network.

iWIDS In Action

Below are results of a scan on our test network that has multiple access points and one consumer grade router access point plugged into the wired network. Using a Windows 7 PC that is wirelessly connected to the network via we scanned to see if the application could correctly determine which device was the rogue router AP.

The application correctly detected the rogue access point router (MAC adddress ending in :43 with blue highlight) and the two other access points.

System Requirements and Usage

• Latest version of Java recommended (tested using version 1.6 update 16)
• Windows Vista or Windows 7 PC with wireless network card enabled (not fully compatible with Windows XP at this time). Ethernet card can be plugged in to wired network and/or wireless connected wirelessly to wired network to be scanned :-)
• Wired Ethernet interface or wireless interface should have an IP address (DHCP or static) that is valid for network being scanned
• Wireless interface can be disconnected from wireless network
• After loading, software will automatically search for all IP addresses on wired network and compare to discovered wireless devices
• Detection results will be displayed in “Wireless Devices On Subnet” window.
• Results can be emailed by configuring applet with SMTP information. Enter text that should be included in email before and after results in pretext and posttext areas.

Test drive iWIDS on your home or work network. Please share your results by leaving a comment.

Related posts:

1. Free Rogue Access Point Detector Updated Free Rogue Access Point Detector Updated Rogue Wireless Access Point...
2. Wireless Access Point Router Autopsy Wireless Access Point Router Autopsy The most common types of...

BridgeChecker v1.2 Available for Download

BridgeChecker v1.2 and previous versions are available for download from the BridgeChecker Download page.

BridgeChecker User Guide

This version has several new features that make the program much more flexible. Please see the BridgeChecker User Guide for instructions on how to take advantage of the new features.

New Features in BridgeChecker v1.2

• Custom NIC selection for automatic enable/disable feature (BridgeChecker Mode)
• Manual interface enable/disable adapter mode (OneNIC Mode)
• Interface detection based on Windows hardware device name
• Hide notification area icon (sometimes referred to as system tray icon)
• Software will run as a service to bypass Windows Vista UAC issues
• Admin selectable modes of operation, BridgeChecker mode and OneNIC mode
• Flexible licensing options (personal/non-commercial and company/commercial)
• Supports Windows XP, Windows Vista, and Windows 7
• Admin password to change config
• Option to whitelist adapters (e.g., virtual adapters, VPN adapters)

BridgeChecker v1.2 Requirements

• Program tested on Windows XP, Vista, and Windows 7 operating systems
• Requires .NET Framework 2.0 or above
• .NET 3.5 Service Pack 1 (Full Package) direct download from Microsoft
• Windows Vista/Windows 7 users must run installer setup.exe as an Administrator

Recommended Usage Scenarios

The program can be used in the following scenarios.

• disable wireless when connected to LAN
• disable wireless when docked
• disable wireless when Ethernet detected
• disable wireless when wired
• disable wireless when on LAN
• disable wireless when cable connected
• disable wireless when in docking station
• disable wireless when Ethernet plugged in
• disable WLAN when LAN connected
• enable only one network adapter at a time

Comments, Bugs, and Feature Requests

Please use comment feature below to let us know if the BridgeChecker program met your requirements. When commenting please let us know your Windows operating system version and wireless card brand and model if possible. Comments about bugs and feature requests are welcome and encouraged.

Related posts:

1. BridgeChecker Update BridgeChecker BridgeChecker is a windows utility that can automatically...
2. BridgeChecker v1.3 Beta Available for Download BridgeChecker v1.3 Beta Available for Download BridgeChecker is a...
3. Disable Wireless When Connected to LAN in XP and Vista Note: Visit BridgeChecker page for most up to date version...

BridgeChecker

BridgeChecker is a windows utility that can automatically disable/enable wireless interfaces. Whenever your computer is connected to an Ethernet port and the link state is good, the utility can automatically turns off the IEEE 802.11 wireless network interface. This conserves IP address allocation, reduces security risks, resolves dual interface routing issues, and prolongs battery life.

