Skip to content →

Author: lievenlb

WarWalking (2)


MacStumbler and iStumbler are active scanners sending out
probe messages to the basestations and can therefore be detected easily.
Moreover, they are not able to detect closed networks. So let us
move up one step in the secrecy scale and get some passive network
scanners
running. The first one is KisMAC which instructs the Airport card to tune to
a channel, listen a while, then tune to the next channel and so on. In
this way KisMAC can detects networks without announcing its
presence and can also find closed networks. More information can
be found at the KisMAC documentation page.
Installation is pretty straightforward : click on the KisMAC
installer
icon and after answering a few obvious questions you need
to provide your Administer-login and password after which KisMAC
is installed in your Applications-folder so also copy it to your
dock. The reason why it needs admin privileges to run is that the
Airport card cannot perform passive monitoring. So it swaps to open
source Viha driver for your Airport-driver on startup and
reinstalls the Airport driver on exit (that is, is everything goes well,
sometimes you seem to have lost your Airport connection afterwards but
no harm is done which cannot be solved by either checking in your
SystemPreferences:Network or by a restart. So do not worry if you
see that your Airport icon (as well as all your usual wireless access
such as Internet and Mail) vanishes. Before you can perform a scan, you
have to go to the KisMAC-Preferences and choose under Driver a
capturing device (in some versions of KisMAC you have to specify Viha
driver
if you are running an Airport card, in others you have to go
for the option Apple Airport Card,Passive mode. If you press the
Scan button you are again asked for admin-password to perform the
driver-switch (the same happens if you Quit KisMAC). The program gives a
wealth of information which can be quite useful if you want to find out
about possible interference of your ABS with other wireless sources. We
will come back to some of these features later, a rather scary one is
the ability to log raw 802.11 frames to a dump which can then be fed to
Ethereal.

Okay,
let us go one step further and try to get Kismet
running. It seems to be an unwritten law in open source-software that
the more potential harmful a program is, the more difficult it is to
install, so installing Kismet is by no means trivial.
Fortunately, Kismet is very well documented with a manual and a forum. First, we need the Viha Airport
driver
, that is we need Viha Wireless Tools 0.0.1a Binary Release. Go in Terminal to the
Desktop-folder where you will find the Folder Viha-0.0.1a.
Then type

mv Viha-0.0.1a/WiFi.framework/
/Library/Frameworks/

Next, we get the latest
version of Kismet, that is kismet-3.0.1.tar.gz and get a kismet-3.0.1
folder on our Desktop. Use Terminal to go into this folder and
type

./configure –disable-pcap –enable-viha;
make

and the following process may last for a
while. If you finally get a prompt, type

sudo make
install

and the process will end with some
warning messages :

If you have not done so
already, read the README file and the FAQ file. Additional
documentation is in the docs/ directory. You MUST edit
/usr/local/etc/kismet.conf
and configure Kismet for your
system, or it will NOT run properly!
Kismet has NOT been
installed suid-root. This means you will need to start
it as
root. If you have no untrusted users on your system, it can be
installed
as suid-root via ‘make suidinstall’. READ THE
DOCUMENTATION BEFORE INSTALLING KISMET AS SUID-ROOT!”

Fine, so let us go to /usr/local/etc and change the
following lines in kismet.conf

suiduser=lieven
source=viha,en1,Airport

(of course you have to replace lieven by your
normal OSX login name). Further, in the file kismet_ui.conf
replace the last line by

apm=false

Finally, you have to type in the Terminal

export TERM=xterm-color

and you should
be done. To launch Kismet, type as your usual user (the one you
specified in the kismet.conf file) in the Terminal

Kismet

and all will work. Again there is
a switch of Airport to Viha driver (and if all works well also at the
end). Often, the Airport card does not come up at the end in which case
it is best to restart Kismet and Quit again (btw. you quit Kismet with
capital Q). Then the Airport icon appears but it may be that you have to
logon to your network again.

We wouldnt have done so
much trouble if it were not that Kismet is a VERY powerfull
application which can be used to Hack wireless networks. But if you
think that KisMAC and Kismet are already scary, wait until
next time when we deal with Ethereal

Leave a Comment

WarWalking (1)


What exactly is a \’WarDriver\’? WarDriver: One who locates and logs
wireless access points while in motion ;[benign]. WarDriving was
invented by Peter Shipley and now commonly practiced by hobbyists,
hackers and security analysts worldwide. More information about this
trend can be found at wardriving.com. Even if you are not into this
sport, the following (innocent) software may be of use to obtain
information about your wireless network. In a next message I\’ll discuss
a few less innocent software tools. Probably the most popular network
scanner
for Mac OSX is MacStumbler. It detects nearby wireless networks,
tells you the channels they use, whether they use WEP
(encryption), give their signal (and noise) strength, the name of the
network and if you click on the Details button it gives you
(among other things) the MAC-address. A similar tool is iStumbler. It
gives roughly the same information : SSID (name). MAC-address,
signal/noise, channel and whether it is encrypted. More information is
available from the iStumbler manual. In addition it presents a
signal graph which is useful if you are trying to decide on which
signal you will let your Airport-basestation broadcast. Using
iStumbler i discovered that there was a recurrent noise at
channel 5 every couple of minutes (don\’t ask what it was) but that on
channel 1 the signal was not interrupted.

Both
MacStumbler and iStumbler are active scanners
meaning that they send out probe request to nearby access points. As a
result they are not able to detect closed networks. To detect
them you need far more intrusive passive scanning software, but
that is for next time.

One Comment

dinner’s ready

Not
all improvements to our home-network need to be high tech. Here is a
very simple measure which reduces the amount of in-house shouting
drastically. Often all of us are online, either to work, surf the net,
MSN-chat or listening to iTunes and clearly we can easily see which
other computers are on at the time. Just click on the Network
icon on the top left of the Finder-window. As our computer-names
are quite descriptive (iMacLieven,iMacBente,eMacAnn,iBookGitte)
it will give a good indication of who is online but as we can all login
to all these computers one can never be too certain. An elegant way to
find out who is on whose computer is to use the Rendezvous window
in iChat. This lists all people on the network which have
iChat running
on their computers and then iChat can be used to send
simple messages immediately to a given person (such as : turn that music
down or telephone for you etc.). There is just one problem : as the kids
use MSN to chat they never turn on iChat and as we are of a non-chatting
generation neither do we. Fortunately, it is easy to force iChat to be
running at login.

On each computer go to
SystemPrefrences-Accounts and for each user go to the Startup
Items
pane. Click on the + button and browse to the
Applications/iChat program and click Add. Be sure to check
the Hide button and you are done. Next time that person logs in,
iChat will start automatically in the background (the only slightly
annoying thing is a small sound at the end of login) and the user will
appear in any iChat-Rendezvous window.

Leave a Comment