by 3 people |
War Drive!
Auditing wireless networks is a good way to start exploring wireless networks, their popularity and the risks associated with them. This lens provides information on wardriving and wireless network security. I learned a lot by obtaining my SANS GAWN-C certification after completing the SANS Assessing and Securing Wireless Networks course. A new and improved WI-Fi absorbing paint is on the market.
--Todd ( SANS GAWN-C Certified)
Wardriving Books! Yeah!
WarDriving and Wireless Penetration Testing
Amazon Price: $36.68 (as of 12/11/2009) 
State What Must Be Stated
- War Driving Is Not A Crime.
- One way to understand the environment you live in, is by investigating it. Are you having problems with your local wireless network, maybe due to interference from a local network on the same channel? Does your community have a free wireless network in place? You may never know if you do not investigate.
- How to Avoid Ethical and Legal Issues In Wireless Network Discovery
- SANS has many computer security articles available in their online Reading Room. This article discusses the Legal issues surrounding network discovery.
- WarDriving: you can look, but don't touch
- Know your equipment, the software you will be using and be sure that you do not join an open network by default. Many operating systems and vendor software products default to connecting to a wireless network with the strongest signal often without asking for approval. Accessing private open networks is against the law.
WiFi Resources and Blogs
Great information!
- WiFi Jedi
- WiFi Blog
- Certified Wireless Network Professional
- WiFi resources and educational materials
Formal Wireless Security Training
- SANS
- SANS offers a wireless security course which I have taken. While it does not address wardriving directly, the course provides relevant information about how to audit a wireless network, the risks of having one and the inherent vulnerabilities with current technologies. SANS Track17 - The T17 column is for SEC617: Assessing and Securing Wireless Network
Pictures of Wardriving Hardware
A car is required for War Driving.
PC Setup
Macintosh Setup
curated content from Flickr
Required / Optional Hardware
Below are the items you will need to go wardriving.
- A device with wireless capabilities. This device may be a computer, PDA or network analyzer. I have used both Macintosh and PC platforms to conduct wardrives. You can use a built in wireless device but the sensitivity of the antenna may be limited. External devices usually connect via the PCMCIA slot or a USB port and have a connector for an external antenna.
- Optional: A GPS unit is required if you want to geolocate your data and produce maps of where access points exists. I use a garmin etrex vista or my TripNav TN-200. The TripNav has a built in magnet so it can be placed on top of your vehicle and improve GPS reception.
- An antenna is needed on the wireless device to improve signal reception. The Antenna can either be built into the device or attached to a port on the network device. Some wireless devices support more than one antenna.
- Depending on the GPS unit being used, a serial to USB converter may be necessary. I use a KeySpan serial to USb converter (USA-19HS) to connect to my etrex unit. The Trip Nav GPS unit is a USB device.
- Memory Stick: A USB memory stick is used to store collected data. If you are booting your computer from a Wireless tool CDROM, such as BackTrack, you will want to have a location to store the data.
- Choose your favorite wireless auditing software, one which supports your devices.
Wireless Spectrum Analyzers
- Wi-Spy
- Wi-Spy is a $199 USB spectrum Analyzer costing thousands of dollars less that most on the market. Check their web site for more information and screen shots they do have a new model supporting an external antenna.
Wireless Network Auditing Software
So many tools, so little time.
There are numerous wireless network auditing tools, below I have listed the ones I use most often.
- BackTrack
- This is a great software resource bootable from a CDROM on a PC platform. Check the details of the CDROM software products on the main web site. The package contains many software applications useful for wireless network auditing.
- Kismet
- A very popular wireless network auditing software product. This is usually the product I choose to use.
- NetStumbler
- Used on hosts with the windows operating system.
- Mac Stumbler
- As the name suggest, software for the Macintosh. I have experimented with this product.
Wardrive Check List
Many states have laws against distracted driving. Distracted driving laws restrict the use of mobile telephones and other electronic devices while driving.
- Be safe. Keep your wardriving equipment in the back seat, so you will not be distracted. Many auditing applications have audio settings which will announce the SSID when you stumble across one.
- Verify your GPS unit is communicating with the satellites and has obtained it's position.
- Verify that you have modified you MAC address on your wireless device.
- Verify that data is being written to your storage location if using a CDROM tool product.
