• Alternative view 1 of Wi-Foo
  • Alternative view 2 of Wi-Foo


4.5 2
by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky

ISBN-10: 0321202171

ISBN-13: 9780321202178

Pub. Date: 04/09/2004

Publisher: Addison-Wesley

The definitive guide to penetrating and defending wireless networks.

Straight from the field, this is the definitive guide to hacking wireless networks. Authored by world-renowned wireless security auditors, this hands-on, practical guide covers everything you need to attack -- or protect -- any wireless network.

The authors introduce the 'battlefield,'


The definitive guide to penetrating and defending wireless networks.

Straight from the field, this is the definitive guide to hacking wireless networks. Authored by world-renowned wireless security auditors, this hands-on, practical guide covers everything you need to attack -- or protect -- any wireless network.

The authors introduce the 'battlefield,' exposing today's 'wide open' 802.11 wireless networks and their attackers. One step at a time, you'll master the attacker's entire arsenal of hardware and software tools: crucial knowledge for crackers and auditors alike. Next, you'll learn systematic countermeasures for building hardened wireless 'citadels''including cryptography-based techniques, authentication, wireless VPNs, intrusion detection, and more.

Coverage includes:

  • Step-by-step walkthroughs and explanations of typical attacks
  • Building wireless hacking/auditing toolkit: detailed recommendations, ranging from discovery tools to chipsets and antennas
  • Wardriving: network mapping and site surveying
  • Potential weaknesses in current and emerging standards, including 802.11i, PPTP, and IPSec
  • Implementing strong, multilayered defenses
  • Wireless IDS: why attackers aren't as untraceable as they think
  • Wireless hacking and the law: what's legal, what isn't

If you're a hacker or security auditor, this book will get you in. If you're a netadmin, sysadmin, consultant, or home user, it will keep everyone else out.

Product Details

Publication date:
Product dimensions:
7.00(w) x 9.00(h) x 1.50(d)

Table of Contents


1. Real World Wireless Security.

Why Do We Concentrate on 802.11 Security?

Getting a Grip on Reality: Wide Open 802.11 Networks Around Us.

The Future of 802.11 Security: Is It as Bright as It Seems?


2. Under Siege.

Why Are “They” After Your Wireless Network?

Wireless Crackers: Who Are They?

Corporations, Small Companies, and Home Users: Targets Acquired.

Target Yourself: Penetration Testing as Your First Line of Defense.


3. Putting the Gear Together: 802.11 Hardware.

PDAs Versus Laptops.

PCMCIA and CF Wireless Cards.

Selecting or Assessing Your Wireless Client Card Chipset.

Prism Chipset.

Cisco Aironet Chipset.

Hermes Chipset.

Symbol Chipset.

Atheros Chipset.

ADM8211 Chipset.

Other Chipsets That Are Common in Later Models of 802.11-Compatible Devices.

Selecting or Assessing Your Wireless Client Card RF Characteristics.


RF Amplifiers.

RF Cables and Connectors.


4. Making the Engine Run: 802.11 Drivers and Utilities.

Operating System, Open Source, and Closed Source.

The Engine: Chipsets, Drivers, and Commands.

Making Your Client Card Work with Linux and BSD.

Getting Used to Efficient Wireless Interface Configuration.

Linux Wireless Extensions.

Linux-wlan-ng Utilities.

Cisco Aironet Configuration.

Configuring Wireless Client Cards on BSD Systems.


5. Learning to WarDrive: Network Mapping and Site Surveying.

Active Scanning in Wireless Network Discovery.

Monitor Mode Network Discovery and Traffic Analysis Tools.


Kismet and GpsDrive Integration.







Miscellaneous Command—Line Scripts and Utilities.

BSD Tools for Wireless Network Discovery and Traffic Logging.

Tools That Use the iwlist scan Command.

RF Signal Strength Monitoring Tools.


6. Assembling the Arsenal: Tools of the Trade.

Encryption Cracking Tools.

WEP Crackers.






Tools to Retrieve WEP Keys Stored on the Client Hosts.

Traffic Injection Tools Used to Accelerate WEP Cracking.

802.1x Cracking Tools.

Asleap-imp and Leap.


Wireless Frame-Generating Tools.







Wireless Encrypted Traffic Injection Tools: Wepwedgie.

Access Point Management Utilities.


7. Planning the Attack.

The “Rig”.

Network Footprinting.

Site Survey Considerations and Planning.

Proper Attack Timing and Battery Power Preservation.

Stealth Issues in Wireless Penetration Testing.

An Attack Sequence Walk-Through.


8. Breaking Through.

The Easiest Way to Get in.

A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering.

Picking a Trivial Lock: Various Means of Cracking WEP.

WEP Brute-Forcing.

The FMS Attack.

An Improved FMS Attack.

Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking.

Field Observations in WEP Cracking.

Cracking TKIP: The New Menace.

The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment.

DIY: Rogue Access Points and Wireless Bridges for Penetration Testing.

Hit or Miss: Physical Layer Man-in-the-Middle Attacks.

Phishing in the Air: Man-in-the-Middle Attacks Combined.

