I recently had the opportunity to try out Linux Mint, a new linux distribution aimed at capturing desktop user share from Microsoft. Linux Mint is a Ubuntu (debian) based distribution with some interesting user interface improvements, a few notable additions, and some closed source files that Ubuntu doesn’t ship with. I know first hand that when my windows user friends come over and use my laptop to check their email, they are often taken aback by the graphical user interface differences between linux and windows.

Where Linux Mint Excels:

1. A User Friendly Interface

I know first hand that when my windows user friends come over and use my laptop to check their email, they are often taken aback by the graphical user interface differences between linux and windows. In windows everyone knows that the start key is on the bottom left hand side of the screen. In a typical Gnome-based Ubuntu distribution of course it defaults to the top left and doesn’t even appear as an obvious button. Windows users don’t know what the hell they are looking at. Linux Mint gets around this by removing the top bar and putting the ‘start’ (or program access) key at the bottom left of the screen. Where Ubuntu drops the ball, Linux Mint does a fairly good job of avoiding confusion for windows users.

As you can see from the screenshot the start button is not quite as obvious as a windows XP or Vista start key with the highly identifiable Microsoft logo, but a good deal more intuitive than a typical Gnome desktop.

2. The Start Menu

The start menu looks just like Windows XP/Vista. Menu items are grouped in a logical manner consistent with the average desktop user’s experience.

3. The Control Panel

One of the most daunting things to a brand new-to-linux user is finding the locations of all the individual component-specific control panels. We have a font control a display control, a desktop control, an accessibility, a network, and countless other controls typically listed in the drop down menu under the system tab when Microsoft has them all neatly located in a ‘Control Panel’ dialog box. Linux Mint organizes them in a nicely organized intuitive display as well:

4. Graphics Card Support

Mint ships with a nice little installer called ‘Envy’ for installing non-free video drivers from ATI and Nvidia. Unfortunately my graphics card on my laptop is an ATI radeon mobility which uses the standard driver so I was unable to test it out. In addition since my graphics card is so pathetically old I am unable to use the Open GL Beryl desktop. Mine defaulted to the standard gnome. However, it does come bundled with beryl and emerald. Here is a picture of some Emerald window decorations you can choose from:

5. Wifi Support

Strangely my wireless adapter (which uses the fairly standard atheros chipset) didn’t work with the live cd version of Mint, but once I installed it to my drive it worked without a hitch. For unsupported wireless adapters, Mint comes with a handy NDIS wrapper installer so you can just insert your wireless card’s install disk, browse to it and install it for use in Mint.

6. MintDisk: NTFS read/write and drive mounting out of the box

Mint disk is a handy little tool that automatically mounts ntfs partitions – and not with the typical read only access that you get from a vanilla ubuntu install. Worked perfectly for me and could work hand in glove with ndiswrapper to install windows wireless ethernet drivers on dual boot machines.

I have only had a couple of hours to play with it so I expect to have a lot more to say in part 2.

By now most people have heard of the open source PBX Asterisk and what it can do, but how does this translate into savings for your small business? I have written this brief HOWTO to show how it has saved my company over $500 per month by leveraging the synergy of open source software and VOIP.

Why use VOIP?

The cost savings from using VOIP (Voice Over IP) over the traditional PSTN (public switched telephone network) are tremendous. By eliminating the need for using traditional phone companies expensive infrastructure (a switched phone line originating at your office and terminating at your customer’s), a small business can completely eliminate the need to pay per-minute long distance fees and outrageous access charges levied by Ma Bell to use their antiquated telephone network.

Why use Asterisk?

Anyone that has started up a new business office knows behind labor and their leased space, phones often rank third. For one you must buy or lease a PBX (personal branch exchange) from a company like Avaya. On top of the lease for equipment you pay for the actual lines and usage charges for local and long distance calls. If your business has a high call volume you could easily be paying a small fortune. Asterisk was created by Mark Spencer the CTO of Digium and is licensed under the GPL which has attracted lots of third party add ons that increase its functionality. What does this mean for the small business owner? No software licensing fees, no hardware leasing and the power of a fully functional pbx with robust features built for voip.

This sounds great! How do I start saving money with Asterisk?

THE GAMEPLAN

There are a few steps that we must take in order to get started with our new high tech phone system.