- Plot your course. Print maps from online resources when doing coordinated wardrives with other teams.
Creating or Viewing Maps
Maps provide a one page view of your environment. There are numerous useful map types that can be created. For example, it is good to create a signal strength map to know how far you wireless access point extends beyond your perimeter.
- cGPSmapper
- A Mapping package which supports the creation of many different types of maps using aquired data.
- USA Photo Maps
- I have used this software to plot my war drive paths onto maps. You can also use it to track where you are as you drive using your laptop. Use the software to download local maps of the area you intend to survey.
- Wigle.net
- A site storing wireless node information. Maps available.
MAC Addresses
e.g. 00:30:65:41:c3:c2
The first security measure taken by a wireless network administrator, is to change the default SSID. You can still identify which type of hardware supports an access point by looking up the MAC address of the access point. MAC addresses can be entered into the access point to restrict access to known network devices.
- Lookup MAC Addresses
- The Manufacturers of network cards are assigned a Media Access Control address (MAC address). Knowing the MAC address can help you determine what type of hardware is being used to connect to your network, or as access points. Note that many software products allow the user to modify the MAC address from the one assigned to a wireless card.
Antennas
Every antenna has a characteristic radiation pattern. For wardriving an omni directional antenna is usually chosen. Directional antennas are used for locating rogue access points. High-Gain antennas are used to create point to point networks usually between buildings.
- Pringles Can
- If you are serious about wardriving, be sure you have built at least one pringles can antenna. I've got mine. It makes for a great conversation piece.
- Antenna Terminology
- What do all the strange antenna terms mean?
Antenna's from Amazon
When buying an antenna, don't forget about the cable from your wireless device to the antenna. Also be sure you know which type of connector is needed to connect to your wireless device.
Platinum PRO WarDriving Kit (802.11g +7dB) 54/128 Mbps
Amazon Price: (as of 12/11/2009)
5 Dbi Magnetic Mobile Wifi Antenna (For MC, Orinoco and Wardriving)
Amazon Price: (as of 12/11/2009)
60"(1.5m) RF WiFi extension cable N(M) to MC (Lucent/Orinoco)
Amazon Price: (as of 12/11/2009)
802.11 Protocol and Frequency Allocation
Belows are two useful posters.
- O'Reilley 802.11 Protocol Poster
- A poster of the 802.11 Protocol
- United States Radio Frequency Allocations
- A poster of how radio frequencies are allocated in the United States.
Protecting Your Wireless Network
Most wardrivers operate a home wireless network. Be sure that you have secured your network. Given the popularity of wardriving and wireless networking in general, serious network administrators have set up honeypots to measure how often "outsiders" are trying to join their networks. Most of the auditing tools are passive and do not try to join networks they stumble across.
- Wireless IDS (Honey Pot)
- Create a wireless honeypot. They are watching!
- Tips to secure your network.
- Make sure your network is secured.
- WIreless Myths that Won't Die
- Another great article by George Ou on wireless security.
- The six dumbest ways to secure a wireless LAN
- It is always good to look at an alternative view of how to secure a wireless network.
- Fake Access Points
- Use software to hide in a cloud of Fake access points.
- Paint, Yes, Paint
- A new paint product will help protect your wireless network.
- Window Covering
- A new film will soon be on the market to be used to protect wireless signals from passing through windows. It may be expensive.
WEP Security Issues
The Wired Equivalence Privacy Protocol (WEP) is just basic security and many tools exist to exploit this protocol. The implementation of the RC4 protocol supporting WEP is weak, allowing for numerous attacks.
Many users of wireless network equipment do not understand the problems with the WEP protocol, but it is the easiest way to implement some form of security on a access point.
Many users of wireless network equipment do not understand the problems with the WEP protocol, but it is the easiest way to implement some form of security on a access point.
- Security of the WEP algorithm
- Read this article to understand the security problems with the WEP protocol.
WEP Cracking Tools
Many tools exist which will help you understand the weakness of using WEP for your only security solution.
- Airsnort
- AirSnort requires approximately 5-10 million encrypted packets to be gathered but tools exist to speed up delivery of the packets you need.
- WEP Attack
- Open source linux tool.
- WarDrive.net
- WarDrive.net has a huge list of available tools.
