Home » Internet » Internet Safety & Security

Learn to Wardrive

Ranked #264 in Internet, #11,834 overall

War Drive!

Auditing wireless networks is a good way to start exploring wireless networks, their popularity and the risks associated with them. This lens provides information on wardriving and wireless network security. I learned a lot by obtaining my SANS GAWN-C certification after completing the SANS Assessing and Securing Wireless Networks course. Wardriving tools exist for many portable phones which are very handy and I use WiFi-Where. Wigle.net is a great resource.

Lifehacker tips on How to stay safe on public WiFi networks.

--Todd ( SANS GAWN-C Certified)

State What Must Be Stated

War Driving Is Not A Crime.: One way to understand the environment you live in, is by investigating it. Are you having problems with your local wireless network, maybe due to interference from a local network on the same channel? Does your community have a free wireless network in place? You may never know if you do not investigate.
How to Avoid Ethical and Legal Issues In Wireless Network Discovery: SANS has many computer security articles available in their online Reading Room. This article discusses the Legal issues surrounding network discovery.
WarDriving: you can look, but don't touch: Know your equipment, the software you will be using and be sure that you do not join an open network by default. Many operating systems and vendor software products default to connecting to a wireless network with the strongest signal often without asking for approval. Accessing private open networks is against the law.

WiFi Resources and Blogs

Great information!

WiFi Jedi: WiFi Blog
Certified Wireless Network Professional: WiFi resources and educational materials

Formal Wireless Security Training

SANS: SANS offers a wireless security course which I have taken. While it does not address wardriving directly, the course provides relevant information about how to audit a wireless network, the risks of having one and the inherent vulnerabilities with current technologies. SANS Track17 - The T17 column is for SEC617: Assessing and Securing Wireless Network

Pictures of Wardriving Hardware

curated content from Flickr

Required / Optional Hardware

Below are the items you will need to go wardriving.

A device with wireless capabilities. This device may be a computer, PDA or network analyzer. I have used both Macintosh and PC platforms to conduct wardrives. You can use a built in wireless device but the sensitivity of the antenna may be limited. External devices usually connect via the PCMCIA slot or a USB port and have a connector for an external antenna.
Optional: A GPS unit is required if you want to geolocate your data and produce maps of where access points exists. I use a garmin etrex vista or my TripNav TN-200. The TripNav has a built in magnet so it can be placed on top of your vehicle and improve GPS reception.
An antenna is needed on the wireless device to improve signal reception. The Antenna can either be built into the device or attached to a port on the network device. Some wireless devices support more than one antenna.
Depending on the GPS unit being used, a serial to USB converter may be necessary. I use a KeySpan serial to USb converter (USA-19HS) to connect to my etrex unit. The Trip Nav GPS unit is a USB device.
Memory Stick: A USB memory stick is used to store collected data. If you are booting your computer from a Wireless tool CDROM, such as BackTrack, you will want to have a location to store the data.
Choose your favorite wireless auditing software, one which supports your devices.

Wireless Spectrum Analyzers

Wi-Spy: Wi-Spy is a $199 USB spectrum Analyzer costing thousands of dollars less that most on the market. Check their web site for more information and screen shots they do have a new model supporting an external antenna.

Wireless Network Auditing Software

So many tools, so little time.

There are numerous wireless network auditing tools, below I have listed the ones I use most often.

BackTrack: This is a great software resource bootable from a CDROM on a PC platform. Check the details of the CDROM software products on the main web site. The package contains many software applications useful for wireless network auditing.
Kismet: A very popular wireless network auditing software product. This is usually the product I choose to use.
NetStumbler: Used on hosts with the windows operating system.
Mac Stumbler: As the name suggest, software for the Macintosh. I have experimented with this product.

Wardrive Check List

Many states have laws against distracted driving. Distracted driving laws restrict the use of mobile telephones and other electronic devices while driving.

Be safe. Keep your wardriving equipment in the back seat, so you will not be distracted. Many auditing applications have audio settings which will announce the SSID when you stumble across one.
Verify your GPS unit is communicating with the satellites and has obtained it's position.
Verify that you have modified you MAC address on your wireless device.
Verify that data is being written to your storage location if using a CDROM tool product.
Plot your course. Print maps from online resources when doing coordinated wardrives with other teams.

Latest wireless attack issues

They keep coming.....

Recent offensive and defensive wireless tools.

Fireshepherd: Protection from firesheep, well sort of.
Firesheep: A tool to steal wireless credentials.

Creating or Viewing Maps

Maps provide a one page view of your environment. There are numerous useful map types that can be created. For example, it is good to create a signal strength map to know how far you wireless access point extends beyond your perimeter.

cGPSmapper: A Mapping package which supports the creation of many different types of maps using aquired data.
USA Photo Maps: I have used this software to plot my war drive paths onto maps. You can also use it to track where you are as you drive using your laptop. Use the software to download local maps of the area you intend to survey.
Wigle.net: A site storing wireless node information. Maps available.

MAC Addresses

e.g. 00:30:65:41:c3:c2

The first security measure taken by a wireless network administrator, is to change the default SSID. You can still identify which type of hardware supports an access point by looking up the MAC address of the access point. MAC addresses can be entered into the access point to restrict access to known network devices.

Lookup MAC Addresses: The Manufacturers of network cards are assigned a Media Access Control address (MAC address). Knowing the MAC address can help you determine what type of hardware is being used to connect to your network, or as access points. Note that many software products allow the user to modify the MAC address from the one assigned to a wireless card.

