-------------------------------------------------------------------------------- _ _ _ _ _ | | / ) | | | | (_)_ | | / / ____ ____ ____ | | | |___ ____ ____ ____ _| |_ _ _ | |< < / _ ) _ ) _ \ \ \/ / _ )/ ___) _ |/ ___) | _) | | | | | \ ( (/ ( (/ /| | | | \ ( (/ /| | ( ( | ( (___| | |_| |_| | |_| \_)____)____)_| |_| \/ \____)_| \_||_|\____)_|\___)__ | (____/ -------------------------------------------------------------------------------- I S S U E (12) L e g i o n s o f t h e U n d e r g r o u n d -------------------------------------------------[www.legions.org]-------------- [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] W W W . L E G I O N S . O R G [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] [CONTENTS]------------------------------------------------------------[CONTENTS] [1]==============================[Editorial - Digital Ebola ] [2]=====================================================[KV Spam - The Readers ] [3]============================[Hacking WAP/WEP - NtWaK0 ] [4]======[KV's 30 Second Scripting Solution - Digital Ebola ] [5]====[XMMS-Winamp How-To for Gentoo Linux - feach ] [6]===========================[Your Privacy and HP - b0ld ] [7]==============[Phone Phreaking Lives with AT&T - Cobra ] [8]==========[Security Method and Technique - Digital Ebola ] [9]==============[Java Virii - Archimedes ] [10]=========[The Scene Is Seen As Absolute Shit - 2dHero ] [11]================[Linux C Socket Programming - ??????? ] [12]======[Dallas Metroplex Wardriving Data - Digital Ebola ] [13]========================[Seattle Wardriving Data - pr00f ] [14]======[OpenSSH Update Script - Gridmark ] [15]==============================================[Random Rants - Random People] [16]========[Travel - Tips for Visiting Holland - Rewben ] [17]=================[Sex and Geeks Do Not Mix - Vecna ] [18]============================[Hey, Big Brother - Yarddog ] [19]=====[The Escalation to Economic Turmoil - OverDose ] [20]=====[How To Hack your Way Out Of A Paper Box - Kiddish ] [21]=========================[Delirious IDS - Digital Ebola ] [22]=====[Custom TCP Port Scanning using IP Sorcery - Case ] [23]=================[Business for Dummies - eDfGr33n ] [24]=============[The New Hackers Manifesto - Digital Ebola ] [25]======================================[SIGHUP - Legions of the Underground ] [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] W W W . L E G I O N S . O R G [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] -------------------------------------------------------------------------------- [Editorial]======================================================[Digital Ebola] -------------------------------------------------------------------------------- Ahh.. I put together almost half of this issue before thinking of a proper editorial for KV12. I am slipping in my old age... Lets see, the date of this editorials writing is 7-27-2002, it has been a LONG time since we released a Keen Veracity, and alot has happened. Lots of new legislation, lots of new antics by the RIAA and the MPAA.. now they seem to want a law that allows them to hack into your computer if they suspect you of pirating.. Stranger things have happened, but laughable all the same... Hmmm.. okay, let's be controversial. Right now, the way I see things, is there is a war in the "underground". On one side of the house, we have these so-called "whitehat" hackers. And on the otherside, we have these so called "blackhat" hackers. Basically, the blackhats are hacking the shit out of the whitehats, saying that the whitehats have soldout. This in its self is quite laughable. From what I see, the blackhats actually moonlight as whitehats. Alot of them do it for free, its their passion.. but they also do the same things for a living... no they may not be so apt to whore for attention on bugtraq, or whatever, but they are working in security all the same. At this point, its no longer a war with blackhat vs whitehat; rather its a "calling out" - the whores are being called out, some are shown for their actual skillsets, some are being shown in lies, and all skeletons are out of the closet. Some anarchy is always good for progress. Is this still what it seems? Maybe.. maybe not. Let me change subjects for a second... One of the many written gripes I have seen among the "underground" is that the security industry is driven by the script kiddies and the security companies... Yes, I would have to agree here. This is something akin to the window guy in NYC who had bad business, so he went down 5th avenue breaking out windows... Integrity in the industry is often questionable, and it has nothing to do with a background check, or who the person knows.. It's all about the Benjamins baby. Selling out is NOT doing what you love for a living. Selling out is NOT publishing you work. Selling out is NOT putting your all into your hobbie/profession; your heart, soul, blood, sweat and tears. No. Selling out is craving attention so bad, that you will sit down and write a "killer virus" - and then release it a couple weeks later... and THEN, "discover" it. THAT is selling out. I am not talking about just individules here.. but entire security companies... Selling out is discrediting your competitors thru illegal means so your company can get a piece of the pie. When a company issues "hits" against key individules in a security organization in order to de-throne that organizations market share... THAT is selling out. Of course, all of these examples are pure fiction.. none of this really happens... what was I talking about again? Oh.. I was getting ready to get on my OpenBSD rant. I love OpenBSD. Not for its "security model" but rather because its compact BSD that runs on a sparc. The "security" is a added feature, that according to some sources in the "industry/underground" was never a feature at all. I know of people that have possessed bugs and exploits for the OS that were never published. I know people that have gotten flame emails for finding problems. This is not security. This is madness. Let's get down to brass tacks. Everything can be hacked. Just because you say you havent had a remote exploit in X amount of years, doesn't mean it is so. Just because you say there isn't a problem, doesn't make it so. If you have a ego about it, you WILL be tested. You have to have complete integrity, hold nothing back, and have full disclosure. There is nothing wrong about being wrong, but the minute you refuse to accept your error, you are worse then being wrong; you have lost integrity. So, I guess this issue's editorial is a little off the wall, pay no attention, it is just me blowing off steam. All that I ask of the reader is to not forget why we all got started playing this game in the first place; because we love the game, and we love technology. Blessed is the person that can be paid to do what they love. By the way, selling out, IS SACRIFICING FULL DISCLOSURE FOR THE ALMIGHTY DOLLAR. With that mindless rant, I give you Keen Veracity 12. =) P.S. We will see everyone at Defcon X, this one is sure to be interesting! -------------------------------------------------------------------------------- [KV Spam]==========================================================[The Readers] -------------------------------------------------------------------------------- Date: Sat, 01 Sep 2001 03:33:12 EDT From: KASEAhmed@aol.com To: digiebola@hackphreak.org Subject: Hotmail Password Dear Friend, I have a life and death situation here but I need a password for nawrin_iqbal@hotmail.com. Can you please help me? Please get back to me as soon as possible. Sincerely, A Person In Need /* Well, considering I havent gotten back to you, I can only assume that someone has died. Our bad! */ *------------------------------------------------------------------------------* Date: Wed, 31 Jul 2002 11:43:24 +0000 From: kings town To: submit@legions.org Subject: urgent reply #20 BOTHA CRESCENT, SADTON,JOHANNESBURG, SOUTH AFRICA. kingstown417@hotmail.com Dear sir, In order to transfer out (USD 126 M) One hundred and twenty six million United States Dollars) from African Development Bank. I have the courage to ask you to look for a reliable and honest person who will be capable for this important business believing that you will never let me down either now or in future. I am MR.kings town,the Chief auditor of African Development Bank (ADB). There is an account opened in this bank in 1980 and since 1990 nobody has operated on this account again. After going through some old files in the records, I discovered that if I do not remit this money out urgently it would be forfeited for nothing. The owner of this account is Mr. Smith B.Andreas, a foreigner, and a miner at kruger gold co., a geologist by profession and he died since 1990. No other person knows about this account or any thing concerning it, the account has no other beneficiary and my investigation proved to me as well that this company does not know anything about this account and the amount involved is (USD 126M) One hundred and twenty six million United States Dollars million dollars. I want to first transfer USDM twenty six million United States Dollars from this money into a safe foreigners account abroad before the rest, but I don't know any foreigner. I am only contacting you as a foreigner because this money cannot be approved to a local bank here, but can only be approved to any foreign account because the money is in us dollars and the former owner of the account is Mr. Smith B.Andreas he is a foreigner too. I know that this message will come to you as a surprise as we don't know ourselves before. We will sign an agreement, but be sure that it is real and a genuine business. I only got your contact address from my secretary who operates computer, with believe in God that you will never let me down in this business. You are the only person that I have contacted in this business; so please reply urgently so that I will inform you the next step to take immediately. Send also your private telephone and fax number including the full details of the account to be used for the deposit. I want us to meet face to face or sign a binding agreement to bind us together so that you can receive this money into a foreign account or any account of your choice where the fund will be safe. And I will fly to your country for withdrawal and sharing and other investments. I am contacting you because of the need to involve a foreigner with foreign account and foreign beneficiary. I need your full co-operation to make this work fine because the management is ready to approve this payment to any foreigner, who has correct information of this account, which I will give to you later immediately, if you are able and with capability to handle such amount in strict confidence and trust according to my instructions and advice for our mutual benefit because this opportunity will never come again in my life. I need truthful person in this business because I don't want to make mistake I need your strong assurance and trust. With my position now in the office I can transfer this money to any foreigner's reliable account, which you can provide with assurance that this money will be intact pending my physical arrival in your country for sharing. I will destroy all documents of transaction immediately we receive this money leaving no trace to any place. You can also come to discuss with me face to face after which I will make this remittance in your presence and two of us will fly to your country at least two days ahead of the money going into the account. I will apply for annual leave to get visa immediately I hear from you that you are ready to act and receive this fund in your account. I will use my position and influence to effect legal approvals and onward transfer of this money to your account with appropriate clearance forms of the ministries and foreign exchange departments. At the conclusion of this business, you will be given 35% of the total amount, 60% will be for me, while 5% will be for expenses both parties might have incurred during the process of transferring. I look forward to your earliest reply. Yours truly, kings town /* Who doesnt get these? Okay.. we are all kings.. send us your dosh. */ *------------------------------------------------------------------------------* te: Wed, 17 Jul 2002 23:57:50 EDT From: XIXthLegion@aol.com To: submit@legions.org Subject: great name i like your name :) /* Thanks. So do I. */ *------------------------------------------------------------------------------* Date: Sun, 14 Jul 2002 02:45:09 +0800 (CST) From: Christine Hall Reply-To: Christine Hall To: submit@legions.org Subject: HTTP://LEGIONS.ORG Parts/Attachments: 1 OK 26 lines Text (charset: Unknown) 2 Shown 57 lines Text (charset: Unknown) ---------------------------------------- [ Part 1, Text/PLAIN (charset: Unknown "utf-8") 26 lines. ] [ Not Shown. Use the "V" command to view or save this part. ] [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I visited HTTP://LEGIONS.