1. Choose a VOIP provider
2. Choose a broadband internet provider (DSL/T1)
3. Purchase a computer to install Asterisk on
4. Install Asterisk
5. Purchase Phones
6. Configure Asterisk to Communicate with Provider

Choosing a VOIP Provider

For my new office we chose Inphonex. They offer unlimited 1-800 calling plans which was very important to us as we have a high inbound call volume and have to offer an 800 number. Inphonex is Asterisk-Friendly, and was the only business class service that offered an unlimited 800 plan. They are based out of Miami and have written a HOWTO on how to setup asterisk servers to connect to their service as well. After three months I haven’t experienced any down time with their service.

There are a few other providers I considered such as Teliax,Telasip, viatalk. Perhaps someone could post in comments about their service or others?

Choosing A Broadband Provider

When choosing a broadband provider there are several considerations to take into account. The most important is the number of phones your company will require along with the compression codecs the provider supports. My new office requires only 4 phones at the moment. There are several bandwidth calculators that can guide you through your selection of required ip bandwidth and codec selection. A quick check of the Inphonex website shows what codecs they supports. They offer support for several codecs including G.723, G.729a, G.726 ulaw and alaw. This provides you with some compression options in case you need several lines over a DSL line.

Building Your Server

I built a bare bones computer by purchasing a case, motherboard, cpu, hard drive and network card at NewEgg. Any old computer will do, but starting on a fresh machine ensures to some degree that components will work for some time to come. Since this machine isn’t running any Microsoft bloatware, the machine doesn’t really need to be a supercomputer. My computer cost a total of $200. One of the advantages of running it on a linux server is that you can SSH into the machine remotely and manage it or you can access the web enabled GUI. I am using trixbox which comes with FreePBX already installed which makes managing your asterisk server easy even if you’ve never used linux or SSH before.

Installing Asterisk

I have installed asterisk on several different linux distros but the easiest way to get asterisk up and running on a dedicated server is to download trixbox. Trixbox is basically a linux distribution that grew out of the Asterisk At Home distribution of a few years back. Trixbox uses a database back end to store configuration values but other than that it is very similar to a typical Asterisk server compiled from the vanilla source. Trixbox also bundles in several features including an apache server, mysql database, FreePBX web based management, HUD, flash operator panel, and community based forums that are very helpful in solving configuration issues.

You will need to:

• Download an ISO image
• Read the quick start guide
• Read Inphonex’s configuration guide for trixbox
• Refer to the trixbox forums for help

Choosing Your Phones

I settled on GPX-2000 phones from Grandstream. I bought them from 888voipstore and everything went very smoothly and I got a very reasonable price. I paid $78.95 per phone for phones with every feature I could want. Configuring them to work with my Asterisk server was extremely easy as well. Grandstream phones come with a web based GUI:

Basically you only have to enter in the LAN/IP address of your asterisk box as your sip server and your phone works. Of course you still have to set up an extension on your asterisk box as well. Navigate in FreePBX to Settings-> Extensions and set up an extension number and choose a password like this:

Configure Asterisk for Inphonex

Inphonex is an asterisk friendly provider. Conveniently they have a simple configuration guide to setting up trixbox to work with their service. My working configuration is here:

allow=ulaw
canreinvite=yes
context=from-inphonex
disallow=all
fromdomain=sip.inphonex.com
fromuser=[myusernumber]
host=sip.inphonex.com
insecure=very
nat=yes
pedantic=no
qualify=yes
secret=[mypassword]
type=peer
username=[myusernumber]

My Register String:

For further help you can always search the trixbox forums or contact Inphonex’s support.

Here are some highlights from the article:

• Enable the highest level of WEP that your hardware provides. WEP provides some security and is effective in deterring casual attempts by outsiders to infiltrate your network. Most 802.11b certified products can use basic 64-bit WEP encryption. By default, however, 64-bit WEP encryption may be disabled.

That alone ought to eat up about 15 seconds of a wifi hackers time.

• Change the default Service Set Identifier (SSID) and passwords for your network devices. Access points/wireless routers ship from the manufacturer with default SSID and passwords which is the same on all devices made by that manufacturer. Leaving these at default makes it easy for a malicious outsider to gain access.

That would actually be good advice if they were coupling it with WPA encryption. Kismet can sniff out an ssid even when it’s not “broadcast”.