Antennas

Every antenna has a characteristic radiation pattern. For wardriving an omni directional antenna is usually chosen. Directional antennas are used for locating rogue access points. High-Gain antennas are used to create point to point networks usually between buildings.

Pringles Can: If you are serious about wardriving, be sure you have built at least one pringles can antenna. I've got mine. It makes for a great conversation piece.
Antenna Terminology: What do all the strange antenna terms mean?

Antenna's from Amazon

When buying an antenna, don't forget about the cable from your wireless device to the antenna. Also be sure you know which type of connector is needed to connect to your wireless device.

802.11 Protocol and Frequency Allocation

Belows are two useful posters.

O'Reilley 802.11 Protocol Poster: A poster of the 802.11 Protocol
United States Radio Frequency Allocations: A poster of how radio frequencies are allocated in the United States.

Protecting Your Wireless Network

Most wardrivers operate a home wireless network. Be sure that you have secured your network. Given the popularity of wardriving and wireless networking in general, serious network administrators have set up honeypots to measure how often "outsiders" are trying to join their networks. Most of the auditing tools are passive and do not try to join networks they stumble across.

Wireless IDS (Honey Pot): Create a wireless honeypot. They are watching!
Tips to secure your network.: Make sure your network is secured.
WIreless Myths that Won't Die: Another great article by George Ou on wireless security.
The six dumbest ways to secure a wireless LAN: It is always good to look at an alternative view of how to secure a wireless network.
Fake Access Points: Use software to hide in a cloud of Fake access points.
Paint, Yes, Paint: A new paint product will help protect your wireless network.
Window Covering: A new film will soon be on the market to be used to protect wireless signals from passing through windows. It may be expensive.

WEP Security Issues

The Wired Equivalence Privacy Protocol (WEP) is just basic security and many tools exist to exploit this protocol. The implementation of the RC4 protocol supporting WEP is weak, allowing for numerous attacks.
Many users of wireless network equipment do not understand the problems with the WEP protocol, but it is the easiest way to implement some form of security on a access point.

Security of the WEP algorithm: Read this article to understand the security problems with the WEP protocol.

WEP Cracking Tools

Many tools exist which will help you understand the weakness of using WEP for your only security solution.

Airsnort: AirSnort requires approximately 5-10 million encrypted packets to be gathered but tools exist to speed up delivery of the packets you need.
WEP Attack: Open source linux tool.
WarDrive.net: WarDrive.net has a huge list of available tools.

Service Set Identifiers SSIDs

A service set identifier (SSID) is a code that identifies one wireless LAN from another. If an auditor sees a default SSID on an access point, it is a give away that there are most likely no security settings set on that network.
Do not choose an SSID which gives away information about you, or your company. Hackers looking to access a business are often rewarded when they pass by and see an SSID which includes the name of a company. SSIDs are needed to support roaming within a wireless LAN with multiple access points. Hiding the SSID does not improve the security of your network.

SSID Definition: The Wikipedia definition of SSID.

GPS units from Amazon

You should be aware that newer Color Models of Garmin GPS units have a proprietary protocol and no longer support the NMEA protocol. This may cause problems with open source wireless software products. I use an older (Black & White) Garmin Etrex Vista or my TripNav usb model.

Read the following article for more information on the NMEA issue.

Keep in mind that you might want to have a car-power cable. Garmin makes a cable with a serial connector as well as a power adapter.

Wardriving Books! Yeah!

Books on Wireless Networks

WardriverFlickr Pictures

extended scan and photo tower by doommeer

LIDAR-Scanhead and camera system by doommeer

rear view of the mapping car by doommeer

automatically generated by Flickr

My Other Security Lenses

Reader Feedback

Provide feedback if you have the time.

submit

Reply

yourstrategic Nov 30, 2011 @ 5:22 am | delete

Providing undisturbed wireless connectivity to the fielding areas is most difficult task as it has varied of boundaries and limitations. It has more complex number of requirements such as utilizing additional architecture and supportive technologies in the existing business process for company's field representatives. Connect all the wireless network solution by determining the type, amount and frequency of the transferred data.

Reply

CPDInteractive Nov 3, 2011 @ 12:41 am | delete

Hi, gr8 lens, very informative, keep up the good work.

Reply

Squidoo_For_You Aug 28, 2011 @ 7:58 am | delete

Excellent lens, I learned alot, you definatly know what your talking about!

Please Check out my Wifi security related lenses

Reply

wizardgold Apr 8, 2011 @ 6:22 am | delete

Looks like good clean fun. I will have to have a look at the external antennas to connect to my Mac.

Reply

Amarant Feb 6, 2011 @ 3:42 am | delete

Great lens! I have one laptop with Backtrack on it, and a 500mW external antenna for my own investigations :-)
Load More

Show All

Share this Guestbook
- Stumbleupon
- Facebook
- MySpace
- Twitter
- Digg
- Delicious
- RSS
- Email

Conclusions / Feedback Request

Please let me know what additional topics or content could be added to improve this lens. If you want to share your knowledge, build your own lens. It's easy!

Use the Contact the LensMaster Button.

Thanks,
--Todd

About Me

by Edmands

Edmands

Todd Edmands is an Engineer with a Masters Degree in Systems Engineering & Information Assurance and an undergraduate degree in Geography. Todd is an Affiliate... more »

Feeling creative? Create a Lens!

Squidoo