Have you ever found an open network and tried to connect, only to find that it connects with a nice signal but you don’t get an IP address.
Whatever you try you just can’t get any traffic onto the Internet even though you’re connected?
Well the reason normally is that the Wireless access point you are trying to connect to is not using any encryption, but instead is using MAC filtering.
Read on to see how to get round this and connect to the Access Point.
Basically your computer talks to the wireless router by sending small packets of data. After each packet is sent to the router a reply is sent to confirm it has successfully received the data, if not it’s sent again.
All this happens extremely fast, we are talking within milli seconds here. The device receiving the data (computer or router) needs to know which device it came from. Think about it, if you have more than one device on the network the packets would get all messed up and the data packets would get delivered to the wrong device!
The way to stop this happening is to give everything that connects to a network a unique number, this is called a MAC address (At this low level IP addresses are not used).
That stands for Media Access Control an example is 01:23:45:67:89:ab. Every packet sent contains this data so that it knows where to go. (This is important for hacking as you will see later)
I hope you got that so far, basically all devices on a network have a MAC address and that way the packets of data get sent to the correct place. That’s great but what about if you want to stop computers using your wireless connection.
You don’t want you neighbors downloading god knows what and pushing up your monthly usage limit that your ISP might enforce. You could also be charged with downloading films or music and it wasn’t even you!
So one way to protect your wireless network is MAC address filtering, it’s simple (just totally useless). The idea is to tell the wireless router only allow MAC address you have approved. In theory this is supposed to stop all other devices connecting to your wireless network.
Well…. that’s the idea BUT there’s a really big security problem with this, let me try to explain.
The way around this is to obviously change your computers MAC address to match one that’s been allowed. But how do you know the MAC addresses that have been approved when you have no access to the approved list ?
Remember I said that every network packet has the MAC number in it from the transmitting device. Because of that, you can use software to “Sniff” the wireless packets and see the MAC addresses (amongst other things). Then you just need to set your MAC address the same as one that’s been allowed by the wireless router.
The Sniffing software will tell you the MAC addresses of all the computers connected to the network. Next change your MAC address to a MAC address that’s currently on the network. That’s it !! Bingo (as Steve Jobs says) you’re in … How insecure is that!!
- Sniff network traffic
- Find MAC addresses on that network
- Change your MAC address to match one on the target network.
- Connect to the wireless network (while the owner thinks they are safe)
Wireless sniffing software for a Apple Mac use Kismac.
In the following screen shot, you can see that the encryption is “disabled” and the righthand window pane shows two computers connected to the MAC filtered network.
You need to set your computer to one of these MAC addresses.
To change your MAC address on an Apple Mac OSX 10.4.10 use the following commands in the terminal window:
sudo ifconfig en1 ether aa:bb:cc:dd:ee:ff (if you’re you using Leopard or Snow Leopard you need to have your wireless connection in the searching mode to make the mac address change. e.g. don’t be connected to a network but don’t switch off the AirPort)
Or try SpoofMAC
Oh and it’s probably illegal and not allowed, so don’t do it you naughty people !