• Purchase access points and network adapters that support 128-bit WEP. Some products only support 64-bit (40 bit key) WEP, and are not as secure. Note that some adapters may only require a driver upgrade to attain 128-bit WEP capability.

Brilliant.

• Some access points allow you to control access based on the media access control address of the network adapter trying to associate with it. If the media access control address of your adapter is not in the table of the access point, you will not associate with it. If your access point has this feature, enable it and add the media access control addresses of the network adapters you use.

Your wireless adapter’s MAC address is broadcast constantly. Kismet or Kismac picks it up in a heartbeat. Spoofing your mac address might be a little harder in windows, but it’s a snap on the mac or linux. You can use ifconfig or macchanger and many other simple scripts.

So how should you secure your home wireless network? Well the home user should obviously ditch WEP for WPA. WPA uses a much stronger encryption technique. It can be cracked with a brute force attack but if you name your SSID with a long obscure name and use a sufficient passkey it will be very difficult for a hacker to compromise your network. The reason this is more effective is that the encrypted key is computed by using the SSID (broadcast name) of the router AND the passkey itself. For this reason WPA is not very secure unless you randomize your SSID by changing it from the default setting, ie linksys, default, belkin etc, AND use a random password generator (A good one is available here) you are fooling yourself.

This tutorial is intended for user’s with little or no experience with linux or wifi. The folks over at remote-exploit have released “Backtrack” a tool which makes it ridiculously easy to access any network secured by WEP encryption. This tutorial aims to guide you through the process of using it effectively.

Required Tools

• You will need a computer with a wireless adapter listed here
• Download Backtrack and burn it’s image to a CD

B. OVERVIEW

BACKTRACK is a bootable live cd with a myriad of wireless and tcp/ip networking tools. This tutorial will only cover the included kismet and aircrack-ng suite of tools.

Tools Overview

• Kismet – a wireless network detector and packet sniffer
• airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)
• airodump – a tool for capturing packets from a wireless router (otherwise known as an AP)
• aireplay – a tool for forging ARP requests
• aircrack – a tool for decrypting WEP keys
• iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP requests to the target router
• macchanger – a tool that allows you to view and/or spoof (fake) your MAC address

Glossary of Terms

• AP: Access Point: a wireless router
• MAC Address: Media Access Control address, a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a)
• BSSID: Access Point’s MAC address
• ESSID: Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name but Kismet may be able to detect it anyway
• TERMINAL: MS-Dos like command line interface. You can open this by clicking the black box icon next to the start key in backtrack
• WEP: short for Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
• WPA: short for WiFi Protected Access. a more secure protocal than WEP for wireless networks. NOTE: this tutorial does not cover cracking WPA encryption

Since Backtrack is a live CD running off your cdrom, there is nowhere that you can write files to unless you have a linux partition on your hard drive or a usb storage device. Backtrack has some NTFS support so you will be able to browse to your windows based hard drive should you have one, but it will mount the partition as “read-only”. I dual boot windows and ubuntu on my laptop so I already have a linux swap partition and a reiserfs partition. Backtrack had no problem detecting these and mounting them for me. To find your hard drive or usb storage device, just browse to the /mnt folder in the file manager. Typically a hard drive will appear named something like hda1 or hda2 if you have more than one partition on the drive. Alternately hdb1 could show if you have more than one hard disk. Having somewhere to write files that you can access in case you need to reboot makes the whole process a little easier.

C. DISCLAIMER

Hacking into someone’s wireless network without permission is probably against the law. I wouldn’t recommend doing it. I didn’t break into anyone else’s network while learning how to do this.

D. IMPLEMENTATION

STEP 1

Monitoring Wireless Traffic With Kismet

Place the backtrack CD into your cd-rom drive and boot into Backtrack. You may need to change a setting in your bios to boot from cd rom. During boot up you should see a message like “Hit ctrl+esc to change bios settings”. Changing your first boot device to cdrom will do the trick. Once booted into linux, login as root with username: root password: toor. These are the default username and password used by backtrack. A command prompt will appear. Type startx to start KDE (a ‘windows’ like workspace for linux).

Once KDE is up and running start kismet by clicking on the start key and browsing to Backtrack->Wireless Tools -> Analyzers ->Kismet. Alternatively you can open a Terminal and type:

kismet

Kismet will start running and may prompt you for your wireless adapter. Choose the appropriate adapter, most likely ‘ath0′, and sit back as kismet starts detecting networks in range.

