Don't do WLAN
[ 7. Sep 2004; Nerd, Englisch]

(...unless you use a secure VPN on top of it for all communication)

Since DSL is not available in my house I thought about setting up a WLAN with somebody who has broad band Internet access. But beforehand I had to find out how (in)secure current WLAN hardware with WEP really is. It is a lot worse than I imagined. Cracking tools have been improved to no longer depend on the standard weak keys defined by the fms attack and can crack the key with as little as 200k sniffed packets.

For babbling about it is not very convincing, here is how you can check it out:

First of all: Get the permission from a friend who lives close by to hack his WEP protected network.

In case the distance is a little bigger (but you are in line of sight), try out a home made bi quad antenna as shown on the pictures to the right. The gain will be about 10dB which means about three times the original maximum distance can be achieved. In my case the reflector is made from a photo-sensitive circuit board, thus the dark protective film on top. It is mounted on a camera tripod for better aiming. For detailed building instructions check out Vallstedt Networks website.

Get Kismet installed and running in channel hopping mode. As soon as the network is found, lock to the channel and collect about 200-300 Megs of data. Kismet will store it in a .dump file. Afterwards just fire up aircrack, which will read the dump and likely find the key in a matter of 1-2 minutes.

Add a wepkey line in your kismet.conf file, activate the FIFO and install the patched driftnet tool. Start kismet and driftnet using the FIFO. Don't forget to lock to the channel. Kismet will now decrypt the traffic before sending it to the FIFO so driftnet can analyze the actual data.

Tell your buddy to browse the web and watch your screen. Scary, eh?
(The last picture shows what a sniffed visit to my website looks like.)

All you need apart from a WLAN card (duh!):

Vallstedt Networks - how to build quad antennas
Kismet - WLAN sniffer
Aircrack - WEP key cracker
Driftnet - display intercepted web traffic pictures
Patched Driftnet - works with Kismet FIFO
Patched Driftnet Sources - download seems broken on page above