Breaking the Secure Safe.

Crashing the Doors: Authentication Systems Attacks.

Tapping the Tunnels: Attacks Against VPNs.

The Last Resort: Wireless DoS Attacks.

1. Physical Layer Attacks or Jamming.

2. Spoofed Deassociation and Deauthentication Frames Floods.

3. Spoofed Malformed Authentication Frame Attack.

4. Filling Up the Access Point Association and Authentication Buffers.

5. Frame Deletion Attack.

6. DoS Attacks Based on Specific Wireless Network Settings.

7. Attacks Against 802.11i Implementations.


9. Looting and Pillaging: The Enemy Inside.

Step 1: Analyze the Network Traffic.

802.11 Frames.

Plaintext Data Transmission and Authentication Protocols.

Network Protocols with Known Insecurities.

DHCP, Routing, and Gateway Resilience Protocols.

Syslog and NTP Traffic.

Protocols That Shouldn’t Be There.

Step 2: Associate to WLAN and Detect Sniffers.

Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting.

Step 4: Scan and Exploit Vulnerable Hosts on WLAN.

Step 5: Take the Attack to the Wired Side.

Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules.


10. Building the Citadel: An Introduction to Wireless LAN Defense.

Wireless Security Policy: The Cornerstone.

1. Device Acceptability, Registration, Update, and Monitoring.

2. User Education and Responsibility.

3. Physical Security.

4. Physical Layer Security.

5. Network Deployment and Positioning.

6. Security Countermeasures.

7. Network Monitoring and Incident Response.

8. Network Security and Stability Audits.

Layer 1 Wireless Security Basics.

The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding.

Secure Wireless Network Positioning and VLANs.

Using Cisco Catalyst Switches and Aironet Access Points to Optimize Secure Wireless Network Design.

Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway.

Proprietary Improvements to WEP and WEP Usage.

802.11i Wireless Security Standard and WPA: The New Hope.

Introducing the Sentinel: 802.1x.

Patching the Major Hole: TKIP and CCMP.


11. Introduction to Applied Cryptography:Symmetric Ciphers.

Introduction to Applied Cryptography and Steganography.

Modern-Day Cipher Structure and Operation Modes.

A Classical Example: Dissecting DES.

Kerckhoff’s Rule and Cipher Secrecy.

The 802.11i Primer: A Cipher to Help Another Cipher.

There Is More to a Cipher Than the Cipher: Understanding Cipher Operation Modes.

Bit by Bit: Streaming Ciphers and Wireless Security.

The Quest for AES.

AES (Rijndael).





Between DES and AES: Common Ciphers of the Transition Period.




Selecting a Symmetric Cipher for Your Networking or Programming Needs.


12. Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms.

Cryptographic Hash Functions.

Dissecting an Example Standard One-Way Hash Function.

Hash Functions, Their Performance, and HMACs.

MIC: Weaker But Faster.

Asymmetric Cryptography: A Different Animal.

The Examples of Asymmetric Ciphers: ElGamal, RSA, and Elliptic Curves.

Practical Use of Asymmetric Cryptography: Key Distribution, Authentication, and Digital Signatures.


13. The Fortress Gates: User Authentication in Wireless Security.


Basics of AAA Framework.




An Overview of the RADIUS Protocol.

RADIUS Features.

Packet Formats.

Packet Types.

Installation of FreeRADIUS.







User Accounting.

RADIUS Vulnerabilities.

Response Authenticator Attack.

Password Attribute-Based Shared Secret Attack.

User Password-Based Attack.

Request Authenticator-Based Attacks.

Replay of Server Responses.

Shared Secret Issues.

RADIUS-Related Tools.

802.1x: The Gates to Your Wireless Fortress.

Basics of EAP-TLS.

Packet Format.

Creating Certificates.

FreeRADIUS Integration.





Windows 2000 and Windows XP.

An Example of Access Point Configuration: Orinoco AP-2000.



What Is a Directory Service?

What Is LDAP?

How Does LDAP Work?

Installation of OpenLDAP.

Satisfying Dependencies.

Configuration of OpenLDAP.

Testing LDAP.

Populating the LDAP Database.

Centralizing Authentication with LDAP.

Mobile Users and LDAP.

LDAP-Related Tools.

Directory Administrator.



LDAP Tool.

NoCat: An Alternative Method of Wireless User Authentication.

Installation and Configuration of NoCat Gateway.

Installation and Configuration of Authentication Server.


14. Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs.

Why You Might Want to Deploy a VPN.

VPN Topologies Review: The Wireless Perspective.






Common VPN and Tunneling Protocols.





Alternative VPN Implementations.




The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview.

Security Associations.



IP Compression.

IPSec Key Exchange and Management Protocol.


Phase 1 Modes of Operation.

Phase 2 Mode of Operation.

Perfect Forward Secrecy.

Dead Peer Discovery.

IPSec Road Warrior.

Opportunistic Encryption.

Deploying Affordable IPSec VPNs with FreeS/WAN.

FreeS/WAN Compilation.

FreeS/WAN Configuration.

Key Generation.

X.509 Certificate Generation.

Ipsec.conf Organization.

