bombshop 0 Report post Posted January 5, 2007 (edited) Sometimes you scan the neighborhood for the wireless connections, you see open connections but can not connect to them. Well this is possible because they use MAC filtering to secure up their network.I will try to explain how to bypass this protectionNOTE: This is for EDUCATION purpose only to show you it is possible to bypass this security. I am not responsible for unauthorized use of these information.Requirements :1- You need some tool for sniffing the traffic. I suggest using Aircrack-ng (http://www.aircrack-ng.org/)2- You need some tool to change your MAC address. I use MacMakeUp (http://forums.xisto.com/no_longer_exists/)Action On Windows:First you need to sniff the traffic around you. Open Airodump read the screen and make your selectionsFor me it is : Interface = 4 Intel Pro® Wireless 2200bg, Interface type =a , Channels=0 (if you want to sniff the traffic in all channels) , Output file prefix : Up to you!, Only Write wep IV's : y (This will save you some space) then proceedEdit: ipw2200 will not work under windows, i used an USR usb stick to capture traffic around.You should see something like this on your screen:BSSID, First time seen, Last time seen, Channel, Speed, Privacy, Power, # beacons, # data, LAN IP, ESSID00:**:BF:53:**:**, 2006-12-09 21:29:36, 2006-12-09 21:35:54, 6, 54, OPN , 13, 224, 62, 192.168. 2. 2, AIRTIESStation MAC, First time seen, Last time seen, Power, # packets, BSSID, ESSID00:**:F0:BF:**:**, 2006-12-09 21:29:39, 2006-12-09 21:35:40, 16, 79, 00:**:BF:53:**:**, AIRTIES It also logs the details to a text file in the same directory.This tells you that 00:**:F0:BF:**:** is the client connecting to that network so you can confidently assume that it is added on the Allow list. So open MacMakeUp, select your interface and enter this mac adress without the colons. click press and it will cycle your interface.Next time you try to connect to that network ends up with success :)In linux you can useairodump-ng -c 0 -w Prefix eth1this tells you to monitor all channels on interface eth1 and log them to a file with the Prefix after -wif you don't know your wireless cards interface type iwconfig or ifconfig -aConclusion :As you see it is possible to bypass this security precaution. And more important if someone monitors your connection they may be able to get crucial information about you. For example i can see what sites the network clients has been surfing around. MAC filtering must not be trusted for securing your network. You must use password protection in order to secure your network (preferable WPA not WEP, i will explain it in another article). So thats all for today.Can ISIKLI (bombshop) Edited April 4, 2007 by bombshop (see edit history) Share this post Link to post Share on other sites
Lewisthemusician 0 Report post Posted January 5, 2007 :)This is not very nice for me, i am a mac user.lolSTOP TELLING PEOPLEJokesI don't really care, but this is cool, i could work a way round this.Thanks for this tip-Lewis Share this post Link to post Share on other sites
bombshop 0 Report post Posted January 6, 2007 as you can tell unauthorized users using your connection is not the only problem here. For example if you choose capturing all the traffic (not only IV's) they can tell what sites you have been visiting. And as they capture all the traffic they can sniff your passwords or so.So be aware Share this post Link to post Share on other sites
Lewisthemusician 0 Report post Posted January 6, 2007 i could just maybe simply just put all my secret stuff in an encrypted folder which would stop people from getting my information. I can encrypt all my information. Simple and effective. Share this post Link to post Share on other sites
issdiscovery04 0 Report post Posted January 7, 2007 Except encrypting folders and files is worthless unless the encryption is higher than 128bits. A decent computer with the right software can easily crack 64 bits in 5 minutes at most. Share this post Link to post Share on other sites
bombshop 0 Report post Posted January 28, 2007 (edited) Encrypting your folders and files is one thing but encrypting your wireless network connection is for sure another thing. Let me tell you one thing. Just listening to the network traffic i have one of my friends mail box and password INDEED OPEN!!! You know what that means? it means that i have an UNRESTRICTED ACCESS on the e-mail account that has been compromised! And let me add, i can read google mails that has been read by the "victim". just beware. And also i took me 31 seconds to crack a 64 bit wep key with nearly 300,000 iv's.For your attention.. Edited January 28, 2007 by bombshop (see edit history) Share this post Link to post Share on other sites
SilverFox1405241541 0 Report post Posted June 13, 2007 Well this is all good and nice, however where I live few people have Ethernet LANS much less wireless. My best security advice on this matter:Use Ethernet. Share this post Link to post Share on other sites
iGuest 3 Report post Posted February 1, 2008 explain to me how to by-pass a wireless connection Wireless: Bypassing Mac Filtering Replying to bombshophello I am really impress by your knowlege I knew computer but not as good as you,I have a wireless toshiba computer a pentium M,and the is a wirless internate connection in my area it always indicate to me that I should put the network key,so teach me like a small child the step explain to me every step you mention in details.I am really waiting to here you reply through my yahoomail.XXXXX@yahoo.Com.Thanks me pls reply me. -mado -------------- Edit : mado, do not put your E-mail address here, it's safer to use our PM system. Share this post Link to post Share on other sites
iGuest 3 Report post Posted August 27, 2008 Valid MAC from AP without any traffic? Wireless: Bypassing Mac Filtering Okay I am at a standstill with this wireless AP with MAC filtering... The thing has NO TRAFFIC. I have been scanning for days and days and days. Is there any way to somehow obtain or brute force(ish) for a authenticated MAC address when there no traffic (except broadcasts) to use? Anyone have any idea? Thanks, Anne Share this post Link to post Share on other sites
iGuest 3 Report post Posted November 9, 2008 Generating traffic on NUL wi-fi Wireless: Bypassing Mac Filtering Replying to iGuest I ran into something similar the other day while conducting a little field reconnaissance. My solution was to have Aireplay-ng fake an authentication to the AP, this resulted in receiving an ARP packet which I later re-injected back at the router in order to obtain more data/IV packets. FTR: My goal was to crack the WEP encryption, which when sufficient data was gathered my PC found the key in less then 5 seconds. FTR: I was using the Aircrack-ng within the Backtrack 3 security suite. -reply by Skydiver069 Share this post Link to post Share on other sites
iGuest 3 Report post Posted May 19, 2009 This trick also works for using wireless internet for free in airports. Find a MAC address of someone who has actual web browsing traffic working, and borrow it, and you can use the wi-fi for as long as they can. It's technically theft of services though. Share this post Link to post Share on other sites
iGuest 3 Report post Posted April 2, 2012 as you can tell unauthorized users using your connection is not the only problem here. For example if you choose capturing all the traffic (not only IV's) they can tell what sites you have been visiting. And as they capture all the traffic they can sniff your passwords or so.So be aware I cant open airodump-ng (win7)... HELP?? :/ Share this post Link to post Share on other sites