BridgeChecker was released on May 22, 2009 and has been well received by Windows users searching for a way to automatically enable/disable wireless interfaces when the LAN interface is connected.

BridgeChecker Update

Since the initial release we have been working on new features and improving the user interface. An updated version is almost ready for release and will some of the most requested features listed below.

• Whitelist adapters
• Admin password to change config
• Hide notification area icon (sometimes referred to as system tray icon)
• Custom NIC selection for automatic enable/disable feature
• Software will run as a service to bypass Windows Vista UAC issues
• Two modes of operation, BridgeChecker mode and OneNIC mode

BridgeChecker Mode and OneNIC Mode

The biggest change since the first release will be the ability to run the program in two modes, BridgeChecker mode and OneNIC mode.

BridgeChecker Mode - will operate just like the previous version but will allow the adapters to be selected from a drop down list and also allow adapters to be whitelisted.

OneNIC mode – will allow the user to select one network interface and all other interfaces will be disabled. The goal of this feature was to give users the ability to use any type of interface (EVDO, dialup, wireless, wired, etc) but only “OneNIC” will be enabled at a time. The user is free to change which interface they would like enabled at any time.

OneNIC mode adapter selection with no whitelisted adapters.

OneNIC mode adapter selection after whitelisting VMWare and 1394 adapters.

BridgeChecker Administration Enhancements

The program will include a password protected admin interface to control which interfaces are whiltelisted, which mode to operate in, and to hide/remove the system tray icon.

BridgeChecker License and Support

The first version of BridgeChecker will continue to be available as a free download for personal and commercial use. No official support or warranty will be provided other than the comment/feedback feature of this blog.

The new/updated version will also be a no cost download and free for personal use. For commercial users we will be updating the software license to allow for a limited number of installs at no cost and no support.

For large deployments a fee based licensing model that includes support for organizations that require it before they can install software on production systems will be made available.

BridgeChecker Release Date

Please sign up to receive blog posts via email, RSS or sign up for the BridgeChecker mailing list to be notifed when updated versions are released.

Related posts:

1. BridgeChecker v1.2 Available for Download BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous...
2. BridgeChecker v1.3 Beta Available for Download BridgeChecker v1.3 Beta Available for Download BridgeChecker is a...

Note: As far as I know, the AirDefense Enterprise graphical UI is not officially supported on Mac OS X.

But it can be made to work on Mac OS X by following my notes below.

1. Download the Linux Packages from the server’s web interface at https://Server IP Address:8543/. The file name should be AirDefenseEnterprise.tar.gz
2. Extract the compressed archive file.
3. In the WIPS/Enterprise/ folder there should be an app.jar file. I use multiple versions of the server so I have copied the jar files to a separate folder for each server version.



4. Clicking the app.jar file will launch the graphical UI login screen.

AirDefense Enterprise Graphical UI

My System Info

Mac OS version 10.6

Java version 1.6.0_15
Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219)
Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, mixed mode)

Related posts:

1. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
2. Mac OS X Wireless Problems Mac OS X Wireless Problems I have fewer issues...
3. Free Mac OS X Wifi Scanner for Snow Leopard Download updated WiFi Scanner v1.1 Free Mac OS X Wifi...

SST-PR-1 SSID is ad hoc network SSID used by Sears Home Service van fleet. This SSID is usually an ad hoc network and shows up everywhere. Most wireless users don’t know what it is and try to connect to it causing it to go viral just like the Free Public WiFi SSID.

Sears Home Service

In combination with other technology, the Sears technician can look up parts, repair products, print out receipt, and get info regarding next service call. Very cool photos of Sears setup below.

Truck with domed antenna on roof for automatic vehicle location (AVL).

Netstumbler showing SST-PR-1 ad-hoc SSID.

Ruggedized laptop used by Sears service techs docked in van.

Ruggedized laptop used by Sears service techs undocked.