NOTE: We use kismet for two reasons.

1. To find the bssid, essid, and channel number of the AP you are accessing.
2. Kismet automatically puts your wireless adapter into monitor mode (rfmon). It does this by creating a VAP (virtual access point?) or in other words, instead of only having ath0 as my wireless card it creates a virtual wifi0 and puts ath0 into monitor mode automatically. To find out your device’s name just type:

iwconfig

Which will look something like this:

While kismet detects networks and various clients accessing those networks you might want to type ‘s’ and then ‘Q’ (case sensitive). This sorts all of the AP’s in your area by their signal strength. The default ‘autofit’ mode that kismet starts up in doesn’t allow you much flexibility. By sorting AP’s by signal strength you can scroll through the list with the arrow keys and hit enter on any AP you want more information on. (side note: when selecting target AP keep in mind this tutorial only covers accessing host AP’s that use WEP encryption. In kismet the flags for encryption are Y/N/0. Y=WEP N=Open Network- no encryption 0= other: WPA most likely.) Further reading on Kismet is available here.

Select the AP (access point) you want to access. Copy and paste the broadcast name(essid), mac address(bssid), and channel number of your target AP into a text editor. Backtrack is KDE based so you can use kwrite. Just open a terminal and type in ‘kwrite’ or select it from the start button. In Backtrack’s terminal to copy and paste you use shift+ctrl+c and shift+control+v respectively. Leave kismet running to leave your wireless adapter in monitor mode. You can also use airmon to do this manually. airmon-ng -h for more help with this

STEP 2

Collecting Data With Airodump

Open up a new terminal and start airodump so we can collect ARP replies from the target AP. Airodump is fairly straight forward for help with this program you can always type “airodump-ng -h” at the command prompt for additional options.

airodump-ng ath0 -w /mnt/hda2/home/ryan/belkin_slax_rcu 9 1

Breaking down this command:

• ath0 is my wireless card
• -w tells airodump to write the file to
  /mnt/hda2/ryan/belkin_slax_rcu
• 9 is the channel 9 of my target AP
• 1 tells airodump to only collect IVS – the data packets with the WEP key

STEP 3

Associate your wireless card with the AP you are accessing.

aireplay-ng -1 0 -e belkin -a 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 ath0

• -1 at the beginning specifies the type of attack. In this case we want fake authentication with AP. You can view all options by typing aireplay-ng -h
• 0 specifies the delay between attacks
• -e is the essid tag. belkin is the essid or broadcast name of my target AP. Linksys or default are other common names
• -a is the bssid tag(MAC address). 00:11:22:33:44:55 is the MAC address of the target AP
• -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address. macchanger -s ath0
• ath0 at the end is my wireless adapters device name in linux

STEP 4

Start packet injection with aireplay

aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 ath0

NOTES:

• -b requires the MAC address of the AP we are accessing.
• -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address. macchanger -s ath0
• if packets are being collected at a slow pace you can typeiwconfig ath0 rate auto to adjust your wireless adapter’s transmission rate. You can find your AP’s transmission rate in kismet by using the arrow keys up or down to select the AP and hitting enter. A dialog box will pop up with additional information. Common rates are 11M or 54M.

As aireplay runs, ARP packets count will slowly increase. This may take a while if there aren’t many ARP requests from other computers on the network. As it runs however, the ARP count should start to increase more quickly. If ARP count stops increasing, just open up a new terminal and re-associate with the ap via step 3. There is no need to close the open aireplay terminal window before doing this. Just do it simultaneously. You will probably need somewhere between 200-500k IV data packets for aircrack to break the WEP key.

If you get a message like this:

Notice: got a deauth/disassoc packet. Is the source MAC associated ?

Just reassociate with the AP following the instructions on step 3.

STEP 5

Decrypting the WEP Key with Aircrack

Find the location of the captured IVS file you specified in step 2. Then type in a terminal:

aircrack-ng -s /mnt/hda2/home/belkin_slax_rcu-03.ivs

Change /mnt/hda2/home/belkin_slax_rcu-03.ivs to your file’s location

Once you have enough captured data packets decrypting the key will only take a couple of seconds. For my AP it took me 380k data packets. If aircrack doesn’t find a key almost immediately, just sit back and wait for more data packets.

If this guide doesn’t fully answer your questions you can always refer to the forums at remote-exploit.org