I’ve just taken delivery of, and started to experiment with, my new wireless equipment consisting of an Alfa AWUS036H and some additional antennas. My primary (official) motive for purchasing new hardware was that my primary incident response laptop only has 802.11b internal so can’t connect to newer networks (and I’ve just upgraded my home network to a 802.11g only access point).
Unofficial reason is that I have never owned a wireless device capable of packet injection and other advanced wireless penetration techniques. In this regard the Alfa comes very highly recommended, both from Aircrack’s own documentation wiki and from security guys in the field. In my testing so far the Alfa has performed admirably on all accounts.
In addition to the Alfa I acquired an additional antenna with magnetic mount, perfect for many tasks including mounting to the roof of a moving vehicle for a bit of data gathering. Despite being a life-long geek, I was still amazed by the concentration of wireless network devices available. In my first test I left my equipment running whilst I made the short commute from work to back home, during this trip I collected details of 1100+ access points and 250+ active clients.
From these straw poll statistics the level of security implemented was concerning although not completely surprising.
- 200+ of the access points were running with no encryption at all, whilst this is mitigated by the fact many appear to be (going from essid) publicly provided networks designed for guest use (for example BTOpenZone) many also appear to be for home use or merely devices in their default setting.
- 300+ of the APs were running with the provenly insecure WEP.
- The remaining 600+ access points were configured to use a combination of the more secure WPA and WPA2 frameworks, although less than 80 of these devices were configured to use the more recent and secure WPA2.
Best feature of my new equipment? New possibilities and ideas! So far my head is buzzing with new possibilities so watch this space. At a minimum I want to add a GPS reciever to my wireless arsenal; currently looking at the TripNav TN200 which was suggested by Antonio Merola in his SANS reading room paper Wi-Fi with Backrack. The device seems to get good reviews everywhere I’ve found, but the paper is slightly dated (2007), if anyone has any suggestions for better hardware let me know.
— Andrew Waite