Disable Ad-hoc Wireless Networking in Windows XP

Disable ad hoc wireless networking in Windows XP to prevent users from connecting to ad hoc networks like SST-PR-1.

If you want more photos related to SST-PR-1 go here.

Related posts:

1. BridgeChecker v1.2 Available for Download BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous...
2. BridgeChecker Update BridgeChecker BridgeChecker is a windows utility that can automatically...
3. BridgeChecker v1.3 Beta Available for Download BridgeChecker v1.3 Beta Available for Download BridgeChecker is a...

The National Security Agency/Central Security Service is America’s cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the government.

Security Configuration Guides

NSA has developed and distributed configuration guidance for a wide variety of software and hardware. The objective of the configuration guidance program is to provide NSA’s customers with the best possible security options in the most widely used products. Security configuration guides are available for Applications, Database Servers, Operating Systems, Routers, Switches, VoIP and IP Telephony, Web Servers and Browsers and Wireless related technologies.

NSA and Wireless Security

There are currently two documents developed and distributed by the Systems and Network Attack Center’s Network Hardware Analysis and Evaluation Division related to wireless LANs and wireless LAN security.

Guidelines for the Development and Evaluation of IEEE 802.11 Intrusion Detection Systems (IDS) Updated: September 2005

In today’s increasingly wireless world, organizations are quickly realizing the security benefits of constantly monitoring the electromagnetic spectrum within their enterprise. When an organization has an interest in identifying and locating unauthorized wireless hardware and preventing intrusion attempts on their network, the benefits of this monitoring exist regardless of whether or not network owners officially sanction the use of wireless devices. Many government entities have monitored their spaces for the presence of cellular, Bluetooth, infrared, and/or IEEE 802.11 signals for years. The DoD Directive 8100.2 now mandates RF monitoring, intrusion detection, and denial of service prevention in DoD networks. Although not a specific requirement, RF monitoring and intrusion detection could also help federal and military operated health care institutions meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

Recommended 802.11 Wireless Local Area Network Architecture Updated: November 2005

Wireless local area network (WLAN) technology based on the IEEE 802.11 suite of standards is available as built-in options on most new personal computers and as add-on hardware through USB and PCMCIA adapters. The low hardware cost, ease of installation, increased mobility, and network configuration flexibility has led many Government agencies and organizations to implement WLAN solutions for their users to access their enterprise network. With the pervasive use of 802.11 networks throughout the Government and their impending use within the intelligence community, it is imperative for the National Security Agency’s (NSA) Information Assurance Directorate (IAD) to make an informed recommendation of a wireless network architecture for Government unclassified networks. Wireless networks with classified data require additional protection solutions that are not addressed here.

I recommend these documents be used for information purposes only and not as strict requirements documents when selecting or configuring 802.11 Intrusion Detection Systems (IDS) or 802.11 Wireless Local Area Networks (WLANs).

Related posts:

1. DoD Commercial WLAN Technologies Instruction 8420.01 DoD Commercial WLAN Technologies Instruction 8420.01 The US Department...
2. BridgeChecker v1.2 Available for Download BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous...
3. Wireless N 802.11n Wi-Fi Standard Approved Wireless N 802.11n Wi-Fi Standard Approved The IEEE has finally...

Access points (APs) advertise their capabilities several times per second by broadcasting beacon frames that carry the Service Set Identifier (SSID) of the wireless network. Commercial grade access points can be configured to advertise multiple SSIDs/networks. SOHO class access points typically only allow a single SSID to be configured. A hidden wireless network occurs when APs are configured to not broadcast their SSID.

Why Doesn’t Disabling SSID Broadcasting Hide Wireless Networks?

SSID information is contained in the following frame types: Beacon Frames, Probe Requests Frames, Probe Response Frames, Association Request Frames, and Reassociation Request Frames. Since all 802.11 management frames are not encrypted, these frames can be collected and used to determine the SSID.

Aggressive tools allow traffic to be injected to cause responses to speed up traffic capture and SSID determination process.

