Security Through Obscurity: MAC Address Filtering ( Layer 2 Filtering )

Posted on in Categories data center, fedora linux, FreeBSD, Gentoo Linux, GNU/Open source, Hardware, Iptables, Linux, Networking, RedHat/Fedora Linux, Security, Ubuntu Linux, UNIX, Windows, windows vista, Wireless networking last updated February 17, 2009

MAC Filtering (layer 2 address filtering) refers to a security access control methodology whereby the 48-bit address assigned to each network card is used to determine access to the network. Iptables, pf, and IPFW can block a certain MAC address on a network, just like an IP. One can deny or allow from MAC address like 00:1e:2a:47:42:8d using open source firewalls. MAC address filtering is often used to secure LAN or wireless network / devices. Is this technique effective?

The Largest Wifi Wireless Cracking Ever – ID Fraud Case

Posted on in Categories Hardware, News, Security, Wireless networking last updated August 6, 2008

The US authorities have charged 11 people in connection with the theft of credit-card details in the country’s largest-ever identity theft case. The cracking was done using nothing but wireless routers and by driving around neighbourhoods and cracking into wireless equipment. I’ve already written about few basic tips about securing wifi router.

Linux Configure WPA2 for RT61 based Wireless Card

Posted on in Categories Linux, Networking, Security, Wireless networking last updated February 18, 2008

I’ve already written about configuring and using DLink wireless card with the help of RT61 driver. However, few readers like to know more about Wi-Fi Protected Access (WPA and WPA2) secure wireless configurations.

Step # 1: Configure Router / AP with WPA2 Security Mode

First you need to configure WPA2 security mode on the access point. All devices on your network must use the same security mode in order to communicate. Open router configuration by visiting default IP https://192.168.1.1/ and setup

  • Security Mode: WPA2 Personal
  • WPA2 Algorithm: You may choose from AES or TKIP+AES. Choose TKIP+AES if you have both WPA and WPA2 devices on your network.
  • WPA2 Pre-Shared Key: Choose a unique key to authenticate with other devices on your network. The Pre-Shared Key must be between 8 and 63 characters in length. You can generate unique key by visiting this webpage. You can also use standard UNIX / Linux utilities to generates true random passwords (key) by using the /dev/random feature of Linux.
  • Group Key Renewal: This settings determines how often your group key changes.

Configure WPA2-PSK for Your Router or Access Point
(Fig. 01: Configure WPA2 for your router / access point)

Step # 2: Configure RT61 Wireless Card

Open /etc/network/interfaces file and make changes as follows:
$ sudo vi /etc/network/interfaces
Output:

auto ra0
iface ra0 inet dhcp
pre-up iwconfig ra0 mode managed
pre-up ifconfig ra0 up
pre-up iwconfig ra0 essid nixcraft
pre-up iwpriv ra0 set AuthMode=WPA2PSK
pre-up iwpriv ra0 set WPAPSK='|zdUkK(!X)[email protected][email protected][email protected]%OZyyDVV:Xwp8UmwLFNS^7=A+'
pre-up iwpriv ra0 set EncrypType=AES

Save and close the file. Make sure you replace device name (ra0), essid and WPAPSK with actual configuration parameters. Restart the networking:
$ sudo /etc/init.d/networking restart

Other simple security suggestion

  1. Change the default admin password on the access point / router.
  2. If possible turn off administration feature on the access point for wireless interface
  3. Set up an access control list by Mac address of all devices you want to associate with the access point.

Please note that above instructions are only tested using RT61 driver under Ubuntu Linux. However, instructions should work with any other Linux distos and drivers with minor or minimum changes.

Suggested readings:

How to Access Network When Everything Else is Blocked

Posted on in Categories Download of the day, Howto, Links, Linux, Linux desktop, Networking, OS X, Troubleshooting, Ubuntu Linux, Wireless networking last updated December 17, 2007

There is a program called Ping Tunnel to send TCP traffic over ICMP. From the project home page:

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:

Setting: You’re on the go, and stumble across an open wireless network. The network gives you an IP address, but won’t let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.

Absolutely fantastic — it Just Works. Download ping tunnel here.

Cracking Wireless WEP-104 in record time

Posted on in Categories Linux, Linux Embedded devices, Security, Windows, Windows server, Wireless networking last updated April 4, 2007

Cracking 104 bit WEP (Wired Equivalent Privacy) itself is old news. However new *cracking speed* is mind blowing.

According to new research it takes less than one minute to break a common 802.11 104-bit WEP encryption:

WEP is a protocol for securing wireless LAN. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit.

We were able to extend Klein’s attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.

Currently at home I’m using WPA2 personal. However, at work place we have disabled wireless access a year ago (except cafeteria area).

A paper (PDF) describing the details and methods we used in our attack is available on the IACR ePrint server. A proof-of-concept of attack in a tool called aircrack-ptw (source) is available. It should be used together with the aircrack-ng toolsuite.

How do I avoid this kind of problems?

You can switch to WPA2 to avoid this attack 🙂 Make sure support for WPA2 is available through your Linux driver as well as the userspace utility called wpa_supplicant.

You can also use a Linux GUI tool called NetworkManager to configure access to protected wireless networks.

OpenBSD: Atheros USB AR5005UG/AR5005UX and Connexant/Intersil Prism GT driver download

Posted on in Categories OpenBSD, Wireless networking last updated September 17, 2006

This news just comes in. I need to install for this AR5005UG chipset based card.

From the article, “Two new wireless drivers have been comitted recently. You can grab the newest snapshot (9/16/06) and test them out if you have one of these cards.

uath(4), a driver for Atheros USB2.0 AR5005UG/AR5005UX chipsets. Based on a black-box analysis of the Windows binary driver.

pgt(4), a driver for Connexant/Intersil GT-series devices which can support the Full-Mac firmwares, using the ISL3877, ISL3880, and ISL3890 chips.”

