Home > Store

Wi-Foo: The Secrets of Wireless Hacking

Register your product to gain access to bonus material or receive a coupon.

Wi-Foo: The Secrets of Wireless Hacking


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2004
  • Dimensions: 7" x 9-1/4"
  • Pages: 592
  • Edition: 1st
  • Book
  • ISBN-10: 0-321-20217-1
  • ISBN-13: 978-0-321-20217-8

"This is an excellent book. It contains the 'in the trenches' coverage that the enterprise administrator needs to know to deploy wireless networks securely." --Robert Haskins, Chief Technology Officer, ZipLink Wi-Foo: The Secrets of Wireless Hacking is the first practical and realistic book about 802.11 network penetration testing and hardening. Unlike other books, it is based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and finishing with how to choose the optimal encryption ciphers for the particular network you are trying to protect.

Sample Content

Online Sample Chapter

Wireless Hacking: Breaking Through

Downloadable Sample Chapter

Download the Sample Chapter related to this title.

Table of Contents


1. Real World Wireless Security.

    Why Do We Concentrate on 802.11 Security?

    Getting a Grip on Reality: Wide Open 802.11 Networks Around Us.

    The Future of 802.11 Security: Is It as Bright as It Seems?


2. Under Siege.

    Why Are “They” After Your Wireless Network?

    Wireless Crackers: Who Are They?

   Corporations, Small Companies, and Home Users: Targets Acquired.

    Target Yourself: Penetration Testing as Your First Line of Defense.


3. Putting the Gear Together: 802.11 Hardware.

    PDAs Versus Laptops.

    PCMCIA and CF Wireless Cards.

      Selecting or Assessing Your Wireless Client Card Chipset.

        Prism Chipset.

        Cisco Aironet Chipset.

        Hermes Chipset.

        Symbol Chipset.

        Atheros Chipset.

        ADM8211 Chipset.

      Other Chipsets That Are Common in Later Models of 802.11-Compatible Devices.

      Selecting or Assessing Your Wireless Client Card RF Characteristics.


    RF Amplifiers.

    RF Cables and Connectors.


4. Making the Engine Run: 802.11 Drivers and Utilities.

    Operating System, Open Source, and Closed Source.

    The Engine: Chipsets, Drivers, and Commands.

      Making Your Client Card Work with Linux and BSD.

    Getting Used to Efficient Wireless Interface Configuration.

      Linux Wireless Extensions.

      Linux-wlan-ng Utilities.

      Cisco Aironet Configuration.

     Configuring Wireless Client Cards on BSD Systems.


5. Learning to WarDrive: Network Mapping and Site Surveying.

    Active Scanning in Wireless Network Discovery.

    Monitor Mode Network Discovery and Traffic Analysis Tools.


        Kismet and GpsDrive Integration.







      Miscellaneous Command—Line Scripts and Utilities.

      BSD Tools for Wireless Network Discovery and Traffic Logging.

    Tools That Use the iwlist scan Command.

     RF Signal Strength Monitoring Tools.


6. Assembling the Arsenal: Tools of the Trade.

    Encryption Cracking Tools.

      WEP Crackers.






      Tools to Retrieve WEP Keys Stored on the Client Hosts.

      Traffic Injection Tools Used to Accelerate WEP Cracking.

      802.1x Cracking Tools.

        Asleap-imp and Leap.


    Wireless Frame-Generating Tools.







    Wireless Encrypted Traffic Injection Tools: Wepwedgie.

    Access Point Management Utilities.


7. Planning the Attack.

    The “Rig”.

    Network Footprinting.

    Site Survey Considerations and Planning.

    Proper Attack Timing and Battery Power Preservation.

    Stealth Issues in Wireless Penetration Testing.

    An Attack Sequence Walk-Through.


8. Breaking Through.

    The Easiest Way to Get in.

     A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering.

    Picking a Trivial Lock: Various Means of Cracking WEP.

      WEP Brute-Forcing.

      The FMS Attack.

      An Improved FMS Attack.

    Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking.

    Field Observations in WEP Cracking.

    Cracking TKIP: The New Menace.

    The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment.

      DIY: Rogue Access Points and Wireless Bridges for Penetration Testing.

      Hit or Miss: Physical Layer Man-in-the-Middle Attacks.

      Phishing in the Air: Man-in-the-Middle Attacks Combined.

    Breaking the Secure Safe.

      Crashing the Doors: Authentication Systems Attacks.

      Tapping the Tunnels: Attacks Against VPNs.

    The Last Resort: Wireless DoS Attacks.

      1. Physical Layer Attacks or Jamming.

      2. Spoofed Deassociation and Deauthentication Frames Floods.

      3. Spoofed Malformed Authentication Frame Attack.

      4. Filling Up the Access Point Association and Authentication Buffers.

      5. Frame Deletion Attack.

      6. DoS Attacks Based on Specific Wireless Network Settings.

      7. Attacks Against 802.11i Implementations.


9. Looting and Pillaging: The Enemy Inside.

    Step 1: Analyze the Network Traffic.

      802.11 Frames.

      Plaintext Data Transmission and Authentication Protocols.

      Network Protocols with Known Insecurities.

      DHCP, Routing, and Gateway Resilience Protocols.

      Syslog and NTP Traffic.

      Protocols That Shouldn’t Be There.

    Step 2: Associate to WLAN and Detect Sniffers.

    Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting.

    Step 4: Scan and Exploit Vulnerable Hosts on WLAN.

    Step 5: Take the Attack to the Wired Side.

    Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules.


10. Building the Citadel: An Introduction to Wireless LAN Defense.

    Wireless Security Policy: The Cornerstone.