In reality, most network owners configure additional security such as WEP, WPA, and WPA2 so knowing the SSID may not be enough information to connect to the hidden wireless network.

Connecting to Hidden Wireless Networks

It is not possible to connect to an 802.11 wireless LAN if you don’t know the SSID.

To reveal the hidden SSID/network you can use free WiFi scanning software such as Kismet or KisMAC. These tools use passive scanning methods to extract the SSID from frames other than beacon frames.

NetStumbler, iStumbler, and MacStumbler are active WiFi scanning tools and can not reveal hidden SSIDs. Check out these alternatives to Network Stumbler instead.

Related posts:

1. NetStumbler for Mac OS X NetStumbler for Mac OS X? If you are looking for...
2. Mac OS X WiFi Wireless Scanner Update: Free graphical Mac OS X WiFi Scanner for Snow...
3. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...

“tsunami” is the default SSID for Cisco Aironet access points prior to IOS Release 12.3(4)JA. In addition to shipping with tsunami as the default SSID all versions earlier than 12.3(4)JA shipped with the 802.11 radio enabled and in some cases a default IP address (10.0.0.1) for the ethernet interface if DHCP isn’t enabled on LAN.

Security and the tsunami SSID

Cisco quote below….

In Cisco IOS Release 12.3(4)JA and later, the access point radios are disabled by default, and there is no SSID. You must create an SSID and enable the radios before the access point will allow wireless associations from other devices. These changes to the default configuration improve the security of newly installed access points.

Since newer access points ship with no default SSID and radio disabled, any AP with tsunami as the SSID is probably an older access point and an easy way for attackers to identify which network to target first.

Connecting to tsunami SSID

Keeping software versions up to date and changing default settings are very easy tasks. If you must connect to a wireless network with tsunami as the SSID, it should be treated as an untrusted network and data in transit encryption (VPN) should be used.

Related posts:

1. BridgeChecker Update BridgeChecker BridgeChecker is a windows utility that can automatically...
2. Mac OS X WiFi Wireless Scanner Update: Free graphical Mac OS X WiFi Scanner for Snow...
3. DoD Commercial WLAN Technologies Instruction 8420.01 DoD Commercial WLAN Technologies Instruction 8420.01 The US Department...

The “Free Public WiFi” SSID seems to be everywhere – at airports, on planes, and in hotels. Based on what the SSID spells, it seems to be the perfect solution for those seeking to connect to the Internet because it is “Free”…cost nothing…”Public”…you break no laws connecting to it…”WiFi” …a few clicks and you’ll be surfing in no time.

Viral SSID

In reality, this SSID is just one of many viral SSIDs that exist anywhere people are with laptops (almost always Microsoft Windows based laptops). In almost all cases this SSID is not a real WiFi hotspot access point but someone else’s laptop in Ad-Hoc mode advertising this SSID. Why does this SSID always appear and more importantly is it harmful if you connected to this SSID?

If you connected to the “Free Public WiFi” SSID in the past, don’t worry…in almost all cases your PC is not infected with a real virus and no data was stolen. Just remember to stop connecting to random wireless networks that you can’t verify as being trusted, especially free ones!

Blame Microsoft Wireless Zero Configuration

The answer to why this SSID seems to be everywhere can be blamed on Microsoft, more specifically a Windows feature called Wireless Auto Configuration (aka Wireless Zero Configuration). Wireless Auto Configuration “provides automatic configuration for the 802.11 adapters”. In an attempt to make it extremely easy to connect to WiFi networks, Wireless Auto Configuration does the following when an 802.11 adapter is enabled and starts to scan for WiFi networks.

1. Wireless Auto Configuration attempts to connect to the preferred networks that appear in the list of available networks in the preferred networks preference order, if the preferred networks are configured to automatically connect (the Connect when this network is within range checkbox is selected on the Connection tab for the properties of the preferred wireless network).