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website. I would like to introduce you to TrafficMagnet.net. We offer a unique technology that will submit your website to over 300,000 search engines and directories every month. [img_tm.gif] [img_website.gif] [img_signup.gif] You'll be surprised by the low cost, and by how effective this website promotion method can be. To find out more about TrafficMagnet and the cost for submitting your website to over 300,000 search engines and directories, visit www.TrafficMagnet.net. I would love to hear from you. Best Regards, Christine Hall Sales and Marketing E-mail: christine@trafficmagnet.net http://www.TrafficMagnet.net This email was sent to submit@legions.org. I understand that you may NOT wish to receive information from me by email. To be removed from this and other offers, simply click here. /* Bitch, we didn't subscribe to your list. We don't want your service. You are just pissing us off. Stop it. */ *------------------------------------------------------------------------------* Date: Sun, 30 Jun 2002 17:38:58 -0700 (PDT) From: lady_alisha@yahoo.com To: submit@legions.org Subject: ?dunno how to name it Parts/Attachments: 1 OK 5 lines Text 2 Shown 1 lines Text ---------------------------------------- [ Part 1, Text/PLAIN 5 lines. ] [ Not Shown. Use the "V" command to view or save this part. ] this may sound verry unrealistic...lol but i thaught since this is a share knowledge someone could help me...hmmm absurde what i am doing lol.....or dunno i hope not.....i am searching for a way to get passwords on a g'damn site(www.audiogalaxy.com) is a pice of cake for someone who knows programming n stuff but for me is hell....spent the last 3 months searching the net for a way to steal ppls cookies or so....hmmm something....used to have a stupid pw guesser progr(huh pretty stupid lol).....but doesnt work anymore......n now hmmm i am on a dead line....thaugh maybe someone could help me....gimme some directions ...hmmm i dunno what else i could say..... ty for readding mynonsense... /* Please dont steal our cookies. We have to eat! WE NEED THOSE COOKIES! */ ________________________________________________________________________________ Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup *------------------------------------------------------------------------------* Date: Sun, 19 May 2002 16:26:12 -0400 From: James Dearborn <-oilandgasremoval@aol.com> To: submit@legions.org Subject: ADV Oil and Gas Investment [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How would you like a 100% tax free Investment in Oil and Gas wells? Make over 100% annually and receive monthly tax free Income with very low risk. Email your name, address, and phone number to oilandgaspackage@aol.com and we will send you the information. =======================DISCLAIMER========================== This is Not spam as you and I belong to the Free-Email-List. To be removed Put "Please remove me and your email address" in the subject line. Then send it to: oilandgasremoval@aol.com ***YOU MUST put your email address in the subject line to be Removed, =========================================================== /* This is spam. Fuck off. We didn't sign up on your list. This is the submissions account for a bunch of pissy people and your stupid schemes are pissing us off more. */ *-----------------------------------------------------------------------------* Date: Wed, 27 Feb 2002 23:16:57 +0000 From: Haqa .. To: submit@legions.org hi is this the L.O.U, coz if it is u guys are cool, i think u guys ohh sorry gals if any (i dont know maybe) are soo spot on i show that whitepower website u did over and i think u lot r cool and all the respect goes out to u. *********************amjad ali***************************** /* Thanks. Did we fall into a timewarp or something? */ *-----------------------------------------------------------------------------* From: LB680KBR@aol.com To: submit@legions.org Subject: Cell Phone Parts/Attachments: 1 OK 7 lines Text 2 Shown 4 lines Text ---------------------------------------- [ Part 1, Text/PLAIN 7 lines. ] [ Not Shown. Use the "V" command to view or save this part. ] Hi, I read in the monthly magazine about a cell phone service offered to members. The article said for more information to check the web site. I have looked and can't find anything about it. Please e-mail me this information or the site to check. Thanks R. E. Marlar /* Please re-read. We offer no such service. Of course, for a phenominal fee... */ *-----------------------------------------------------------------------------* Date: Tue, 13 Nov 2001 11:08:08 +0000 From: Pamela O'Shea <9843981@student.ul.ie> To: submit@legions.org Subject: ipsorc.1.0.tar.gz Hi, I am wondering where I could download ipsorc.1.0.tar.gz please ? as I'm writing an automated tool for testing firewalls and am interested in your packet generator. Its really nice that you have TTL :) My tool will try and throw all sorts of variations on the firewall by default or the administrator can choose what packets to form for the test. I am hoping to compelety automate it, ie. to go from writing the security policy to testing using a designed language, so it would be great to try out your packet generator Regards, P. O'Shea /* There is a link on www.legions.org, as well as www.legions.org/~phric/ */ *----------------------------------------------------------------------------* Date: Sat, 13 Oct 2001 14:48:44 +1100 From: BwY BwY To: submit@legions.org Subject: survey PS you guys 0wn Legions of the Underground member/regular/luser survey. Legions Survey made possible because WGMATATS Tip: if you dont answer all the questions you will be savagely beaten to a bloody pulp by Gridmark and Phriction. Thank you and Enjoy! 1. Do you know you know what WGMATATS stands for? nope 2. What is your favorite unsigned long int? not sure 3. What is your handle?(alias,nickname,AKA) BwY 4. What is the origin of your handle?(where did you get it from) My initials(shhh dont tell anyone) 5. Who in legions do you think is the most likely to get arrested and for what? Dont know, just traveled along to here 6. BeOS or MacOS? BeOS, MacOS sux0rs 455 7. touch or finger? finger 8. telnet or ssh? telnet 9. Do most of the people you know refer to you by your handle? no 10. What is your favorite protocol? tcp/ip 12. Favorite Daemon? firewall 13. Usual bathroom reading? learn c in 21 days 14. Have you ever had sex with someone who could code Hello world in assembly language? not yet 15. Binary? not yet 16. Do you own a pair of keys to a local ATM machine? i wish i did 17. Do you know what a scenewhore is? hell yeah 18. Are you one? hell no 19. What must someone do to be elite? act cool, h4x0r, use linux, 0wn winblowz boxes 20. Have you ever tried to nuke someone? hell yeah 21. Do you have a root dance? not yet 22. Have you ever owned a box stoned? or drunk? not unless drunk on mtn dew counts ;) 23. Have you ever wrote root@127.0.0.1 as your address on a job application? not yet, but good idea 24. Have you ever rooted yourself? yup 25. Favorite book? learn c in 21 days 26. Favorite Car? nissan 300zx twin turbo, year 1990 27. Favorite color? red 28. Do you look at mullet porn? nope 29. Mountain Dew || Coffee? Mountain Dew 30. Multiple Choice Section Just fill in the _'s with x's if you dont get it you suck. Do you think this Survey is a threat to your security? _[3y3 pj33r] x[no... dumbass] Do you take large amounts of caffene and then lie about it the next day? _[Admitted Addict.] x[no, and im stickin to it] Do you have a 1Mbit+ connection running to your house? _[yep] x[nien] Do you have more than 10 computers in any one room of your house? x[si] _[no] Do you run around your house with a lampshade on your head sayin "Hi! ima squid!"? _[yay] x[nay] What are your "m4d sk1llz y0h"? x[i r00t stuff] _[skript kid] _[clubie crackhead fucknut] _[whats a computer?] What is your current rate of income? _[Under 10,000] _[11,000+] _[50,000+] _[100,000+] _[31,337] x[None of your fucking business Gridmark.] How much time do you "use" playing games? x(approx. 22 hrs a day, rest is spent making people ph34r m3)[hrs] Do you use 31337'isms? x[y34 b1z47ch] _[No sir] Do you have MtDew cans flying at your head blindingly fast? (i.e. commercial) _[WATCH OUT!] x[whatchu talkin bout willis?] Do you like me? x[i lub j00] _[fsck you bitch] Are you a chick? _[yea baby] x[3y3 41nt gn0 ch1x0r] *//////////////* */ Sorry, /* How much do you like me? x[this is] x[getting tedious] */ I'm Lonley /* *//////////////* if [$lastquestion == yes]; then "can i r00t you?" x[no way in hell Gridmark.] Sexiest stooge? Larry or Moe? _[larry] _[moe] _[shemp] x[nuyk nuyk] Are you bored yet _[zzzzz] x[CMON MAN KEEP GOING] Who selected the second answer to the last question? _[not me] _[not me] x[me] EOF /* FREAK! FREAK! FREAK! */ -------------------------------------------------------------------------------- T H I S S P A C E F O R R E N T -------------------------------------------------------------------------------- [Hacking WAP/WEP]================================[NtWaK0 ] -------------------------------------------------------------------------------- ---------------------------------------------- ---> Hacking WAP/WEP NtWaK0 @ Legions.org <--- ---------------------------------------------- ## #### #### ###### # # # # # # ## # ## ## # # # ## # # ## ##### #### ### ## ## # # ## ## ### ### #### ---------------------------------------------- ---> Hacking WAP/WEP NtWaK0 @ Legions.org <--- ---------------------------------------------- HTML MAP can be found at www.safehack.com/textware/kvwak0.htm MS word doc can be found at www.safehack.com/textware/kvwak0.htm ---------------------------- ---> 1 Standards Groups <--- ---------------------------- 1.1 IEEE 1.1.1 IEEE 802.11 o Published in June 1997 o Approved as an IEEE standard June 2001 o 2.4GHz operating frequency o 1 to 2 Mbps throughput o 802.1X ~SNetwork Port Authentication~T o CSMA/CA instead of Collision Detection o Carrier Sense Multiple Access/Collision Avoidance o WLAN adapter cannot send and receive traffic at the same time o Hidden Node Problem o Four-Way Handshake ---> 802.1X Topologies <--- o Per-Station unicast session keys o 1. Keys derived on client and the RADIUS server o 2. RADIUS server transmits key to access point o 3. Unicast keys can be used to encrypt subsequent traffic o Per-Station unicast session keys not required o What is ad-hoc networking? o 1. Station communicating directly with other stations o 2. All stations authenticate with each other o 3. RADIUS not used in ad-hoc mode o 4. Key Management o 1. Password-based mutual authentication o 2. Secure key generation o 3. EAP-TLS: supports mutual authentication, keying o 4. EAP-TLS assumes both participants have a certificate o 5. EAP-TLS does not assumes client and server o 5. Issues with Adhoc o 1. Multiple interconnections to destinations o 2. Hidden stations o 3. Loops in the network ---> IEEE 802.11a <--- o Also published in late 1999 as a supplement to 802.11 o Operates in 5GHz band (less RF interference than 2.4GHz range) o Users Orthogonal Frequency Division Multiplexing (OFDM) o Supports data rates up to 54 Mbps o 802.11a and 802.11b work on different frequencies ---> IEEE 802.11b WEP <--- o Published in late 1999 as supplement to 802.11 o Access Point gateway to wired network o 11 channels o Still operates in 2.4GHz band o 2.4 GHz, 25 MHz per channel o Data rates can be as high as 11 Mbps o 11 Mbits/sec (actually 5 Mbits/sec data throughput) o Only direct sequence modulation is specified o Coverage range will decrease as MB increases o Most widely deployed today o 802.11b will start at 11MB and will decrease to 5.5MB, 2MB, and 1MB o Two levels of encryptions o 1. 40-bit key (aka, silver, 64-bit) o 2. 