Network-to-Network VPN Topology Setting.

Host-to-Network VPN Topology Setting.

Windows 2000 Client Setup.

Windows 2000 IPSec Client Configuration.


15. Counterintelligence: Wireless IDS Systems.

Categorizing Suspicious Events on WLANs.

1. RF/Physical Layer Events.

2. Management/Control Frames Events.

3. 802.1x/EAP Frames Events.

4. WEP-Related Events.

5. General Connectivity/Traffic Flow Events.

6. Miscellaneous Events.

Examples and Analysis of Common Wireless Attack Signatures.

Radars Up! Deploying a Wireless IDS Solution for Your WLAN.

Commercial Wireless IDS Systems.

Open Source Wireless IDS Settings and Configuration.

A Few Recommendations for DIY Wireless IDS Sensor Construction.



Appendix A. Decibel—Watts Conversion Table.

Appendix B. 802.11 Wireless Equipment.

Appendix C. Antenna Irradiation Patterns.




Appendix D. Wireless Utilities Manpages.

1. Iwconfig.

2. Iwpriv.

3. Iwlist.

4. Wicontrol.

5. Ancontrol.

Appendix E. Signal Loss for Obstacle Types .

Appendix F. Warchalking Signs.

Original Signs.

Proposed New Signs.

Appendix G. Wireless Penetration Testing Template.

Arhont Ltd Wireless Network Security and Stability Audit Checklist Template.

1 Reasons for an audit.

2 Preliminary investigations.

3 Wireless site survey.

4 Network security features present.

5 Network problems / anomalies detected.

6 Wireless penetration testing procedure .

7 Final recommendations.

Appendix H. Default SSIDs for Several Common 802.11 Products.




Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >

Wi-Foo 4.5 out of 5 based on 0 ratings. 2 reviews.
Guest More than 1 year ago
I normally do not review books unless something unique catches my interest. This book is above unique. / What comes to mind first after reading the first couple of chapters is: / What a great book!! / I just picked it up last night and I'm already in love with it. I got this book because of the lack of information online about wireless security. Yeah, I found some stuff online but its scattered in different places or does not give a very descriptive answer to the questions I am looking for. This book answered all my questions so far and I am only at the beginning chapters!!! I cant imagine the amount of knowledge I will gain with all the chapters still left to read. / This book is a great mix between understanding how wireless security works and the tools and steps involved in penetrating/protecting your wireless network as well as explaining detailed information without going over my head. The time and effort put into this book is amazing and I strongly suggest picking it up. Wireless devices in the world are here to stay and if you want to get ahead of the game and learn the ins-and-outs of wireless security, this is not only the first step but the best step in the right direction. / I needed some type of 'Wireless Security Bible' and I found that in this book. Another great feature I like about this book are the pages. Ill explain... other computer related books have weak, thin pages. I use a highlighter while I read. Most of the time the highlighter will bleed through the page to the other side. Wi-Foo has well made pages that are much better then the normal flimsy pages of other books. I can highlight words to my hearts desire and it doesn't bleed over to the backside page. / The seriousness of wireless security is no joke and anyone who does not have the knowledge provided in this book will find themselves in no laughing matter. The author strongly explains the seriousness of these issues along with a good since of humor tied to it. Which makes it fun to read. / What a great book!! / I find most of my information online sense its widely available and free. But with wireless security I found the information online to be dry or incomplete or just to highly-technical for me to follow. Searching for hours and hours just to find answers to some of the questions I had was overwhelming. The people who put this book together are well known security experts and have many years of experience. I first heard about them at a Defcon security conference and have continuously seen there names popping up all over the place. So knowing this information is coming from people with extensive expertise and experience in this field makes it much more reliable to me then some of the information I found on the internet. Plus its all in one spot. I don't have to spend hours upon hours searching the internet to find information I am looking for. / There are so many other things that I love about this book so far and I cant wait to get home and read more of it. I found myself spending more then 7 hours straight last night reading this book and still did not want to put it down. (it was 5:00am and I had to go to bed) / What a great book!! / I just want to say Thank You to the authors and everyone else involved in making this book. / Best Book in Wireless Security... period / Mick Detroit Michigan check out: http://www.michiganwireless.org/
Guest More than 1 year ago
In the post dot com era, one rare shining spot has been the explosive growth of 802.11 WiFi. Almost overnight, a grassroots movement has engendered widespread adoption. But almost as quickly has come the realisation that the very wireless nature of your network can expose you to far easier evesdropping than a traditional wired network, where an intruder might have to first gain physical access. This book goes into the details of how to detect and possibly enter a wireless net, and also how to prevent this. The text makes clear that these are two sides of the same coin. To do either well, you must also learn the complementary ability. All the key buzzwords are explained. Like warwalking, warcycling and wardriving. The authors even suggest their own variant - warclimbing. This is where you ascend a tall building, and use the altitude to help search widely for nets. Various open source tools are suggested for your work. Especially sniffers! To offer more protection, the book takes you into the latest encryption standards, like AES (aka. Rijndael), and how to deploy it. They don't discuss the underlying maths, so don't worry if your discrete maths background is a little rusty!