2. If there are no successful connections, Wireless Auto Configuration attempts to connect to the preferred networks that do not appear in the list of available networks, in the preferred networks preference order. This is done so that a Windows wireless client can connect to a hidden wireless network, one that is either not broadcasting its SSID or broadcasting an SSID of NULL. Configuring hidden wireless networks is used as a security measure to prevent malicious users from detecting and attempting a connection to a wireless network. However, the SSID is included in other types of wireless connection management frames and is easily discoverable by either capturing wireless management frames or using tools available on the Internet.

3. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is available, Wireless Auto Configuration tries to connect to it.

4. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is not available, Wireless Auto Configuration configures the wireless network adapter to act as the first node in the ad hoc network.

The problem occurs at step #4.

At one time or another somewhere out there someone connected to a real ad-hoc WiFi network that had the SSID “Free Public WiFi”. They added this network to their preferred network list. They then traveled to a location where this WiFi SSID didn’t exist (airport, airplane, and/or hotel). They powered on their laptop with the wireless card on and Wireless Auto Configuration took over and starting searching for WiFi networks. After trying steps 1 through 3 above, Windows gave up and configured WiFi card to ad hoc mode with the SSID “Free Public WiFi” (since it was a preferred network).

How the SSID spreads virally.

A second person in close proximity to the user above also has a wireless enabled laptop and is looking to connect to a WiFi network. They scan to see what is available and notice an SSID called “Free Public WiFi”….they connect to it not knowing that it is an ad hoc network. After a few seconds of wondering why they can’t surf the web they disconnect from the SSID, shrug their shoulders and move on with life. Now they have the viral SSID in their preferred list too. The next time they power on their laptop it starts to look for the “Free Public WiFi” SSID. This process is repeated in many locations across the US and world again and again. Soon this SSID is in preferred wireless networks lists everywhere spreads like a virus.

Can this viral SSID be stopped?

Yes, but others exist like linksys, hpsetup, tmobile, default. Any SSID that tends be the default for consumer grade access points and computers tends to become viral ad hoc SSIDs. An easy way to reduce the risk of connecting to these SSIDs is to configure Wireless Auto Configuration to only connect to access points (infrastructure networks).

1. Click on the Wireless option in the System Tray and open the Wireless Network Connection window.
 2. Click on “Change advanced settings”.
 3. In the Wireless Network Connection Properties window, click on the Wireless Networks tab.
 4. Click on the Advanced button.
 5. Click on “Access point (infrastructure) networks only”

Related posts:

1. Free Mac OS X Wifi Scanner for Snow Leopard Download updated WiFi Scanner v1.1 Free Mac OS X Wifi...
2. Mac OS X Wireless Problems Mac OS X Wireless Problems I have fewer issues...
3. Free IP Address Management (IPAM) Software IP Address Management (IPAM) As the number of networking...

Since late 2003, inCode has been issuing an annual, widely read list of Top 10 Predictions for the wireless industry. These Predictions receive media coverage in well known business and consumer publications, as well as the industry trade press. For 2006 the Predictions were broadened to include forecasts for the global wireless market. In 2004, 2005 and 2006, the inCode Top 10 Predictions proved more than 80 percent accurate.

We are only half way through 2007 and many predictions have come to fruition, especially #9 and #10.