104-bit key (aka, gold, 128-bit) o Encryption key and Initialization Vector o 1. IVs taken from 2^24 range o 2. IV is transmitted clear o 3. Key is not transmitted ---> IEEE 802.11e Quality of Service <--- o Currently under development o Working to improve security issues o Extensions to MAC layer, longer keys, and key management systems o Adds 128-bit AES encryption ---> HiperLAN/2 <--- o Development led by the European Telecommunications Standards Institute (ETSI) o Operates in the 5 GHz range, uses OFDM technology o Support data rates over 50Mbps like 802.11a o HiperLAN/2 is not interoperable with 802.11a or 802.11b ---> 802.11f Inter-Access Point Protocol <--- ---> 802.11i Extended security <--- ---> 802.1w Spanning tree rapid convergence <--- ---> Packet Structure <--- o Ethernet Packet Structure o 14 byte header o 2 addresses o 802.11 Packet Structure o 30 byte header o 4 addresses o Ethernet Physical Layer Packet Structure o 8 byte header (Preamble) o 802.11 Physical Layer Packet Structure o 24 byte header (PLCP, Physical Layer Convergence Protocol) ---> 802.1X authentication in 802.11 <--- o IEEE 802.1X authentication occurs after 802.11 association or reassociation o Association/Reassociation serves as ~Sport up~T within 802.1X state machine o If 802.1X authentication succeeds, access point removes the filter o 802.1X messages sent to destination MAC address o Client, Access Point MAC addresses known after 802.11 association o Access point only accepts packets with source = Client and Ethertype ------------------ ---> 1.2 IETF <--- ------------------ 1.2.1 RADIUS & AAA o Authentication o Authorization o Accounting 1.2.2 PPPEXT (EAP) o Extensible Authentication Protocol 1.2.3 IPsec and IPSRA IPsec and VPNs ------------------------ ---> 2 What is WAP? <--- ------------------------ ---> 2.1 Basic <--- ---> 2.2 HTTP/HTML adjusted to small devices <--- ---> 2.3 Consists of o 2.3.1 Network architecture o 2.3.2 Protocol stack ---> WAP Transport Layer WDP <--- o An adaptation layer to the bearer protocol o Source and destination address and port o Optionally fragmentation o Maps to UDP for IP bearer ---> WAP Security Layer WTLS <--- o TLS adapted to the UDP-type usage by WAP o Encryption and authentication o Several problems identified ---> Vulnerabilities within the Wireless Application Protocol <--- http://www.sans.org/infosecFAQ/wireless/WAP.htm o 1. Weak MAC o 2. RSA PKCS#1 o 3. Unauthenticated alert messages o 4. Plaintext leaks ---> WAP Transaction layer WTP <--- o Three classes of transactions o 1. Class 0: unreliable o 2. Class 1: reliable without result o 3. Class 2: reliable with result o No security elements at this layer o Protocol not resistant to malicious attacks ---> WAP Session Layer WSP <--- o Meant to mimic the HTTP protocol o No mention of security in spec except for WTLS o Distinguishes a connected and connectionless mode o Connected mode is based on a SessionID given by the server ---> WAP Application Layer WAE <--- 2.3.3 Wireless Markup Language (WML) o WML based on XML and HTML o Not pages of frames, but decks with cards o Images: WBMP, WAP specific o Generally all compiled to binary by WAP gateway ---> Additional area of potential problems o The WAP Javascript equivalent o Located in separate files o Also compiled by WAP gateway o Allows automation of WML and phone functions ---> 2.4 WAP Infrastructure issues <--- ---> 2.4.1 Attacking a dialed in phone <--- ---> 2.4.2 Spoofing another dialed in phone <--- ---> 2.4.3 Attacking the gateway <--- ---> 2.4.4 Collusion attack <--- ------------------------ ---> 3 What is EAP? <--- ------------------------ o 3.1 Extensible Authentication Protocol (RFC 2284) o 3.2 Provides a flexible link layer security framework o 3.3 Simple encapsulation protocol o 3.3.1 No dependency on IP o 3.3.2 ACK/NAK, no windowing o 3.3.3 No fragmentation support o 3.4 Few link layer assumptions o 3.4.1 Can run over any link layer (PPP, 802, etc.) o 3.4.2 Does not assume physically secure link o 3.5 Assumes no re-ordering o 3.6 Can run over lossy or lossless media o 3.7 EAP methods based on IETF standards o 3.7.1 Transport Level Security (TLS) o 3.7.2 Secure Remote Password (SRP) o 3.7.3 GSS_API (including Kerberos) ------------------------- ---> 4 What is WEP ? <--- ------------------------- ---> 4.1 Introduction <--- ---> 4.1.1 All users of a given access point share the same encryption key ---> 4.1.2 Data headers remain unencrypted so anyone can see the source and dest ---> 4.2 Attacks Against WEP <--- o Passive attacks to decrypt traffic based on statistical analysis. o Active attack to inject new traffic. o Active attacks to decrypt traffic, based on tricking the access point. o Dictionary-building attack ---> 4.2.1 War Driving <--- o Default installation allow any wireless NIC to access the network o Drive around (or walk) and gain access to wireless networks o Provides direct access behind the firewall o Heard reports of an 8 mile range using a 24dB gain parabolic dish antenna ---> 4.2.2 Rogue Networks <--- o Network users often set up rogue wireless LANs to simplify their lives o Rarely implement security measures o Network is vulnerable to War Driving and sniffing and you may not even know it ---> 4.2.3 Policy Management <--- o Access is binary o Full network access or no network access o Need means of identifying and enforcing access policies ---> 4.2.4 MAC Address <--- o Can control access by allowing only defined MAC addresses o Only wireless card with listed MAC address can be served o This address can be spoofed o Must compile, maintain, and distribute MAC addresses to each access point o Not a valid solution for public applications o Unfortunately, MAC addresses are also sent clear in the air o Wireless card MAC address clone ---> 4.2.5 Service Set ID (SSID) <--- o Only person who know SSID can be served o SSID is the network name for a wireless network o WLAN products common defaults: 101 for 3COM and tsunami for Cisco o Can be required to specifically request the access point by name o The more people that know the SSID, the higher the likelihood it will be missused. o Changing the SSID requires communicating the change to all users of the network o Unfortunately, SSID is broadcasted in the clear ---> 4.2.6 IV (key) reuse <--- Lack of replay protection allows IV values to be reused Collisions made possible by small IV space in WEP Enables statistical attack against ciphertexts with replayed IVs ---> 4.2.7 Known plaintext attack <--- Lots of known plaintext in IP traffic: ICMP, ARP, TCP ACK, etc. Can send pings from Internet through AP to snooping attacker Enables recovery of key stream of length N for a given IV [Arbaugh] Enables statistical attack and recovery of Key with known IVs [Fluhrer] ---> 4.2.8 Partial known plaintext <--- May only know a portion of the plaintext (e.g. IP header, SNAP) Possible to recover M octets of the keystream, M < N Statistical analysis of plaintext and IV shows keystream bias [Shamir] Statistical analysis of plaintext and IV allows Key recovery [Fluhrer] Via repeated probing, can extend keystream from M to N [Arbaugh] ---> 4.2.9 CRC32 <--- Linearity of algorithm and absence of Key use allows for forgery Possible to flip bits in realtime, adjust CRC32 and cause denial of service ---> 4.2.10 Authentication forging <--- o WEP encrypts challenge using IV chosen by client o Recovery of key stream for a given IV enables re-use ---> 4.2.11 Denial of service <--- ---> 4.2.12 Dictionary attack <--- ---> 4.2.13 Realtime decryption <--- ---> 4.2.14 Passive Attack to Decrypt Traffic <--- The first attack follows directly from the above observation. A passive eavesdropper can intercept all wireless traffic, until an IV collision occurs. By XORing two packets that use the same IV, the attacker obtains the XOR of the two plaintext messages. The resulting XOR can be used to infer data about the contents of the two messages. IP traffic is often very predictable and includes a lot of redundancy. This redundancy can be used to eliminate many possibilities for the contents of messages. ---> 4.2.15 Active Attack to Inject Traffic <--- The following attack is also a direct consequence of the problems described in the previous section. Suppose an attacker knows the exact plaintext for one encrypted message. He can use this knowledge to construct correct encrypted packets. The procedure involves constructing a new message, calculating the CRC -32, and performing bit flips on the original encrypted message to change the plaintext to the new message. The basic property is that RC4(X) xor X xor Y = RC4(Y). ---> 4.2.16 Active Attack from Both Ends <--- The previous attack can be extended further to decrypt arbitrary traffic. In this case, the attacker makes a guess about not the contents, but rather the headers of a packet. This information is usually quite easy to obtain or guess; in particular, all that is necessary to guess is the destination IP address. Armed with this knowledge, the attacker can flip appropriate bits to transform the destination IP address to send the packet to a machine he controls, somewhere in the Internet, and transmit it using a rogue mobile station. ---> 4.2.17 Table-based Attack <--- The small space of possible initialization vectors allows an attacker to build a decryption table. Once he learns the plaintext for some packet, he can compute the RC4 key stream generated by the IV used. This key stream can be used to decrypt all other packets that use the same IV. Over time, perhaps using the techniques above, the attacker can build up a table of IVs and corresponding key streams. This table requires a fairly small amount of storage (~15GB); once it is built, the attacker can decrypt every packet that is sent over the wireless link ------------------- ---> 5 Threats <--- ------------------- ---> 5.1 Loss of Confidentiality <--- o 5.1.1 Competitors o 5.1.2 Thieves o 5.1.3 Disruptors ---> 5.2 Identity Hijack ---> 5.3 Disruption of Functionality o 5.3.1 Viruses o 5.3.2 Trojan Horse o 5.3.3 Data Integrity ---> 6 Notes/Links o 6.1 Ports used by Wireless App o 6.1.1 Wap-wsp:9200/tcp WAP connectionless session service o 6.1.2 Wap-wsp:9200/udp WAP connectionless session service o 6.1.3 Wap-wsp-wtp:9201/tcp WAP session service o 6.1.4 Wap-wsp-wtp:9201/udp WAP session service o 6.1.5 Wap-wsp-s:9202/tcp WAP secure connectionless session service o 6.1.6 Wap-wsp-s:9202/udp WAP secure connectionless session service o 6.1.7 Wap-wsp-wtp-s:9203/tcp WAP secure session service o 6.1.8 Wap-wsp-wtp-s:9203/udp WAP secure session service ---> 6.2 Links o 6.2.1 WAP Wireless Certificate See document: http://www.verisign.com/support/tlc/wap.htm o 6.2.2 IETF web page See document: http://www.ietf.org/ o 6.2.3 IEEE 802 web page See document: http://grouper.ieee.org/groups/802/dots.html o 6.2.4 Unofficial 802.11 Security See document: http://www.drizzle.com/~aboba/IEEE/ o 6.2.5 WAP Server Certificates See document: http://www.entrust.net/wapserver/index.htm o 6.2.6 WEP Faq See document: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html o 6.2.7 WAP Forum See document: http://www.wapforum.org/what/technical.htm o 6.2.8 WAP Development Tools See document: http://www.palowireless.com/wap/devtools.asp o 6.2.9 Adventures In Wardriving See document: http://www.athomeprd.com/~jimb/wardriving/index.html o 6.2.10 Capture and Crack utilities See document: http://Www.airsnort.shmoo.com See document: http://www.airsnort.shmoo.com/ See document: http://www.dachb0den.com/ See document: http://www.netstumbler.com/ See document: http://telia.dl.sourceforge.net/sourceforge/wepcrack/WEPCrack-0.0.10.tar.gz See document: http://www.personaltelco.net/index.cgi/WirelessSniffer -------------------- ---> References <--- -------------------- www.blackhat.com http://www.google.ca/search?q=wardriving+*.ppt&hl=en&ie=UTF-8&oe=UTF-8 http://airsnort.shmoo.com http://www.athomeprd.com/~jimb/wardriving/index.html http://www.blackbeltjones.com/warchalking http://www.boulderlabs.com/vulnerable.ppt ---------------------------------------------- ---> Peace to you all:all from NtWaK0 <--- ---> www.safehack.com <--- ---> www.legions.org <--- ---------------------------------------------- -------------------------------------------------------------------------------- [KV's 30 Second Scripting Solution]==========[Digital Ebola ] -------------------------------------------------------------------------------- Ever wish Snort would start itself after it dies? Drop this into your crontab, and never worry about starting it again... /bin/go is your Snort init script. Customize to taste. Works under Debian. #!/bin/bash SNORT=`ps ax | grep snort | grep -v grep|awk '{print $1}'` if [ -x $SNORT ]; then /bin/go > /dev/null date >> /var/log/snort-health.log echo Snort Restarted by Daemon >> /var/log/snort-health.log echo ----------------------------- >> /var/log/snort-health.log echo else echo Snort up. > /dev/null fi -------------------------------------------------------------------------------- [XMMS-Winamp How-To for Gentoo Linux]========[feach ] -------------------------------------------------------------------------------- Ok so you want to run Winamp plugins with XMMS on your Gentoo system? First thing first. If you do not have wine installed you will need to install it # emerge --clean rsync;emerge wine If you have a older version of wine then # emerge --clean rsync;emerge -u wine After thats all done, You will need to download this plugin ( I am assuming you already have XMMS ) http://www.emulinks.de/xmms-winamp/xmms-winamp-0.4.tar.gz You will need to extract the files and cd into the plugin source directory $ tar xvfz xmms-winamp-0.4.tar.gz;cd xmms-winamp-0.4 Then edit the configure file $ nano -w configure Change line 5 to ( You can find what line your at by pressing Ctrl+c ) for i in /usr/wine/bin Then Change line 30 to for j in "" -L/usr/wine/lib Then change line 46 to for i in /usr/wine/include Then change line 64 to for i in /usr/wine/lib/wine Press Ctrl+x and hit Y to save the file. Now run configure $ ./configure Then you need to edit config.mak $ nano -w config.mak Change line 3 to WINEINCLUDES = /usr/wine/include Press Ctrl+x and hit Y to save the file. Now open Makfile $ nano -w Makefile Change line 32 to winebuild -fPIC -DSTRICT -sym winamp.tmp.o -o winamp.spec.c -exe winamp -mgui -L/usr/wine/lib/wine -lkernel32 -luser32 -lgdi32 Then change line 35 to winebuild -L/usr/wine/lib/wine -L/usr/wine/lib -spec winamp.spec -o winamp.spec.c Press Ctrl+x and hit Y to save. Then type $ make;su -c "make install" After make is done it will ask you for the root password so you can run the command make install WooHoo after that you got it compiled. :-) Now you need to download a version of Winamp ( XMMS does not tell you this. ) I tried several and only got winamp 2.24 to work for me http://68.14.155.25:538/win/ I'm not going to directly link you to the file, Please look for it in there or on some other website. Now Type $ wine winamp224.exe Go ahead and install it. Now download winamp plugins you like from winamp.com or some other website of your choice and install the same way as you did Winamp. $ wine pluginName.exe After that is done start XMMS and hit Ctrl+v You should see Winamp Meta-Plugin [libwinamp.so] as a option, select it, hit configure and fill in your values for the plugin directory and plugin dll you need. Hit OK and then OK from the previous screen then go to your XMMS menu and then visualization options and start up your plugin. --feach -------------------------------------------------------------------------------- [Your Privacy and HP]===============================[b0ld ] -------------------------------------------------------------------------------- Ever call tech support for an HP product that you owned? Well maybe you might want to keep on reading this article.Technical support is one of those lovely features that each and every software / computer industry giant has to service customers. Like any other company the agents go by a call script. One of the main parts is to have your first and last name as well as your telephone number with the area code first. This is actually optional, Remember that "YOU" are giving them the information. You can actually remain anonymous unless its a "serious" issue in which the product would actually need to be repaired, then they will require all of your information. The agents "CANNOT" refuse technical support if your product is within warranty. Now onto some interesting info. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- HP's call routing systems works off an actual VoIP. Even though you maybe calling the phone number for technical support it then gets routed to a VoIP terminal. The VoIP terminal is primarily being used to cut costs on machinery service and maintenance, But there are flaws within the VoIP system that they have and what your going to learn will interest you and may even shock you. The first loop within there system are the voice recognition service in which they have. Simply this is a type of service that is supposed to be "hands free" and "high tech", however the system has proven unsuccessful. On many occaisions you may think that your being routed to the proper product support group. Next thing you know after being on hold for 5 minutes to get an agent you end up finding out that your in the wrong department. So right there you just spent 5 minutes of wasted long distance time. Another problem as well is that sometimes you would get an "echo" effect when your talking to an agent. This makes the situation difficult because you can hear yourself say the same thing almost 4 times. There is also frequent disconnects while on hold as well. Some speaker phones and cell phones actually tend to get disconnected from the terminal itself because there is now "activity" on the line. Now comes the scary part. -=-=-=-=-=-=-=-=-=-=-=-=-=- So you just finished talking to an agent and the problem is either fixed or not fixed... In any occasion you need to make a phone call that basically consists of confidential information. It could be anything from giving out a credit card number or company policy information that you'd only talk to "authorized" people about.. Well it has come to my attention that because of HP's routing system being so "High Tech" It has actually done something that generally is against the law. What tends to happen periodically during the day is that after a customer hangs up normally the terminal would receive the data that the customer hung up so it should close that open line, how ever it would keep itself open which acts like a "tapping" device. The agent on the other end could have there mic on mute and they can now listen to any of your phone calls. This issue has been raised alot during meetings but its seemed that it basically brushed off anyone except for the individual reports this issue. The only way that you can really see whether they were actually listening in is if you have one of those devices that would light up telling you that the line is already being used.. Another interesting fact. -=-=-=-=-=-=-=-=-=-=-=-=- Another flaw in the VoIP terminal is if you end up getting an agent and the agent puts you on hold and then you hear a dial tone, then there is chance for you to use the terminal open line and make and out going calling call anywhere without it affecting your phone bill. Its been basically proven after I decided to do some investigating with the terminal. It would be a charge that would go on hp's bill and not yours. And to be quite honest I wouldn't doubt that you can hold up a party line and go undetected. Another scary part -=-=-=-=-=-=-=-=-=- HP has adopted a new system to do there servicing on there products. The agents use a "web-based" script that enters the necessary information in order to either service a machine or even purchase a machine. What really caught my attention on this matter is when a simple question was asked. Someone asked one of the key people who is in charge of this system "what encryption are you using", and the scary thing is is that they could not positively answer that question. Although they claimed that the information is being "piped" directly into the system and no outside sources can penetrate. Well that theory was actually challenged and the system failed horribly. What's logged on this system is very sensitive data about the customer which includes credit card numbers, names, address's, and phone numbers. Infact an agent can actually punch in a credit card number into this database to try and find someone. The odds of thinking a number just out of the blue is very slim however it CAN be done, and with the data that is being sent and received by the server is really isn't that all secure either. It just takes the right person to find out the right block of ip's and sniff out the data. There is so much data being sent across that network that even though you may not use the proper stealth methods, you'll most likely be undetected anyways. The server itself is also very unstable when trying to work with it. It crashes all the time making information either saved uncorrectly or lost. Its really to bad that they use this system. They are killing off the old system that is actually unix based. They programed win32 shell to work with this system and it has always been reliable. Believe it or not the mainframe of the old system actually works off a Sun Microsystems server machine which is probably the most reliable piece of computer machinery out there. Closing remarks -=-=-=-=-=-=-=- So I hope you've learned a little something here, sure its not all that technical but it basically makes you think twice before you actually give out your information out there. Really you don't know who is on the other line and how poorly secure your information is being held within the company's database but now you know. -------------------------------------------------------------------------------- [Phone Phreaking Lives with AT&T]==================[Cobra ] -------------------------------------------------------------------------------- So with phreaking slowly on the decrease, and the building of tools & boxes to use on phone networks is gettig fewer and further between. So why not just use there own network against them, to make your free calls. Who or What network would be stupid enough to allow such a feat. Well people look no further than your own country. AT&T. Below I explain how one would make free calls through AT&T's calling card service. To start with You will need to find the number for AT&T's calling card service, that you need to dial from your country. Now thankfully AT&T have been thoughtful here, and you can obtain this list from there website at www.att.com. Now for this example I am going to use the number that I would dial from Ireland. So here we go. From a payphone, Cell phone or even your house phone, you dial 1800 55 0000 from Ireland. *I think it is 1800 555 0000 for the US but check first*. Now after dialing that number you will get 'Welcome to AT&T please enter the number you are calling now'. So enter in your number here. Keeping in mind people that for international calls you replace the 00 on the country code for a 01. So for example, The Irish country code is 00353, so you would instead dial 01353. Right now that that's cleared up, we shall move on. After entering your number it will ask you 'Please enter your calling card number and pin or credit card number and expiration date'. If you are calling anywhere outside the US you will only be asked to enter your calling card. Now here comes the fun. When entering the fake calling card, you must remember a few rules; 1) Calling card ALWAYS begins with 2124 or 2123 (2124 is best) 2) Never use a 0 after the 2124. So no 21240. 3) Calling cards are only 10 digits long. So when entering your calling card, you punch in 2124<6 random digits>. Then straight after you enter your calling card number, you then need to enter a pin. So for your pin you enter 4 pound keys. such as # # # #. It will then ask you to re-enter your pin # # # #. Now for some weird reason there system HATES the # key. And it comes up on there system that you have been disconnected from your call and you are trying reconnect. So now after you have dialed in your pin number twice you will get through to an AT&T operator. Now for god sake DONT PANIC!!. This is where you shine up your social egineering skills. You will be greeted with a 'AT&T How may I help you'. Now keeping it REALLY polite and in yourmost posh and business like voice you say ' Hello! Could you redial the same number for me please.. Thank You!'. Now 8 times out of 10 you will get the response ' Certainly, One second, Sorry you had trouble' and you will be through. But there is still the other 2 times out of 10 where you wont get through and you will have to ring back and try again. Trust me though you will get through may take a few trys. But it is well worth it. Because if you are ringing Australia which costs like 50 cents a minute, through at&t you can stay on the phone as long as you like and the bill goes straight back to at&t. So you can now call anywhere in the world and put it on AT&T's tab. Now to add a little story to all this, I will explain a few problems I have had an how I got around it. Before my girlfriend moved here with me, she used to live in Canada. So naturally I was calling her everyday for like 5 hours at a time. Now AT&T will catch on to this volume of usage if it is being directed to one number. Now on Feb 12th this year(2001) at&t banned all calls from Ireland to Canada through there calling card service. The ban was online active for 2 days untill they found away of stopping the calling. On Feb 15th I was arrested for theft of service. But because AT&T could never prove that I was doing illegal acts. The case got dropped. But there was an outcome. I was now no longer able to dial my girlfriends number from anywhere in the country from any phone. It had been banned through the IPC (Irish Phone Companies). Now the way I got around this was simple. I remembered that there was an AT&T Canada. So basically what I did there was. Ring AT&T America and dialed AT&T Canada through them *as the ban was lifted*. So from AT&T Canada I was able to use a similar trick to the AT&T US to get my call to go through. And bobs your uncle. I was back on the track. For people living in Ireland, It is worth investing in an Unregistered SpeakEasy Cellphone and leave CLI off. Keeps you that little bit more anonnymous when making your calls. -------------------------------------------------------------------------------- [Security Method and Technique]==============[Digital Ebola ] -------------------------------------------------------------------------------- /* Welcome to the corperate rant. =) */ Security is a word that most corperations fear. They would like to sweep it under the rug, and rightly so. Security costs money, security costs time, and security brings skeletons out of closets that people would rather remained shut. Not to mention, that highly specialized security engineers are hard to find. It's more then training; it's a knack. You are either good or your not. Even the good can be compromised; the posing parties will be compromised everytime. Justification of security, should not be a hard task. Millions of dollars of present revenue can be lost due to a breach. Billons of dollars of FUTURE revenue can be lost to that same breach. In the digital world, you have to protect your investments, you clients investments, and all data associated with each. The blood of the security world, is information. The person that has the information, will win the battle. A properly secured network can go from properly secured to blantantly open in the matter of minutes. This is why it is important to take any information you can get, no matter the source. Once aquired, the information can be double checked for its authenticity, and acted upon. My personal methodolgy is the "Less is More" set of methods. Your security policy should be written custom against the set of users or tasks that will be utilizing the resources. You give exactly enough for the set tasks to be completed and nothing more. Default installations, will result in a compromise. Default policies, will result in a compromise. The only way is to customize each service or resource for the job. This methodolgy is a