More info

  • uath – Atheros USB IEEE 802.11a/b/g wireless network device
  • pgt – Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless net-
    work device

Found via The OpenBSD Community site

Linux install and configure DLink DWL g 520 – RT61 Wireless LAN PCI Card

Posted on in Categories Debian Linux, Howto, Wireless networking last updated July 26, 2006

The D-Link AirPlusXtremeG DWL-G520 Wireless PCI card is an enhanced 802.11g high-performance, wireless card for desktop computers. It supports high-speed wireless networking of up to 108Mbps.

This card has open source GPL driver. Card comes with RT61 chipset from ralinktech. You need to compile this driver for Linux. Make sure you have gcc compiler installed.

My setup is as follows:

  • Linksys WRT54G Wireless router/802.11g access point at 192.168.1.1
  • ADSL Router at 192.168.1.254
  • My Laptop IP 192.168.1.100 (obtained using WRT54G DHCP server)
  • My Desktop system (Static IP 192.168.1.2)
  • Other devices (Mobile, PDA, XBOX 360 etc)
  • Debian Linux

DLINK DWL g520 PCI Wireless card

Step #1: Verify your driver chipset with lspci command

$ lspci

Output:

....
..
0000:01:00.0 Network controller: RaLink RT2561/RT61 rev B 802.11
...
..

Use update-pciids command to fetch the current version of the pci.ids file from the primary distribution site and installs it.
# update-pciids
$ lspci

Step #2: Find out your kernel version ( I am using kernel v2.6)

# uname -r

Output:

2.6.15.4

Step #3: Download driver

Visit ralinktech site to download RT61 chipset driver.

# cd /opt
# wget http://www.ralinktech.com.tw/data/RT61_Linux_STA_Drv1.1.0.0.tar.gz

Step #4: Untar driver, type the following command

# tar -zxvf RT61_Linux_STA_Drv1.0.4.0.tar.gz
# cd RT61_Linux_STA_Drv1.0.4.0.tar.gz

Step #5: Compile driver source code

# cd Module
# cp Makefile.6 Makefile
# make

It will take some time to compile driver source code.

Step #6: Install driver

You need to copy firmware and configuration file to /etc/Wireless/RT61STA/ directory. First, create a directory:

# mkdir -p /etc/Wireless/RT61STA

Now copy binary firmware files:

# cp rt2561.bin /etc/Wireless/RT61STA/
# cp rt2561s.bin /etc/Wireless/RT61STA/
# cp rt2661.bin /etc/Wireless/RT61STA/

Now copy confiugration file:

# cp rt61sta.dat /etc/Wireless/RT61STA/rt61sta.dat
# dos2unix /etc/Wireless/RT61STA/rt61sta.dat

Now copy actual driver (rt61.ko) to your kernel directory:

# cp rt61.ko /lib/modules/$(uname -r)/kernel/drivers/net/wireless

Step #7: Configure card

Next logical step is to load the device driver. If you have Ethernet card disable to avoid problems:

# ifconfig eth0 down
# modprobe rt61

Once driver is loaded, you can activate interface called ra0. With ifconfig command:

# ifconfig ra0 192.168.1.2 up

To configure a wireless network interface you need to use iwconfig command. This command is part of wireless-tools package. If wireless-tools is not installed use apt-get or yum to install it:

# apt-get install wireless-tools

Now make sure you know the ssid / essid. If you have turned on encryption, you must use the same encryption type and key on both desktop system and the wireless router. You can obtain necessary settings using iwlist command:

# iwlist ra0 scanning

Output:

ra0       Scan completed :
           Cell 01 - Address: 00:12:39:6C:D6:8A
                    ESSID:"nixcraft"
                    Mode:Managed
                    Channel:6
                    Encryption key:on

Step #1: Set SSID/ESSID

You need to set ssid/essid. My SSID is nixcraft. The SSID/ESSID is used to identify cells which are part of the same virtual (wireless) network:

# iwconfig ra0 essid nixcraft

Step #2: Set mode

You need to set the operating mode of the PCI card. Use Managed mode that node connects to a network composed of many Access Points (wireless router).

# iwconfig ra0 mode Managed

Step 3: Setup channel

Set the operating frequency or channel in the device.

# iwconfig ra0 channel 6

Step 4: Setup key

Used to manipulate encryption or scrambling keys and security mode (you can obtain security key by opening your web browser and type your routers IP address into address bar):

# iwconfig ra0 key 47b1122774d1xy55a1194lchjk6

You can now ping to wireless router or browser internet and rest of network (if connected).

Step #8: Configure rt61 driver auto-load at boot time

#1: Configure ra0 interface so that it can activated after reboot. Create a wlan.up and wlan.down helper scripts. Download these scripts and copy to /etc/Wireless directory.

#2: Make sure wireless kernel modules (rt61) to load at boot time. Open config file /etc/modules (this file contains the names of kernel modules that are to be loaded at boot time, one per line.):

# vi /etc/modules

Append rt61 module:

rt61

Close and save the file.

#3: Configure ra0 ip address:
Open /etc/network/interfaces file:

# vi /etc/network/interfaces

Make sure ra0 interface look like as follows (static IP configuration):

auto ra0
iface ra0 inet static
name Wireless LAN card
address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0
gateway 192.168.1.1
post-up /etc/Wireless/wlan.up
post-down /etc/Wireless/wlan.down

Save the file and reboot the system.

Furhter references

  • Official driver site
  • Please read iwconfig, ifconfig and networking related man pages.
  • Please read driver readme file for more information