inCode 2007 Top 10 Predictions for the Global Wireless Market

1. Social Networking Gets Mobilized. Mobility is added to existing Internet business models, services and behaviors, driving traffic for wireless operators.
2. Mobile TV—Now Showing for Early Adopters. In the short term, wireless users are unlikely to plunk down US $5.99-9.99 per month for mobile TV service. Instead, look for per-view or per-minute pricing for “sneaking,” a consumer tendency to watch key minutes of a sports event or drama while engaged in another activity.
3. Multi-Function Devices Become Cheaper and More Versatile. Intense competition and margin pressure continue in the handset market, forcing prices of third-generation (3G) handsets below US $90 and making them affordable for a wide range of users.
4. Location-Based Services: And the Winner Is. . . GPS! Yes, GPS is the location technology of choice for the wireless industry. Handset manufacturers continue to push GPS-enabled handsets as the technology evolves from popular in-car satellite navigation systems like TomTom to a broadly accepted feature in wireless phones.
5. AOL, Yahoo! and Google Multimedia Platforms Challenge IMS. As multimedia service platforms emerge, Internet service providers build their own media architecture. That poses a risk to telecom operators adopting an IP Multimedia Subsystem (IMS) approach.
6. China and India Tilt Equipment Market. Together, China and India connect more than 10 million wireless customers per month in 2007, creating a subscriber base that is larger than Vodafone’s at 200 million customers.
7. Mobile Advertising Breaks Loose. Major brands shift from basic SMS marketing to more sophisticated multimedia advertising. RBC Capital Markets expects mobile marketing revenues to balloon from $45 million in 2005 to $1.5 billion by 2010.
8. Wireless Providers Move into Home Entertainment. This year, mobile makes headway against fixed broadband operators, who have dominated Internet and cheaper voice service provision in the home. WiFi remains the primary wireless access technology.
9. Wireless Security Moves to the Forefront. Put strong security measures in place. This could be the year that hackers really start paying attention to millions of wireless devices, the growth in mobile data usage and vulnerable points between mobile and fixed networks.
10. Enterprise Mobility—It’s for Real Now. Enterprises can’t resist the convenient, reliable, attractively priced, bundled mobile solutions entering the market. Corporations switch from phones to mobile computers for transactions, data collection and messaging for a wide variety of employees.

To see full details for each item on list visit the inCode web site.

Related posts:

1. Wireless N 802.11n Wi-Fi Standard Approved Wireless N 802.11n Wi-Fi Standard Approved The IEEE has finally...
2. Airplane WiFi Wireless Internet Update Airplane WiFi Wireless Internet Update Since my previous post about...
3. How Does Airplane WiFi Work? How Does Airplane WiFi Work? Airplane WiFi works like...

When WEP was compromised in 2001, the attack needed more than five million packets to succeed. During the summer of 2004, a hacker named KoreK published a new WEP attack (called chopper) that reduced by an order of magnitude the number of packets requested, letting people crack keys with hundreds of thousands of packets, instead of millions.

Last month, three researchers, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann developed a faster attack (based on a cryptanalysis of RC4 by Andreas Klein), that works with ARP packets and just needs 85,000 packets to crack the key with a 95 per cent probablity. This means getting the key in less than two minutes.

Here’s an interview with the three researchers. All three are studying at Darmstadt University of Technology, Germany. Tews, 24, is a Bachelor student; Pyshkin, 27, and Weinman, 29, are PhD students in Professor Johannes Buchmann’s research group.

http://www.theregister.com/2007/05/15/wep_crack_interview/

Related posts:

1. BridgeChecker v1.3 Beta Available for Download BridgeChecker v1.3 Beta Available for Download BridgeChecker is a...
2. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
3. BridgeChecker Update BridgeChecker BridgeChecker is a windows utility that can automatically...

One of the most easiest ways to secure your computer from wireless threats, is to disable ad-hoc wireless networking.

To disable ad-hoc wireless networking in Windows XP, follow the directions below.

1. Click the Windows XP Start button



2. Click Control Panel



3. Click Network and Internet Connections.



4. Under the section titled “or pick a Control Panel icon“, click on Network Connections.



5. Right Click on the Wireless Network Connection and select properties



6. A Wireless Network Connections Properties box will display with three tabs: General, Wireless Networks and Advanced.



7. Click on the Wireless Networks tab. Then click the Advanced button.

NOTE: If only General and Advanced tabs are available, then Windows is NOT managing your wireless card. Disable ad-hoc networking must be done using the management utility that is associated with your card.