hard one; you at once notice the fine line between security and usability. The more flexible the system is to it's users, the more vulnerable it is to its attackers. It is important that such things be included in the policy as password management techniques, password scheming techniques, and password transport should ALWAYS be held in encrypted media when being sent over the wire. Sending it thru email or writing it on the whiteboard can result in a breach. Employees should not have their day to day activities hampered as to how they should utilize resources. Instead, they should be trained on the dangers and be taught to look for signs of digital agression, or inconsistencies. They should be taught the whys of the security policies, and the only hampering they should have to suffer through, should be the use of the right tools to keep themselves in check with the security policy. In the end, this works better, because the employee can use that knowledge and common sense to avoid problems. Keep in mind, this ties right in with password control, the human factor is responsible for 3/4 of all breaches. At no point should censorship be included with the policy, as you turn your employees into sheep that follow directions; if any other aspect was missed in the policy, then you are still compromised. If trained, the employee is no longer a sheep, they can actually aid you in security knowledge, because they are utilizing resources firsthand. There are many technical tricks and methods that can be incorperated into your security policy. The first thing most overlooked, is not technical at all; inventory control. Most companies do not have good inventory control, and this is one of the most crucial things to have. You must know what the machine is, how it is configured, what services are running, and who has access to it. Patch revisions need to be noted, along with a set of identifiers that are machine specific. IP, MAC Address, and a physical serial number, are very important pieces of information. If you don't know what you have on your network, you don't know what to fix if there is a new exploit or advisory released. The security policy in itself should also contain guidelines for each operating system or piece of equipment. What the acceptable configurations are, and how they should be used. This, of course takes alot of time, and alot of meetings. Everyone involved has to agree. It is important to secure each OS on a individule basis. In a large network, this is next to impossible. This is why the OS guidelines are needed. In addition to having a secure OS, you should also consider writing IDS requirements into the policy. Host-based IDS is a very useful item to have, just in case the unthinkable happens. Secure logging mechanisms and kernel monitoring are essential to tracking down the source of the breach. There are many good free software packages in the industry that accomplish this. On the network side of things, there should be a Network Based IDS. This gives you a perspective on what kind of traffic is running across your network, and gives the ability in most instances, to trend attack patterns. This aids your research in some ways, because if you start seeing alot of scans on a certain port, chances are that something new has been released, and you are going to have to patch. I will also touch lightly on firewalls; a firewall is NOT security. Firewalls are icing on the cake. A lot of companies depend on firewalls to protect them, and often there are ways to either circumvent the firewall (UDP can yield interesting results) or maybe there is another access point that is more vulnerable (vpn, dial-in). The point, is to keep track of everyone authorized to enter the network, and to keep track of all access points, not just the front door. And, remember, sometimes the front door can be kicked in. If a attacker breaches, and you have secured the hosts behind the firewall, and you are running vlans.. there is not going to be anything to do. They will be dead in the water, and your company does secure business for another day. I hope this writing can be of some use to someone. It is not EVERYTHING, but it is alot of things I consider important to security. I find that companies tend to overlook these things, and it has become quite a pet peeve. -------------------------------------------------------------------------------- [Java Virii]==================[Archimedes ] -------------------------------------------------------------------------------- Are we: public ? do we have: class ? so begin the: Rambling { As is standard practise for anyone writing anything now, I'd like to thank O'Reilley for publishing books on CD-Rom, which everyone is always happy to pay £50 upwards for... or for about half the price they could get a lot more useful information AND O'Reilly texts from their next door neighbour and other internet users... I DO NOT SUPPORT PIRACY of ANY kind..... Archatos stfu now before i slap that FTP is for educational purposes only!/* Viruses? In Java? Surely not! Isnt the world made of Milk and Honey? (and more milk ;) What would the point of writing a virus in Java be? How could that muppet approach the problem(s)? Oh come on! It's Java!! what do you mean what would the point be, a well written Java virus would be able to sit in anything from your Mobile telephone *cough Nokia 92xx* through your BMW engine monitoring systems, home PC, Flight navigation gear and most importantly..... The Beer refrigerator. Java exists on so many platforms already (and has almost infinite possibility to be implemented on almost anything with enough room for a VM, such as your handy wrist watch using the J2ME.) If Someone was to write a virus, one which just reversed all text displayed by the System.out.* classes, what would happen? Would we end up reading the time and the atmospheric temperature through a mirror? What do you think about when someone says "secure"? No Digi, not a chastity belt. Java is a "Secure" language, take all your thoughts about what you think security is and then write them down (ya right) and compare them to these: SUN implemented only 2 major security aspects in Java 1.0, these being that Java programs should be "Safe from malevolent Programs" (Trojan horses etc) and that Java Programs should be "Non-intrusive", ie they shouldnt have the ability to gather personal information on the host computer or the hosts network. The ability for authentication of Java programs was made in Java 1.1 and when Java 2 (Java 1.2) came out they added the ability for encryption. What does all this mean? Java just ain't as secure as everyone makes out? You decide. Lets look at one feature, when running applets the JVM only allows communication with the server, and the client, no third parties or calls to third parties are allowed by the applet. Now then, all Java code installed locally on the system is trusted implicitly. All code downloaded over the network, however, is untrusted and run in a restricted environment called the "sandbox" (all you VX'ers who need this explaining to you should be shot, CRETINS!) This Sandbox basically, and briefly takes the form of the Java Security Manager (herein JVMSM) How/Can do you Bypass this? Well, the Java SecurityManager is probably the best place to start, but in Java Developers words "Use of a custom SecurityManager is highly discouraged" basically meaning you may well screw up and leave yourself open to malicious content, now WHO would want that! http://java.sun.com/products/jdk/1.2/docs/api/java/lang/SecurityManager. html One thing to bear in mind is that to date, the JVM released itself isnt flawed...only implementations of it, IE / Nutscrape. (Sounds a bit like NT4 being designated a Secure Operating system by the US DoD...didnt note that it had no NIC, Modem, Floppy disk or CD-rom drive in it at the time did they?) The pretty much only way to be garuanteed bypassing of the Applet SecurityManager is to overwright the target's JVMSM, if you can do this on a host you already have a manner of which to upload pretty much anything, be it a rootkit or another executable....now THERE is a tangent...Java as a multi platform rootkit../*notes for future ramblings/* What I consider as the most evident "Virus" written with Java is Brown Orifice, a proof on concept code which once again, doesnt actually flaw the JVM...but Nutscrape itself. -- People are turning to Java, now more noticably (to me atleast) for writing exploits, no longer will you need to worry about the fact that your not running x operating system or Y operating system...just: ]$ java file and there you have a exploit working on whatever platform. (admittadly some of the exploits written in Java have been written using depreciated methods..one word, slackers!) */for reference, when initiating use of the keyboard the structure now is: BufferedReader k = new BufferedReader(new InputStreamReader(System.in)) /* How do we want to spread virii? The JVMSM when it comes to locally running applets is somewhat different. Well, if we can get the target to run the .class file locally, and within the "normal" program is our friendly infector/executor then we have the ability to do whatever we want.. For those who just woke up scroll up a it to where I mention that locally installed Java Applications are trusted implicitly. So anything your user profile can access, the java code can access (yes it is possible to run all Java code in a sandbox, be it a JavaBean, servlet of a full blown app, but for most lusers its just not something that they will be thinking about when accessing their databases etc...or running your P2P client which happens to have a bit more P2P about it that they think.) As with most other languages there are methods to use external processes, in Java this comes in the form of the java.lang.Process (see the lang reference if you want to know more about it in particular), so to do a bit or an O'Reilly-ism { .. java.util.Properties config: String cmd = config.getProperty("sysloadcmd"); if (cmd != null){ Process p = Runtime.getRuntime().exec(cmd); ImputStream pin = p.getInputStream(); InputStreamReader cin = new InputStreamReader(pin); BufferedReader in = new BufferedReader(cin); String load = in.readLine(); in.close(); } .... } Use your imagination...can you pipe chargen to a completly different process? (from DoS methods we know that yes we can dont we) Can one create buffer overflows locally in order to execute other commands which you want to use as you can in c or c++...? Could all of this facilitate in the spreading or a virus? There are enough brains in the world to solve third world debt, use water as fuel and devise practical one use key encryption... if someone hasnt got it working by now it wont be long. Wont be long before our Governments cover it up that is. } All complaints can be sent to digi@legions.org Anything else can be sent to me. Next time maybe I should start writing a bit more in advance... Archimedes, 24/07/02 archimedes@security-foundation.net -------------------------------------------------------------------------------- [The Scene Is Seen As Absolute Shit]==============[2dHero ] -------------------------------------------------------------------------------- With each passing year as the internet grows more, and more, finding specific information your looking for becomes increasingly harder. Not because it's no longer in existance, but because it's surrounded by garbage. It's becoming more, and more like searching through a wastebasket for important documents that you threw away on accident. The same can be said for the hacking community. Often people wonder why these kids email them asking for a mentor to teach them about hacking, or how they hack hotmail, or how do they get in their girlfriends webpage at angelfire.com to do a defacement. I'll tell you why. The ones who are serious about hacking in general who are using the W3 as their portal to knowledge search for hours on search-engines, and repeatedly get flooded with websites containing nothing but ICMP Ping Flooders, ICQ Flooders, Email Bombers, and docs on how to card a brand new Dell Laptop. Yeah, it's annoying to get five emails from kids in Romania asking you to teach them a thing or two, but can you really blame them? Their searching for a needle in a haystack. The others who are only interested in Hotmail, and Trojan Horses know no better. Everything they find leads them to that direction, and they have absolutely no clue that theres a whole hell of alot more to hacking than things of that nature. It's the idiots who are supplying this garbage that should be flamed more so than the kids. Look at IRC; so sweet, and sour. The public channels have become so infested with bullshit some days it's almost sickening to look at the conversations. What could be a great way to share information pertaining to the subject..is not for the most part. It's no longer about what you know, or what your willing to share. It's about flirting, making an online girlfriend, thirty year old women playing house to pass the time, kissing ass for Operator Status in a big 'hacking' channel, or idling for the sole purpose of having a longer idle time than Z3r0wk3wl. Off topic discussion is fine by all means, but when it's all you have, why not /part, and /join #chataway? People who are contributing absolutely nothing to the community, and know absolutely nothing more than how to boot, connect, and fire up mIRC with ops in these channels /kb-ing what could be knowledgible people, because they think their music sucks or for no reason at all. What the fuck? Why even op these people in channels like that when you KNOW they know absolutely nothing. Listen, the vagina they may possess halfway across the globe will never serve you any purpose. Even the +s/p channels now days are about the same way. This article is obviously a rant, and nothing more. It will change absolutely nothing, but maybe it will get a few thinking about exactly where the scene is going; to hell. Not all websites, and IRC Channels are full of shit. There are a...few IRC Channels around that are worthwhile, and lots of webpages, but the scriptkids, carders, power tripping cluebag ops, digital teenage pranksters, and horny thirty-something year old women by far outnumber any of the legit contributors. -------------------------------------------------------------------------------- [Linux C Socket Programming]=====================[??????? ] -------------------------------------------------------------------------------- /* Editor's note: Who the hell sent this article? */ Opening a socket int socket(int domain, int type, int protocol); In unix environments sockets are labeled as file descriptors or fd's for short, so in essence open a socket is the same as opening a file, because you are reading and writing to an Input/Output stream or IO stream. File descriptors are refrenced as integers, which the socket call returns. ------------------------------------------------- int fd; fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); ------------------------------------------------- In this code section we declare an integer fd and use it to store the descriptor returned from socket() for later use. The first argument in socket() is the domain or address family or protocol family, usaully PF_INET or AF_INET(both the same as defined in /usr/include/linux/socket.h or /usr/include/bits/socket.h) PF_INET is protocol family IPv4 Internet Protocols. The next argument type, is the type of packet to send, usually SOCK_STREAM, which is used for TCP or SOCK_DGRAM for UDP(these can also be found defined in /usr/include/bits/socket.h). The next field is the protocol, if we use 0 for this field the kernel should automatically enter the right value for us, you can also, grep 'protocol' /etc/protocols which will give you the number, which would help make the code more portable. I used IPPROTO_TCP which is defined in /usr/include/linux/in.h as 6, which is the same number the /etc/protocols would give. UDP is 17 or IPPROTO_UDP is equal to 17. socket() returns socket file desciptor on success, -1 on error. Making connections int connect(int socket_file_descriptor, struct sockaddr *server_address, int address_length); Connect is used to make UDP and TCP connections. After we have successfully created a socket(we need the socket file descriptor for connect()) we can make a connection, but not before we fill in the struct sockaddr_in. ------------------------------------------- int fd; struct sockaddr_in target; fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&target, '\0', sizeof(sockaddr_in)); target.sin_family = PF_INET; target.sin_port = htons(23); inet_aton("127.0.0.1", &target.sin_addr); connect(fd, &target, sizeof(struct sockaddr)); ------------------------------------------- First we declare an int to store the return value of socket(), next we declare a struct sockaddr_in. The reason we declare a struct sockaddr_in is connect takes a struct sockaddr value as one of it's arguements to fill this struct we use the corresponding protocol structure from /usr/include/netinet/in.h, ours being Internet. we open a socket which was explained before and store the return file descriptor value in fd. struct sockaddr_in is padded so it is the same size as sockaddr so we use memset to NULL out and fill the padded struct(man memset for more info). We now enter value for the members in this structure, target.sin_family, which is the protocol family again we want IPv4 Internet so we specify PF_INET. Next is target.sin_port, which is the port number we want to connect to. We use htons or host to network short which it stands for, the reason we use this is our host byte order is least significant byte first, the Internet use most significant byte first. For example for our address 127.0.0.1 the hex value would be 0x7f000001, most significant byte first would store it as 0x100000f7, thats an IP address though which is a long integer which we would use htonl for(host to network long) a port is a short int, between 0 and 65535, same idea smaller value. Next we use inet_aton to convert our IP address 127.0.0.1 from numbers and dots into binary and store it in a struct in_addr. Well we are lucky sockaddr_in(as declared in /usr/include/netinet/in.h) has a struct in_addr member, it is sin_addr. But since inet_ntoa is looking for a struct in_addr pointer we need to use the & symbol to store it in the address of, like a pointer points into an address. Now last but not least we are on connect. connect take 3 arguments the first being our opened socket, which we stored in fd so fd is our first argument, the second argument is a struct sockaddr *server_address. we use &target to simulate a pointer to our struct sockaddr_in which is a compatible struct with sockaddr, it is padded to be the same size, the last argument is the address length which is stored in struct sockaddr so we use a simple sizeof(struct sockaddr) to get that. connect() returns 0 on success, -1 on error. Simple Program to make a TCP connection to 127.0.0.1 port 23 ------------------------------------------------------------------------------- #include #include /* these next two are for socket() and connect() */ #include #include /* for struct sockaddr_in */ #include int main() { int fd; struct sockaddr_in target; /* this creates our TCP socket, and checks and see if it returns -1, if it does we print the error it recieved and exit the program, for UDP instead of SOCK_STREAM, use SOCK_DGRAM */ if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) { perror("Socket"); exit(-1); } memset(&target, '\0', sizeof(struct sockaddr_in)); target.sin_family = PF_INET; target.sin_port = htons(23); inet_ntoa("127.0.0.1", &target.sin_addr); /* we make our connect call and check and see if it fails if it does we print the error and exit */ if((connect(fd, &target, sizeof(struct sockaddr))) == -1) { perror("Connect"); exit(-1); } printf("Connection completed to 127.0.0.1 port 23\n"); /* close our socket file descriptor */ close(fd); return 0; } ------------------------------------------------------------------------------- Sending and Receiving Data -For TCP or UDP- send(int socket_file_descriptor, char what_to_send[], int message_length, int flags); recv(int socket_file_descriptor, char receive_buffer[], int buffer_size, int flags); -For UDP- sendto(int socket_file_descriptor, char what_to_send[], int message_length , int flags, struct sockaddr *to, int to_length); recvfrom(int socket_file_descriptor, char receive_buffer[], int buffer_size , int flags, struct sockaddr *from, int from_length); After we have established a TCP connection or a peer to peer UDP connection(UDP is a connectionless protocol but connect calls can be made using it, the sendto() and recvfrom() can be used without a connect call on UDP sockets), we can send and receive data across the connection using send and receive calls. Both a realativly easy to use, we plug in our already connected file descriptor as the first argument for both, next we supply a buffer or a message, both just storage variables one for sending in send() and one for receving in recv(). The third argument these differ in that send wants the message length while recv wants the buffer size, so for send we just do a strlen(message); to return the string length of the message and for receive we do a sizeof(buffer); to get ther size of our buffer. The last argument is if we want to use flags, we really shouldn't bother with these unless we have a specific intent, but if you want to know the flags can be found in the man pages for send and recv. Simple program to make connection to 127.0.0.1 port 80 and get the header for the web server root directory or main web page ------------------------------------------------------------------ #include #include /* these next two are for socket(), connect(), send(), recv()*/ #include #include /* for struct sockaddr_in */ #include int main() { int fd, bytes; char buffer[256], *message = "HEAD / HTTP/1.0\r\n\r\n"; struct sockaddr_in target; /* this creates our TCP socket, and checks and see if it returns -1 if it does we print the error it recieved and exit the program */ if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) { perror("Socket"); exit(-1); } memset(&target, '\0', sizeof(struct sockaddr_in)); target.sin_family = PF_INET; target.sin_port = htons(80); /* port 80 is HTTP port */ inet_ntoa("127.0.0.1", &target.sin_addr); /* we make our connect call and check and see if it fails if it does we print the error and exit */ if((connect(fd, &target, sizeof(struct sockaddr))) == -1) { perror("Connect"); exit(-1); } printf("Connection completed to 127.0.0.1 port 23\n"); printf("Sending %s\n", message); /* send our get request */ send(fd, message, strlen(message), 0); /* recv returns the number of bytes it receives on success we use this to NULL terminate our receive buffer array */ bytes = recv(fd, buffer, sizeof(buffer), 0); buffer[bytes] = '\0'; printf("We received:\n%s\n", buffer); /* close our socket file descriptor */ close(fd); return 0; } ------------------------------------------------------------------- Well thats all for now, maybe next KV issue I will go further in detail on the use of sockets we will see, but for now back to hacking out some code. -------------------------------------------------------------------------------- [Dallas Metroplex Wardriving Data]===========[Digital Ebola ] -------------------------------------------------------------------------------- Hi! Recently, I went out wardriving with some friends. We had a blast, and managed to actually get lost with a GPS in the car. I am not sure how we did that, but we did. The published results from walledcity.legions.org (my laptop) is below. The path we took (this isnt complete by any means, but its a good trail to follow) is Grapevine to I-635, I-635 to I-35, I-35 to Commerce Street, Commerce Street to I-75, I-75 to I-635 and back to Grapevine. For those that are not familiar with the area, please consult a map on Dallas, Texas, USA. =) All data here was grabbed with Kismet. I do not have the GPS data, because that was on another lappy. This data is current as of 6-22-2002. Network 1: "l33t" BSSID: "00:02:2D:00:12:27" Type : À¾ÿ¿¼¾ÿ¿` Sat Jun 22 20:30:48 2002 Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 4756 Data : 193 Crypt : 0 Weak : 0 Total : 4949 First : "Sat Jun 22 20:30:48 2002" Last : "Sat Jun 22 21:06:50 2002" Network 2: "etwireless" BSSID: "00:01:F4:ED:53:86" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 8 Data : 0 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 20:34:45 2002" Last : "Sat Jun 22 20:34:56 2002" Network 3: "etwireless" BSSID: "00:01:F4:ED:4F:2B" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:34:50 2002" Last : "Sat Jun 22 20:34:55 2002" Network 4: "" BSSID: "00:40:96:40:E5:B8" Type : infrastructure Info : "TX06_05_APc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 20:37:12 2002" Last : "Sat Jun 22 20:37:17 2002" Network 5: "" BSSID: "00:40:96:41:0E:E3" Type : infrastructure Info : "TX10_09_APc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 12 Data : 0 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 20:37:26 2002" Last : "Sat Jun 22 20:37:46 2002" Network 6: "" BSSID: "00:40:96:40:B5:0A" Type : infrastructure Info : "TX04_03_APe" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 17 Data : 0 Crypt : 0 Weak : 0 Total : 17 First : "Sat Jun 22 20:37:26 2002" Last : "Sat Jun 22 20:37:31 2002" Network 7: "" BSSID: "00:40:96:46:33:B3" Type : infrastructure Info : "TX10_GR_APc2" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 20:37:26 2002" Last : "Sat Jun 22 20:37:31 2002" Network 8: "" BSSID: "00:40:96:41:17:62" Type : infrastructure Info : "TX06_04_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 17 Data : 0 Crypt : 0 Weak : 0 Total : 17 First : "Sat Jun 22 20:37:28 2002" Last : "Sat Jun 22 20:37:32 2002" Network 9: "" BSSID: "00:06:25:50:AB:68" Type : infrastructure Info : "None" Channel : 08 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:37:28 2002" Last : "Sat Jun 22 20:37:28 2002" Network 10: "" BSSID: "00:40:96:42:0F:A4" Type : infrastructure Info : "TX06_03_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:37:29 2002" Last : "Sat Jun 22 20:37:31 2002" Network 11: "" BSSID: "00:40:96:41:58:23" Type : infrastructure Info : "TX10_02_APc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:37:30 2002" Last : "Sat Jun 22 20:37:35 2002" Network 12: "" BSSID: "00:40:96:41:56:B6" Type : infrastructure Info : "TX06_02_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:37:30 