Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

y3dips's Wifi [in]security presentation at STMIK MDP Palembang

Published in: Technology
    Are you sure you want to  Yes  No
    Your message goes here
    Are you sure you want to  Yes  No
    Your message goes here


  1. A set of experience over the air 
  2. ECHO •I d E i C IndonEsian Community for Hackers  it  f  H k   and Open Source  • The stressing is still around the  hacking stuffs. We're working on the  Open Source activities • Ezines, Advisories, News, Forum,  , , , , Mailing list • Founded in 2003 • Has 13 staff a k a ECHO STAFF staff a.k.a • Has 11116 mailing lists member,  and 14151 Board Discussions  member (Jan,22 2008) b •  || http://e‐ 
  4. WI‐FI WI‐ Wi‐Fi, is a wireless networking  l k technology used across the globe.  Wi‐Fi refers to any system that uses  the 802.11 standard, which was  developed by the Institute of  Electrical and Electronics Engineers  g (IEEE) and released in 1997. The  term Wi‐Fi, which is alternatively  spelled WiFi, Wi fi, Wifi, or wifi, was  spelled WiFi  Wi‐fi  Wifi  or wifi  was  pushed by the Wi‐Fi Alliance, a  trade group that pioneered  commercialization of the  technology. Wi‐Fi®, Wi‐Fi Alliance®, the Wi‐Fi logo, are registered trademarks of the Wi‐Fi Alliance 
  5. 802 11 802.11 802.11 is a set of standards for  f d d f wireless local area network (WLAN)  computer communication,  developed by the IEEE LAN/MAN  Standards Committee (IEEE 802) in  the 5 GHz and 2.4 GHz public  5 4 p spectrum bands. 
  6. Why WI‐FI Why WI‐ •Convenience:  Flexibility of time  i l bl f and location •Mobility:  Access the internet even  outside their normal work  environment •P d i i  P Productivity: Potentially be more i ll  b   •Deployment: Requires little more  t a a s g e access po t than a single access point •Expandability: Serve a suddenly‐ increased number of clients  •Cost. 
  7. Keep it safe or wide open
  8. WI – WI –FI  Security Outsiders can sometimes get into your wireless networks as fast and easily Some Security Method • MAC ID filtering  • Static IP Addressing  • WEP encryption  • WPA  Wi‐Fi Protected Access • WPA2  • LEAP  Lightweight Extensible Authentication Protocol • PEAP  Protected Extensible Authentication Protocol • TKIP  Temporal Key Integrity Protocol • RADIUS  Remote Authentication Dial In User Service • WAPI  WLAN Authentication and Privacy Infrastructure • Smart cards, USB tokens, and  software tokens 
  9. 3  General Steps To  Relatively Secure 1. All WI‐FI devices need to be secured ll d d b d 2. All Users need to be educated 3. 3 Need to be actively monitored for weaknesses and breaches 
  10. Specific  Steps  to be relatively Secure Specific  Steps  to be relatively Secure 1. S    h   t k  bli   Secure your home network: enabling security  of your router (AP) , change password,  i    f     (AP)    h   d  restrict the 2. Protect yourself when using a public hotspot: Connecting to a legitimate hotspot . C l h Use a virtual private network or VPN, Stay away from critical action (bank transaction) 3. Configure for approved connections:  simply configure your device to not automatically  connect  4. Disable sharing: Your Wi‐Fi enabled devices may automatically open themselves to  sharing / connecting with other devices.  5. Install anti‐virus software:  makes it more important to have antivirus software installed. 6. Use a personal firewall: a personal firewall program. p p p g 
  11. A set of popular things
  12. Hardware Hacking Build A Tin Can Waveguide WiFi ild i id i i Antenna • Using a Can, … and else • Increase the range of your  g Wireless network • • bo.prg?name=sejarah_internet_indonesia:wajanbolic_e‐ goen 
  13. War Driving Wardriving is the act of searching di i h f h for Wi‐Fi wireless networks by a person in a moving vehicle using a Wi‐Fi‐equipped computer, such as a laptop or a PDA. (http //en wikipedia org/wiki/Wardriving) Wardrivers are only out to log and collect Tools information about the wireless access points, they find while driving, without using the networks' networks •Net Stumbler services. • Kismet • Kismac • MiniStumbler/Pocket Warior 
  15. WarChalking Warchalking is the drawing of symbols in public places to advertise an open Wi‐Fi wireless network. k 
  16. PiggyBacking (using someone else's wireless Internet access) l l Piggybacking is a term used to refer i b ki d f to the illegal access of a wireless internet connection without explicit permission or knowledge from the owner. Targets : Hotspots is a venue that offers Wi‐Fi otspots s e ue t at o e s access. (Café, Restaurants, Campus, Office) 
  17. List of Abuse & tools
  18. Another WI  FI Abuse • DOS • Injection • Fake Access Point • Fake CaptivePortal • EavesDropes • MAC Spoofing • Man In The Middle Attack
  19. Top 5 WI‐FI  Tools Top 5 WI WI‐ • Kismet A powerful wireless sniffer • Net Stumbler Free Windows 802.11 Sniffer • AirCrack The fastest available WEP/WPA cracking tooll h f l bl k • AirSnort 802.11 WEP Encryption Cracking Tool • Kismac A GUI passive wireless stumbler for Mac OS X Source: 
  20. Maybe yes, Maybe No !
  21. Taking fun from the wifi at the Cafe Taking fun from the wifi • Café with a Hotspot • Not Free Wifi Access  • Using Some  eleet Restriction Mac Restriction Protocol Restriction (All  TCP need a session auth) • Trick It • Change your mac • Tunnel your connection • Not Free Wifi Access 
  22. Taking fun from the wifi at the Hotel Taking fun from the wifi at the Hotel • Charge User using their  room number • Using Some  eleet Restriction • Room Number with all  the settings through  Captive Portals • Change the HTTP Request  h h • Not Free Wifi Access 
  23. Will we see it right now in front of our eyes
  24. DEMO • War Driving • WarChalking • WI‐FI Abuse ? • WEP Cracking 
  25. Discussion