Willie Stehm 3rd Quarter

Main Focus of This Quarter

• My main focus for this quarter is going to be on wireless security and the methods that exist to exploit said systems.

Ten Goals for Third Quarter

1) Dual boot Laptop to a Vista Ubuntu 8.10 setup [ ]

2) Configure Wireless drivers in Ubuntu [ ]

3) Configure Packet Injection for Intel 4965agn Wifi card [ ]

4) Research WEP Security [ ]

5) Conduct a Client-present WEP Attack [ ]

6) Document Attack Findings [ ]

7) Research the Anatomy of a Packet [ ]

8) Research Clientless WEP Attack [ ]

9) Research WPA and WPA2 Wireless Security [ ]

10) [ ]

Third Quarter Goal Documentation

1) Dual boot Laptop to a Vista Ubuntu 8.10 setup

• After an unsuccessful stint with trying to find linux drivers for an out of date usb wifi dongle AJ and I decided that the fastest way to get our testing off the ground was to dual boot one of our more modern laptops to Ubuntu. I did a bit of research and found that the wireless chipset that my laptop contained (Intel 4965agn) was almost fully supported for what we were trying to carry out so we decided that we would dual boot my laptop. The actual process of dual booting couldn't have been easier. First since my laptop was already running Windows Vista I had to create a hard drive partition that Vista would recognize. The simplest way to do this was to use Vista's built in "Disk Management" suite to help create a partition for Ubuntu. Here is where I ran into my first problem. When I opened up the Disk Management suite Vista told me that I could only make an 8 gig partition, no where near enough for Ubuntu and quite weird since I had almost 100 gigs of free space. I looked up possible reasons for this but none of the solutions I found worked. I defragmented the hard drive, turned on and off multiple vista settings and nothing worked. Finally I found one site that suggested that this was a problem with the Disk Management suite and to use a third party disk partitioner. This is were the real problems started! I found a free GUI partitioner that seemed to work very well. It was well organized, simple to use and everything. I wrote my new partition to disk and was told to reboot to finish the process. I followed the directions and much to my surprise was greeted with the blue screen of death instead of the happy windows welcome screen. I tried everything. Booting into safe mode resulted in a giant fail. Using another bootable disk partitioner to delete the new partition failed, so finally I just resorted to bombing the entire system and installing from my system restore disks. Since I had already backed everything up this wasn't that bad, and the best part of all, after the clean install Vista's Disk Management suite started working and allowed me to make a normal sized partition. I then moved onto the Ubuntu install.
• The Ubuntu install was by far the easiest part of the process. I just popped in my newly burnt Ubuntu 8.10 ISO and followed the onscreen instructions. When it got to the area of where to install I just selected "Guided - use largest free space" and that was it. Booting into my new Ubuntu system I saw that Ubuntu had recognized my wireless card during install and already installed my drivers successfully solving my initial problem of not having a working wireless connection using linux.

2) Configure Wireless drivers in Ubuntu

3) Configure Packet Injection for Intel 4965agn Wifi card

• Packet injection is defined as "a computer networking term which refers to sending a packet on a network into an already established connection, usually by a party not otherwise participating in the said connection. This is accomplished by crafting a packet using raw sockets. Sometimes IP address spoofing is used". When trying to carry out a WEP attack this is used to help speed the process of packet gathering. A packet injection enabled wireless card would send out a fake request to the wireless access point in order to gain a response (in the form of packets) from it. These responses are then added to the pool of collected packets and analyzed later to decrypt the WEP key. Since packet injection isn't used in normal everyday function of wireless cards, the drivers for the card must first be patched to enable it. I did a bit of research and found that packet injection for my wireless card (Intel 4965agn) was widely supported which eased in the process of enabling this vital function.

4) Research WEP Security

• Short for Wired Equivalent Privacy, WEP was introduced in 1997 to provide users with wireless security that was supposed to be on par with wired security. The basic 64-bit original version of WEP relys on using a 40-bit secret key attached to a 24-bit initialization vector. This combination of the 40-bit secret key and the 24-bit initialization vector creates what is known as the RC4 traffic key. The traffic key must be known by the user and the access point that it is associating with in order for the two to work together and successfully send packets back and forth. To send packets back and forth the the packet to be send is first encrypted with the traffic key and sent to its destination. Once received the computer or access point just does the reverse and decrypts the packet back to plain text instructions. While this sounds secure, beginning in 2001 many flaws were found in the system that now allow people to decrypt WEP just by listening in on packet traffic.

5) Conduct a Client-present WEP Attack

6) Document Attack Findings

7) Research the Anatomy of a Packet

8) Research Clientless WEP Attack

9) Research WPA and WPA2 Wireless Security

10)