2002" Last : "Sat Jun 22 20:37:35 2002" Network 13: "" BSSID: "00:40:96:41:1F:AE" Type : infrastructure Info : "TX10_07_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 13 Data : 0 Crypt : 0 Weak : 0 Total : 13 First : "Sat Jun 22 20:37:35 2002" Last : "Sat Jun 22 20:37:50 2002" Network 14: "" BSSID: "00:40:96:41:0A:37" Type : infrastructure Info : "TX10_09_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 14 Data : 0 Crypt : 0 Weak : 0 Total : 14 First : "Sat Jun 22 20:37:42 2002" Last : "Sat Jun 22 20:37:50 2002" Network 15: "linksys" BSSID: "00:60:1D:23:E2:99" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 796 Data : 0 Crypt : 0 Weak : 0 Total : 796 First : "Sat Jun 22 20:38:29 2002" Last : "Sat Jun 22 20:39:49 2002" Network 16: "USIG_Boardroom" BSSID: "00:40:96:54:59:C1" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 9 Data : 0 Crypt : 0 Weak : 0 Total : 9 First : "Sat Jun 22 20:39:56 2002" Last : "Sat Jun 22 20:40:06 2002" Network 17: "w3y3rl355" BSSID: "00:40:96:54:EF:B7" Type : infrastructure Info : "AP5thFloor" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 35 Data : 0 Crypt : 0 Weak : 0 Total : 35 First : "Sat Jun 22 20:39:57 2002" Last : "Sat Jun 22 20:40:34 2002" Network 18: "USIG_Training" BSSID: "00:40:96:43:32:CF" Type : infrastructure Info : "AP340-4332cf" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:39:57 2002" Last : "Sat Jun 22 20:39:57 2002" Network 19: "USIG_Training" BSSID: "00:40:96:33:C5:81" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 20:39:58 2002" Last : "Sat Jun 22 20:39:58 2002" Network 20: "DTCAP1" BSSID: "00:30:AB:07:AE:47" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:40:01 2002" Last : "Sat Jun 22 20:40:04 2002" Network 21: "TogetherWeAre>" BSSID: "00:40:96:56:2B:0B" Type : infrastructure Info : "hctxap18b" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:40:15 2002" Last : "Sat Jun 22 20:40:24 2002" Network 22: "w3y3rl355" BSSID: "00:40:96:41:0B:CC" Type : infrastructure Info : "AP350-410bcc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 13 Data : 0 Crypt : 0 Weak : 0 Total : 13 First : "Sat Jun 22 20:40:20 2002" Last : "Sat Jun 22 20:40:29 2002" Network 23: "w3y3rl355" BSSID: "00:40:96:41:17:4A" Type : infrastructure Info : "AP2ndFloor" Channel : 08 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:40:21 2002" Last : "Sat Jun 22 20:40:23 2002" Network 24: "SYD-JEFF-WIRELESS" BSSID: "00:04:5A:0E:FE:03" Type : infrastructure Info : "None" Channel : 04 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:41:12 2002" Last : "Sat Jun 22 20:41:13 2002" Network 25: "" BSSID: "00:02:2D:08:ED:F0" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 111 Crypt : 0 Weak : 0 Total : 111 First : "Sat Jun 22 20:42:57 2002" Last : "Sat Jun 22 20:43:57 2002" Network 26: "" BSSID: "00:02:2D:04:BC:0A" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 5 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 20:45:23 2002" Last : "Sat Jun 22 20:45:23 2002" Network 27: "imc2" BSSID: "00:60:1D:F0:39:12" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:45:23 2002" Last : "Sat Jun 22 20:45:23 2002" Network 28: "imc2" BSSID: "00:02:2D:00:B6:D5" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 2 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 20:45:23 2002" Last : "Sat Jun 22 20:45:24 2002" Address found via UDP 10.100.0.0 Network 29: "" BSSID: "00:02:2D:04:BC:32" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 12 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 20:45:37 2002" Last : "Sat Jun 22 20:45:41 2002" Network 30: "INTERMEC" BSSID: "00:02:2D:50:42:99" Type : infrastructure Info : "None" Channel : 03 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:46:44 2002" Last : "Sat Jun 22 20:46:46 2002" Network 31: "INTERMEC" BSSID: "00:02:2D:50:42:8A" Type : infrastructure Info : "None" Channel : 03 WEP : "Yes" Maxrate : 11.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 20:46:46 2002" Last : "Sat Jun 22 20:46:50 2002" Network 32: "EPIX" BSSID: "00:50:DA:95:1E:AE" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:46:50 2002" Last : "Sat Jun 22 20:46:55 2002" Network 33: "TECHENABLERS" BSSID: "00:50:8B:99:14:E3" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:46:53 2002" Last : "Sat Jun 22 20:46:53 2002" Network 34: "" BSSID: "00:02:2D:1F:ED:91" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 3 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:47:27 2002" Last : "Sat Jun 22 20:47:32 2002" Network 35: "ATC" BSSID: "00:E0:03:04:2F:57" Type : infrastructure Info : "None" Channel : 04 WEP : "No" Maxrate : 2.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:47:41 2002" Last : "Sat Jun 22 20:47:46 2002" Network 36: "" BSSID: "00:40:96:39:F6:5E" Type : infrastructure Info : "OilSecNorth" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:48:11 2002" Last : "Sat Jun 22 20:48:11 2002" Network 37: "AMAZING" BSSID: "00:E0:03:04:2C:C1" Type : infrastructure Info : "None" Channel : 04 WEP : "No" Maxrate : 2.0 LLC : 60 Data : 0 Crypt : 0 Weak : 0 Total : 60 First : "Sat Jun 22 20:55:37 2002" Last : "Sat Jun 22 20:56:36 2002" Network 38: "OilSecNorth" BSSID: "00:40:96:3A:37:1A" Type : infrastructure Info : "TriState" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:56:39 2002" Last : "Sat Jun 22 20:57:38 2002" Network 39: "101" BSSID: "00:01:24:F0:66:68" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 8051 Data : 0 Crypt : 0 Weak : 0 Total : 8051 First : "Sat Jun 22 20:57:55 2002" Last : "Sat Jun 22 21:02:08 2002" Network 40: "" BSSID: "00:02:2D:00:64:A8" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 57 Crypt : 0 Weak : 0 Total : 57 First : "Sat Jun 22 20:57:55 2002" Last : "Sat Jun 22 20:58:31 2002" Network 41: "" BSSID: "00:02:2D:04:BB:DA" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 4 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:58:13 2002" Last : "Sat Jun 22 20:58:18 2002" Network 42: "" BSSID: "00:02:2D:04:C0:53" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 2 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 20:58:37 2002" Last : "Sat Jun 22 20:58:37 2002" Network 43: "" BSSID: "00:40:96:40:93:08" Type : infrastructure Info : "D3201W" Channel : 02 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:59:38 2002" Last : "Sat Jun 22 20:59:38 2002" Network 44: "HayBooNetAP" BSSID: "00:40:96:40:9C:58" Type : infrastructure Info : "D2701W" Channel : 03 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:01:24 2002" Last : "Sat Jun 22 21:01:24 2002" Network 45: "" BSSID: "00:07:EB:31:87:F0" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:01:28 2002" Last : "Sat Jun 22 21:01:28 2002" Network 46: "" BSSID: "00:20:E0:8A:7A:61" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:01:52 2002" Last : "Sat Jun 22 21:01:52 2002" Network 47: "Dwayne" BSSID: "00:40:96:48:D0:C9" Type : infrastructure Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:01:54 2002" Last : "Sat Jun 22 21:01:59 2002" Network 48: "47qt396b" BSSID: "00:02:2D:04:A0:25" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1180 Data : 0 Crypt : 0 Weak : 0 Total : 1180 First : "Sat Jun 22 21:02:00 2002" Last : "Sat Jun 22 21:03:35 2002" Network 49: "47qt396b" BSSID: "00:02:2D:07:D6:FB" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 47 Data : 0 Crypt : 0 Weak : 0 Total : 47 First : "Sat Jun 22 21:02:04 2002" Last : "Sat Jun 22 21:02:31 2002" Network 50: "" BSSID: "00:40:96:54:EC:58" Type : infrastructure Info : "csbew03b" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 16 Data : 0 Crypt : 0 Weak : 0 Total : 16 First : "Sat Jun 22 21:02:17 2002" Last : "Sat Jun 22 21:02:26 2002" Network 51: "" BSSID: "00:40:96:57:D0:0C" Type : infrastructure Info : "csbew02b" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 17 Data : 1 Crypt : 0 Weak : 0 Total : 18 First : "Sat Jun 22 21:02:17 2002" Last : "Sat Jun 22 21:02:31 2002" Network 52: "" BSSID: "00:40:96:32:AB:75" Type : infrastructure Info : "csbew03a" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 8 Data : 0 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 53: "" BSSID: "00:40:96:31:EA:BF" Type : infrastructure Info : "csbew04b" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 54: "" BSSID: "00:40:96:55:F4:72" Type : infrastructure Info : "csbew06c" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 55: "" BSSID: "00:40:96:32:B5:D7" Type : infrastructure Info : "csbew02a" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 11 Data : 0 Crypt : 0 Weak : 0 Total : 11 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:28 2002" Network 56: "" BSSID: "00:40:96:32:B6:80" Type : infrastructure Info : "csbew01a" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 11 Data : 1 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:31 2002" Network 57: "" BSSID: "00:40:96:32:F1:BE" Type : infrastructure Info : "csbew11a" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 58: "" BSSID: "00:40:96:32:95:94" Type : infrastructure Info : "csbew04a" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:02:22 2002" Last : "Sat Jun 22 21:02:27 2002" Network 59: "" BSSID: "00:40:96:32:0A:EE" Type : infrastructure Info : "csbew06a" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 12 Data : 0 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 21:02:22 2002" Last : "Sat Jun 22 21:02:36 2002" Network 60: "" BSSID: "00:40:96:34:59:93" Type : infrastructure Info : "csbew10a" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:02:22 2002" Last : "Sat Jun 22 21:02:27 2002" Network 61: "" BSSID: "00:40:96:37:F6:36" Type : infrastructure Info : "csbew12a" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:02:27 2002" Last : "Sat Jun 22 21:02:27 2002" Network 62: "linksys" BSSID: "00:04:5A:CF:B7:9F" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:02:35 2002" Last : "Sat Jun 22 21:02:35 2002" Network 63: "" BSSID: "00:60:1D:23:7A:B5" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 1272 Crypt : 0 Weak : 0 Total : 1272 First : "Sat Jun 22 21:02:49 2002" Last : "Sat Jun 22 21:21:35 2002" Network 64: "" BSSID: "00:40:96:45:B3:3A" Type : infrastructure Info : "bocxw15b" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 8 Data : 0 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 21:02:49 2002" Last : "Sat Jun 22 21:03:03 2002" Network 65: "1900 Elm" BSSID: "00:02:2D:3C:DC:97" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:02:53 2002" Last : "Sat Jun 22 21:02:54 2002" Network 66: "" BSSID: "00:40:96:40:A8:FE" Type : infrastructure Info : "bocxw20c" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 14 Data : 0 Crypt : 0 Weak : 0 Total : 14 First : "Sat Jun 22 21:02:53 2002" Last : "Sat Jun 22 21:21:53 2002" Network 67: "" BSSID: "00:40:96:54:BB:DC" Type : infrastructure Info : "bocxw16c" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:02:54 2002" Last : "Sat Jun 22 21:02:54 2002" Network 68: "Records AP" BSSID: "00:50:DA:F5:BA:A1" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:03:11 2002" Last : "Sat Jun 22 21:03:13 2002" Network 69: "" BSSID: "00:02:2D:1C:AC:1C" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 1 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:03:17 2002" Last : "Sat Jun 22 21:03:17 2002" Network 70: "Records AP" BSSID: "00:50:DA:F5:C1:5D" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:03:26 2002" Last : "Sat Jun 22 21:03:26 2002" Network 71: "pegasus" BSSID: "00:40:96:50:29:D8" Type : infrastructure Info : "AP350-5029d8" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1368 Data : 0 Crypt : 0 Weak : 0 Total : 1368 First : "Sat Jun 22 21:03:35 2002" Last : "Sat Jun 22 21:05:20 2002" Network 72: "FPX" BSSID: "00:02:2D:1F:65:C1" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 0.0 LLC : 145 Data : 0 Crypt : 0 Weak : 0 Total : 145 First : "Sat Jun 22 21:03:35 2002" Last : "Sat Jun 22 21:03:45 2002" Network 73: "default" BSSID: "00:40:05:DE:25:0E" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 28 Data : 62 Crypt : 0 Weak : 0 Total : 90 First : "Sat Jun 22 21:03:35 2002" Last : "Sat Jun 22 21:03:53 2002" Address found via ARP 10.0.1.26 Network 74: "" BSSID: "00:30:65:19:C8:E8" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:03:36 2002" Last : "Sat Jun 22 21:03:46 2002" Network 75: "linksys" BSSID: "00:03:2F:00:68:02" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:03:39 2002" Last : "Sat Jun 22 21:03:40 2002" Network 76: "" BSSID: "00:02:2D:04:89:20" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 10 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:03:39 2002" Last : "Sat Jun 22 21:03:44 2002" Network 77: "ideagroup" BSSID: "00:40:96:28:B6:C3" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:03:52 2002" Last : "Sat Jun 22 21:03:52 2002" Network 78: "Barnes and Roberts Airport" BSSID: "00:02:2D:08:EB:D6" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 0.0 LLC : 128 Data : 0 Crypt : 0 Weak : 0 Total : 128 First : "Sat Jun 22 21:05:20 2002" Last : "Sat Jun 22 21:05:34 2002" Network 79: "linksys" BSSID: "00:04:5A:D1:A4:5D" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 472 Data : 6 Crypt : 0 Weak : 0 Total : 478 First : "Sat Jun 22 21:05:25 2002" Last : "Sat Jun 22 21:05:55 2002" Address found via UDP 192.168.1.0 Network 80: "COX" BSSID: "00:30:AB:12:15:5D" Type : infrastructure Info : "None" Channel : 07 WEP : "No" Maxrate : 11.0 LLC : 7 