8. Select Access point (infrastructure) networks only



9. Click Close button. Then Click the OK button.

Related posts:

1. NetStumbler for Windows 7 NetStumbler for Windows 7 The latest version of NetStumbler is...
2. Disable Wireless When Connected to LAN in XP and Vista Note: Visit BridgeChecker page for most up to date version...
3. Free Mac OS X Wifi Scanner for Snow Leopard Download updated WiFi Scanner v1.1 Free Mac OS X Wifi...

Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.

In reality, if the goal is to just eavesdrop, then the attacker doesn’t need a evil twin access point. Sniffing wireless traffic can be done passively using free tools and the users of the wireless network would never know.

Evil twin access points are more likely to exist when the attacker is planning a more sophisticated attack such as a man-in-the-middle (MITM) attack. The evil twin access point would by used by the attacker to get between a secure communications channel without the user knowing.

It is almost impossible for standard client security tools to detect MITM attacks because they are usually tracking layer 3 events and most of the action for a wireless MITM attack occurs at layer 2.

MITM implementation examples from Wikipedia below.

dsniff – A tool for SSL MITM attacks
Ettercap – A tool for LAN based MITM attacks
Karma – A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
AirJack - A tool that demonstrates 802.11 based MITM attacks

Related posts:

1. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
2. DoD Commercial WLAN Technologies Instruction 8420.01 DoD Commercial WLAN Technologies Instruction 8420.01 The US Department...
3. Wireless Access Point Router Autopsy Wireless Access Point Router Autopsy The most common types of...

They also conducted in-depth interviews with 20 large-enterprise chief security officers (CSOs) and found that CSOs are more concerned about the dangers from user access to insecure wireless networks outside the office than company wireless networks.

The sad part is that a similar survey was conducted by another UK company in 2006 with very similar results. Over a year later and not much has changed.

This data is from the UK, but I suspect if a similar survey was conducted in the US the same concerns and lack of enforcement exists.

Related posts:

1. DoD Commercial WLAN Technologies Instruction 8420.01 DoD Commercial WLAN Technologies Instruction 8420.01 The US Department...
2. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
3. Mac OS X WiFi Wireless Scanner Update: Free graphical Mac OS X WiFi Scanner for Snow...

For those new to wireless LAN security and WEP cracking, WEP’s weaknesses have been known since 2001. In the last six years, various passive and active methods have been released reducing the time it takes to break WEP.

The big deal about his attack is that it is much faster and requires less processing than previous methods. They have released a “proof-of-concept” attack tool called aircrack-ptw.

Another recent paper (2005) titled The Final Nail in WEP’s Coffin was suppose to be the final paper regarding WEP, but obviously wasn’t.

Personally, I think we’ll see a few more… maybe the next one will be titled, WEP: How To Beat A Dead Horse.

Joking aside, I think continued research related to WEP is a good thing. As we learn more about WEP’s weaknesses, it will be easier to educate users on how to secure a wireless network.

Related posts:

1. DoD Commercial WLAN Technologies Instruction 8420.01 DoD Commercial WLAN Technologies Instruction 8420.01 The US Department...
2. BridgeChecker Update BridgeChecker BridgeChecker is a windows utility that can automatically...
3. BridgeChecker v1.2 Available for Download BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous...

Unless the security of the wireless network is very weak, it can be assumed that a rogue access point also exists and is connected to the network. The rogue access point is usually configured to mimic valid access points settings (at the minimum the same SSID as the wireless network) to prevent the rogue access point from being detected by basic wireless discovery tools.

Most network systems are configured to trust devices that are on the inside of the network. This trust/untrust relationship between devices inside/outside the network perimeter is completely destroyed by wireless technologies.

Once inside, the attacker has access to information that would be very difficult to access as an outsider. Unless the internal systems have sophisticated host based security the attacker can collect the information and disconnect from the wireless network without being detected.

Related posts:

1. Rogue Access Point Detection Using iWIDS Rogue Access Point Detection Using iWIDS iWIDS is an online...
2. DoD Commercial WLAN Technologies Instruction 8420.01 DoD Commercial WLAN Technologies Instruction 8420.01 The US Department...