      1. Device Acceptability, Registration, Update, and Monitoring.

      2. User Education and Responsibility.

      3. Physical Security.

      4. Physical Layer Security.

      5. Network Deployment and Positioning.

      6. Security Countermeasures.

      7. Network Monitoring and Incident Response.

      8. Network Security and Stability Audits.

    Layer 1 Wireless Security Basics.

    The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding.

    Secure Wireless Network Positioning and VLANs.

      Using Cisco Catalyst Switches and Aironet Access Points to Optimize Secure Wireless Network Design.

    Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway.

    Proprietary Improvements to WEP and WEP Usage.

    802.11i Wireless Security Standard and WPA: The New Hope.

      Introducing the Sentinel: 802.1x.

      Patching the Major Hole: TKIP and CCMP.


11. Introduction to Applied Cryptography:Symmetric Ciphers.

    Introduction to Applied Cryptography and Steganography.

    Modern-Day Cipher Structure and Operation Modes.

      A Classical Example: Dissecting DES.

      Kerckhoff’s Rule and Cipher Secrecy.

      The 802.11i Primer: A Cipher to Help Another Cipher.

      There Is More to a Cipher Than the Cipher: Understanding Cipher Operation Modes.

    Bit by Bit: Streaming Ciphers and Wireless Security.

    The Quest for AES.

      AES (Rijndael).





     Between DES and AES: Common Ciphers of the Transition Period.




    Selecting a Symmetric Cipher for Your Networking or Programming Needs.


12. Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms.

    Cryptographic Hash Functions.

    Dissecting an Example Standard One-Way Hash Function.

    Hash Functions, Their Performance, and HMACs.

      MIC: Weaker But Faster.

      Asymmetric Cryptography: A Different Animal.

       The Examples of Asymmetric Ciphers: ElGamal, RSA, and Elliptic Curves.

      Practical Use of Asymmetric Cryptography: Key Distribution, Authentication, and Digital Signatures.


13. The Fortress Gates: User Authentication in Wireless Security.


      Basics of AAA Framework.




      An Overview of the RADIUS Protocol.

      RADIUS Features.

      Packet Formats.

      Packet Types.

    Installation of FreeRADIUS.







    User Accounting.

    RADIUS Vulnerabilities.

      Response Authenticator Attack.

      Password Attribute-Based Shared Secret Attack.

      User Password-Based Attack.

      Request Authenticator-Based Attacks.

      Replay of Server Responses.

      Shared Secret Issues.

    RADIUS-Related Tools.

    802.1x: The Gates to Your Wireless Fortress.

      Basics of EAP-TLS.

          Packet Format.

            Creating Certificates.

      FreeRADIUS Integration.





        Windows 2000 and Windows XP.

      An Example of Access Point Configuration: Orinoco AP-2000.



        What Is a Directory Service?

        What Is LDAP?

        How Does LDAP Work?

      Installation of OpenLDAP.

        Satisfying Dependencies.

      Configuration of OpenLDAP.

      Testing LDAP.

      Populating the LDAP Database.

      Centralizing Authentication with LDAP.

      Mobile Users and LDAP.

      LDAP-Related Tools.

        Directory Administrator.



        LDAP Tool.

    NoCat: An Alternative Method of Wireless User Authentication.

       Installation and Configuration of NoCat Gateway.

      Installation and Configuration of Authentication Server.


14. Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs.

    Why You Might Want to Deploy a VPN.

    VPN Topologies Review: The Wireless Perspective.






    Common VPN and Tunneling Protocols.





    Alternative VPN Implementations.




    The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview.

      Security Associations.



      IP Compression.

      IPSec Key Exchange and Management Protocol.


        Phase 1 Modes of Operation.

        Phase 2 Mode of Operation.

      Perfect Forward Secrecy.

      Dead Peer Discovery.

      IPSec Road Warrior.

      Opportunistic Encryption.

    Deploying Affordable IPSec VPNs with FreeS/WAN.

      FreeS/WAN Compilation.

      FreeS/WAN Configuration.

        Key Generation.

        X.509 Certificate Generation.

        Ipsec.conf Organization.

      Network-to-Network VPN Topology Setting.

      Host-to-Network VPN Topology Setting.

      Windows 2000 Client Setup.

      Windows 2000 IPSec Client Configuration.


15. Counterintelligence: Wireless IDS Systems.

    Categorizing Suspicious Events on WLANs.

      1. RF/Physical Layer Events.

      2. Management/Control Frames Events.

      3. 802.1x/EAP Frames Events.

      4. WEP-Related Events.

      5. General Connectivity/Traffic Flow Events.

      6. Miscellaneous Events.

    Examples and Analysis of Common Wireless Attack Signatures.

    Radars Up! Deploying a Wireless IDS Solution for Your WLAN.

      Commercial Wireless IDS Systems.

      Open Source Wireless IDS Settings and Configuration.

      A Few Recommendations for DIY Wireless IDS Sensor Construction.



Appendix A. Decibel—Watts Conversion Table.

Appendix B. 802.11 Wireless Equipment.

Appendix C. Antenna Irradiation Patterns.




Appendix D. Wireless Utilities Manpages.

    1. Iwconfig.

    2. Iwpriv.

    3. Iwlist.

    4. Wicontrol.

    5. Ancontrol.

Appendix E. Signal Loss for Obstacle Types .

Appendix F. Warchalking Signs.

    Original Signs.

    Proposed New Signs.

Appendix G. Wireless Penetration Testing Template.

    Arhont Ltd Wireless Network Security and Stability Audit Checklist Template.

    1 Reasons for an audit.

    2 Preliminary investigations.

    3 Wireless site survey.

    4 Network security features present.

    5 Network problems / anomalies detected.

    6 Wireless penetration testing procedure .

    7 Final recommendations.

Appendix H. Default SSIDs for Several Common 802.11 Products.





Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020