Data : 1 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 21:05:37 2002" Last : "Sat Jun 22 21:05:41 2002" Network 81: "Black Eye Digital (Airport)" BSSID: "00:30:65:03:7A:60" Type : infrastructure Info : "None" Channel : 04 WEP : "Yes" Maxrate : 11.0 LLC : 201 Data : 0 Crypt : 0 Weak : 0 Total : 201 First : "Sat Jun 22 21:05:55 2002" Last : "Sat Jun 22 21:06:36 2002" Network 82: "linksys" BSSID: "00:03:2F:01:15:6F" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1269 Data : 58 Crypt : 0 Weak : 0 Total : 1327 First : "Sat Jun 22 21:05:56 2002" Last : "Sat Jun 22 21:07:19 2002" Address found via DHCP 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 Network 83: "bonita" BSSID: "00:06:25:60:40:83" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 13 Data : 0 Crypt : 0 Weak : 0 Total : 13 First : "Sat Jun 22 21:05:56 2002" Last : "Sat Jun 22 21:06:34 2002" Network 84: "Raygun Airport" BSSID: "00:02:2D:09:25:52" Type : infrastructure Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 14 Data : 0 Crypt : 0 Weak : 0 Total : 14 First : "Sat Jun 22 21:05:57 2002" Last : "Sat Jun 22 21:06:24 2002" Network 85: "linksys" BSSID: "00:06:25:51:76:A9" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 7 Data : 9 Crypt : 0 Weak : 0 Total : 16 First : "Sat Jun 22 21:06:47 2002" Last : "Sat Jun 22 21:06:49 2002" Network 86: "Apple Network 0fab34" BSSID: "00:02:2D:0F:AB:34" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1427 Data : 0 Crypt : 0 Weak : 0 Total : 1427 First : "Sat Jun 22 21:07:14 2002" Last : "Sat Jun 22 21:09:09 2002" Network 87: "" BSSID: "00:02:2D:01:48:2E" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 7 Crypt : 0 Weak : 0 Total : 7 First : "Sat Jun 22 21:07:37 2002" Last : "Sat Jun 22 21:21:35 2002" Network 88: "ugate" BSSID: "00:10:2B:01:1D:9A" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 10 Data : 0 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:08:30 2002" Last : "Sat Jun 22 21:20:19 2002" Network 89: "" BSSID: "00:02:2D:04:C2:6A" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 24 Crypt : 0 Weak : 0 Total : 24 First : "Sat Jun 22 21:08:55 2002" Last : "Sat Jun 22 21:20:26 2002" Network 90: "Zoom0333a1" BSSID: "00:40:36:01:87:4E" Type : ad-hoc Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:08:55 2002" Last : "Sat Jun 22 21:08:55 2002" Network 91: "ExpoPark" BSSID: "00:04:5A:0E:7A:E8" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 0.0 LLC : 538 Data : 0 Crypt : 0 Weak : 0 Total : 538 First : "Sat Jun 22 21:09:09 2002" Last : "Sat Jun 22 21:09:45 2002" Network 92: "linksys" BSSID: "00:04:5A:D2:7E:65" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 27005 Data : 0 Crypt : 0 Weak : 0 Total : 27005 First : "Sat Jun 22 21:09:41 2002" Last : "Sat Jun 22 21:43:23 2002" Network 93: "Apple Network 0959e9" BSSID: "00:02:2D:09:59:E9" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:20:30 2002" Last : "Sat Jun 22 21:20:30 2002" Network 94: "gfwirelesslan" BSSID: "00:06:25:53:5E:47" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:20:59 2002" Last : "Sat Jun 22 21:20:59 2002" Network 95: "" BSSID: "00:40:96:45:A6:B1" Type : infrastructure Info : "bocxw20b" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:21:35 2002" Last : "Sat Jun 22 21:21:35 2002" Network 96: "" BSSID: "00:40:96:54:81:6B" Type : infrastructure Info : "bocxw16b" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:21:54 2002" Last : "Sat Jun 22 21:21:54 2002" Network 97: "" BSSID: "00:02:2D:01:EF:FC" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 1 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:22:16 2002" Last : "Sat Jun 22 21:22:16 2002" Network 98: "TribalDDB-Mobile" BSSID: "00:A0:F8:43:39:D7" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:22:30 2002" Last : "Sat Jun 22 21:22:30 2002" Network 99: "101" BSSID: "00:04:5A:0E:51:06" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:22:48 2002" Last : "Sat Jun 22 21:22:48 2002" Network 100: "Trizec_Hahn_dallas3" BSSID: "00:40:96:25:8D:8D" Type : infrastructure Info : "Reniassance_3" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:23:33 2002" Last : "Sat Jun 22 21:23:34 2002" Network 101: "" BSSID: "00:40:96:41:62:D9" Type : infrastructure Info : "ACSDA5W82" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:23:47 2002" Last : "Sat Jun 22 21:23:47 2002" Network 102: "ACS_LEAP" BSSID: "00:40:96:41:E8:88" Type : infrastructure Info : "ACSDA5W83" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 7 Data : 0 Crypt : 0 Weak : 0 Total : 7 First : "Sat Jun 22 21:23:52 2002" Last : "Sat Jun 22 21:23:57 2002" Network 103: "sleepers" BSSID: "00:06:25:53:87:E9" Type : infrastructure Info : "None" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:24:11 2002" Last : "Sat Jun 22 21:24:11 2002" Network 104: "WaveLAN Network" BSSID: "00:60:1D:21:7D:89" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:24:11 2002" Last : "Sat Jun 22 21:24:11 2002" Address found via UDP 10.91.0.0 Network 105: "" BSSID: "00:02:2D:04:89:89" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 29 Crypt : 0 Weak : 0 Total : 29 First : "Sat Jun 22 21:25:56 2002" Last : "Sat Jun 22 21:26:01 2002" Network 106: "NorthPark" BSSID: "00:04:5A:0F:33:80" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:27:41 2002" Last : "Sat Jun 22 21:27:41 2002" Network 107: "linksys" BSSID: "00:06:25:50:3E:43" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:27:41 2002" Last : "Sat Jun 22 21:27:41 2002" Network 108: "TRG Airport Network" BSSID: "00:02:2D:06:21:06" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 5 Data : 5 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:28:03 2002" Last : "Sat Jun 22 21:28:13 2002" Network 109: "" BSSID: "00:40:96:51:EE:D6" Type : infrastructure Info : "lincoln-main" Channel : 05 WEP : "Yes" Maxrate : 11.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 21:28:07 2002" Last : "Sat Jun 22 21:28:39 2002" Network 110: "TRG Airport Network" BSSID: "00:60:1D:1E:E3:67" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:28:08 2002" Last : "Sat Jun 22 21:28:08 2002" Network 111: "TRG Airport Network" BSSID: "00:02:2D:06:20:F4" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:28:08 2002" Last : "Sat Jun 22 21:28:08 2002" Network 112: "RichardsI_LinkSys" BSSID: "00:06:25:51:66:BB" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:28:08 2002" Last : "Sat Jun 22 21:28:08 2002" Network 113: "TRG Airport Network" BSSID: "00:02:2D:0E:22:26" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:28:12 2002" Last : "Sat Jun 22 21:28:12 2002" Network 114: "" BSSID: "00:02:2D:01:93:3D" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 5 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 21:28:18 2002" Last : "Sat Jun 22 21:28:36 2002" Network 115: "" BSSID: "00:40:96:30:41:12" Type : infrastructure Info : "0675_wap1" Channel : 07 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:28:35 2002" Last : "Sat Jun 22 21:28:35 2002" Network 116: "" BSSID: "00:40:96:12:A9:86" Type : infrastructure Info : "AP4500E_12a986" Channel : 11 WEP : "Yes" Maxrate : 2.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 21:28:36 2002" Last : "Sat Jun 22 21:28:45 2002" Network 117: "WaveLAN Network" BSSID: "00:02:2D:2C:A0:6D" Type : infrastructure Info : "None" Channel : 10 WEP : "No" Maxrate : 11.0 LLC : 9 Data : 1 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:29:20 2002" Last : "Sat Jun 22 21:38:58 2002" Address found via ARP 10.245.119.0 Network 118: "" BSSID: "00:02:2D:0C:B2:63" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 3 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:29:22 2002" Last : "Sat Jun 22 21:39:26 2002" Network 119: "central" BSSID: "00:05:5D:DA:2B:50" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 0.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:29:26 2002" Last : "Sat Jun 22 21:29:26 2002" Network 120: "post" BSSID: "00:60:1D:F1:47:E0" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:29:31 2002" Last : "Sat Jun 22 21:38:04 2002" Network 121: "post" BSSID: "00:60:1D:F1:48:01" Type : infrastructure Info : "None" Channel : 09 WEP : "No" Maxrate : 11.0 LLC : 16 Data : 0 Crypt : 0 Weak : 0 Total : 16 First : "Sat Jun 22 21:37:53 2002" Last : "Sat Jun 22 21:39:33 2002" Network 122: "post" BSSID: "00:60:1D:F0:E0:5E" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 20 Data : 0 Crypt : 0 Weak : 0 Total : 20 First : "Sat Jun 22 21:37:54 2002" Last : "Sat Jun 22 21:38:35 2002" Network 123: "" BSSID: "00:02:2D:0C:AE:06" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 4 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:39:30 2002" Last : "Sat Jun 22 21:39:40 2002" Network 124: "whitelink" BSSID: "00:06:25:60:B4:E3" Type : infrastructure Info : "None" Channel : 07 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:39:41 2002" Last : "Sat Jun 22 21:39:41 2002" Network 125: "" BSSID: "00:02:2D:05:B8:E4" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 4 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:41:04 2002" Last : "Sat Jun 22 21:41:09 2002" Network 126: "" BSSID: "00:02:2D:01:DA:1E" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 2 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:41:09 2002" Last : "Sat Jun 22 21:41:18 2002" Network 127: "default" BSSID: "00:90:47:00:01:8C" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:42:46 2002" Last : "Sat Jun 22 21:42:47 2002" Network 128: "linksys" BSSID: "00:04:5A:CC:39:74" Type : infrastructure Info : "None" Channel : 10 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:42:51 2002" Last : "Sat Jun 22 21:42:55 2002" Network 129: "" BSSID: "00:02:2D:0C:B2:8E" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 2 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:43:06 2002" Last : "Sat Jun 22 21:43:06 2002" Network 130: "Apple Network 2e938b" BSSID: "00:02:2D:2E:93:8B" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 0.0 LLC : 3019 Data : 0 Crypt : 0 Weak : 0 Total : 3019 First : "Sat Jun 22 21:43:23 2002" Last : "Sat Jun 22 21:47:00 2002" Network 131: "" BSSID: "00:40:96:33:DC:8F" Type : infrastructure Info : "WA9900PCHR9166" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:43:55 2002" Last : "Sat Jun 22 21:44:04 2002" Network 132: "Trizec_Hahn_dallas3" BSSID: "00:40:96:26:4C:E8" Type : infrastructure Info : "Park_Central" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:43:57 2002" Last : "Sat Jun 22 21:43:57 2002" Network 133: "Fryer Family" BSSID: "00:02:2D:09:46:DC" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:44:27 2002" Last : "Sat Jun 22 21:44:27 2002" Network 134: "" BSSID: "00:02:2D:3C:AC:E4" Type : infrastructure Info : "None" Channel : 10 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:45:26 2002" Last : "Sat Jun 22 21:45:26 2002" Network 135: "" BSSID: "00:02:2D:04:28:97" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 230 Crypt : 0 Weak : 0 Total : 230 First : "Sat Jun 22 21:45:54 2002" Last : "Sat Jun 22 21:46:59 2002" Network 136: "" BSSID: "00:E0:63:50:0C:31" Type : infrastructure Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:46:13 2002" Last : "Sat Jun 22 21:46:13 2002" Network 137: "" BSSID: "00:60:1D:1E:51:74" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 65 Crypt : 0 Weak : 0 Total : 65 First : "Sat Jun 22 21:46:31 2002" Last : "Sat Jun 22 21:46:59 2002" Network 138: "Trizec_Hahn_dallas2" BSSID: "00:40:96:30:47:A0" Type : infrastructure Info : "Galleria" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:46:32 2002" Last : "Sat Jun 22 21:46:36 2002" Network 139: "" BSSID: "00:60:1D:1E:51:EF" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 3 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:46:46 2002" Last : "Sat Jun 22 21:47:00 2002" Network 140: "WLAN" BSSID: "00:04:E2:0E:6D:79" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:46:55 2002" Last : "Sat Jun 22 21:46:59 2002" -------------------------------------------------------------------------------- [Seattle Wardriving Data]=============================[pr00f ] -------------------------------------------------------------------------------- SSID MAC Address Chan WEP Address (Method) GPS Location (Est.) -------------------------------------------------------------------------------- RAINBOW 00:50:8B:99:2B:82 6 Y sadness 00:04:5A:D8:25:53 6 Y 47.6601 -122.3301 linksys 00:03:2F:03:16:55 6 Y 47.6597 -122.3290 linksys 00:04:5A:FD:B5:FB 6 Y 47.6598 -122.3316 linksys 00:04:5A:EB:9D:5D 6 Y linksys 00:04:5A:D2:67:55 6 N linksys 00:04:5A:CF:95:DB 6 N linksys 00:04:5A:2D:DD:1D 6 N 192.168.1.0 (UDP) 47.6592 -122.3338 linksys 00:04:5A:D2:14:6B 6 N 192.168.1.0 (UDP) linksys 00:06:25:53:23:EA 6 N 192.168.1.0 (UDP) 47.6608 -122.3337 celia 00:05:5D:ED:23:EC 9 N 192.168.2.0 (UDP) 47.6598 -122.3301 paul 00:02:2D:31:B6:8B 1 Y default 00:50:18:08:8D:A8 6 Y default 00:50:18:05:0C:22 6 N default 00:01:24:F0:33:55 6 N default 00:01:24:F1:6C:14 6 N default 00:30:AB:06:5D:CC N/A N default 00:10:E7:F5:12:CC 6 N 192.168.0.0 (UDP) 47.6609 -122.3298 default 00:50:18:06:82:1A 6 N 192.168.123.0 (UDP) willardx 00:04:5A:2E:3E:AD 6 N 10.0.0.0 (ARP) 47.6605 -122.3292 wireless 00:02:B3:A5:BD:54 10 N 192.168.2.0 (ARP) 47.6594 -122.3326 Wireless 00:30:AB:0C:36:17 1 N 47.6588 -122.3292 IEEE 00:90:96:21:99:25 6 N 10.134.216.0 (ARP) appledoorn00:02:2D:3C:DE:6B 1 N 47.6614 -122.3291 Bigfoot 00:30:65:1C:7B:6C 1 Y