Service Set Identifiers SSIDs
A service set identifier (SSID) is a code that identifies one wireless LAN from another. If an auditor sees a default SSID on an access point, it is a give away that there are most likely no security settings set on that network.
Do not choose an SSID which gives away information about you, or your company. Hackers looking to access a business are often rewarded when they pass by and see an SSID which includes the name of a company. SSIDs are needed to support roaming within a wireless LAN with multiple access points. Hiding the SSID does not improve the security of your network.
Do not choose an SSID which gives away information about you, or your company. Hackers looking to access a business are often rewarded when they pass by and see an SSID which includes the name of a company. SSIDs are needed to support roaming within a wireless LAN with multiple access points. Hiding the SSID does not improve the security of your network.
- SSID Definition
- The Wikipedia definition of SSID.
GPS units from Amazon
You should be aware that newer Color Models of Garmin GPS units have a proprietary protocol and no longer support the NMEA protocol. This may cause problems with open source wireless software products. I use an older (Black & White) Garmin Etrex Vista or my TripNav usb model.
Read the following article for more information on the NMEA issue.
Keep in mind that you might want to have a car-power cable. Garmin makes a cable with a serial connector as well as a power adapter.
Read the following article for more information on the NMEA issue.
Keep in mind that you might want to have a car-power cable. Garmin makes a cable with a serial connector as well as a power adapter.
Garmin Etrex Legend GPS Receiver
Amazon Price: (as of 12/11/2009)
Garmin eTrex Vista Handheld GPS Navigator
Amazon Price: $156.51 (as of 12/11/2009)
GARMIN 010-10268-00 Cigarette Lighter/PC Cable Adapter
Amazon Price: $34.22 (as of 12/11/2009)
Books on Wireless Networks
Deploying and Troubleshooting Cisco Wireless LAN Controllers
Amazon Price: $50.70 (as of 12/11/2009)
Wireless Home Networking For Dummies
Amazon Price: $16.49 (as of 12/11/2009)
Wireless
Amazon Price: $9.98 (as of 12/11/2009)
CCNA Wireless Official Exam Certification Guide (CCNA IUWNE 640-721)
Amazon Price: $34.99 (as of 12/11/2009)
LAN Switching and Wireless, CCNA Exploration Labs and Study Guide
Amazon Price: $28.82 (as of 12/11/2009)
Other Wireless Links
- Wardriving.com
- Wardriving news hub with archives and links.
- WarDriving v2.0
- Wardriving information about hardware and software along with links and codes.
- WarDrive.net
- Offers information about Wardriving and Wireless Networking.
- BC Wireless
- Hardware, software and gear for wardriving.
- WarDrivers
- Discussion forum about WarDrivers, software, hardware and wardriving techniques.
WardriverFlickr Pictures
Slurpr Prototype Pho...
Slurpr Prototype Pho...
Slurpr Prototype Pho...
Slurpr Prototype Pho...
Slurpr Prototype Pho...
Slurpr Prototype Pho...
automatically generated by Flickr
My Other Security Lenses
-
Computer Security Jump Bag
-
A Jump Bag is the term used to describe the bag or container holding all of the tools you need to appropriately respond to a computer security incident. The hard part is ensuring that the jump bag is ready to deploy at a moment's notice and that it w...
-
Physical Security
-
Securing the physical environment is a challenge but standards are being created to help with this effort. ISACA's COBIT framework covers the areas of site selection, physical security, controlling physical access, protecting against environmental fa...
-
Computer Network Secure?
-
Computer security. With many people switching their systems to a broadband network, the need for computer security education has grown. This lens provides an overview of computer security topics as well as links to resources I use to keep the s...
Reader Feedback
Provide feedback if you have the time.
submit
-
Reply
- rose08 rose08 Oct 15, 2008 @ 3:56 am
- very detail introduction. completely presented lens. I use a GPS supported by garmin. but it seems sometimes can't tell the exit or entry of the highway, and sometimes it don't the forbidden entrance or turn direction. I've been mis-lead for several times. It's not safe to trust it all the way, to be safe, you still need check the guide by your own eyes and brain, especially around the small village. But in the most case, it helps. I'd like to share an informative site about hardware devices, check out when you get a chance.
-
Reply
- dmp244 dmp244 Aug 27, 2008 @ 5:58 pm
- Great lens! Nicely explained. If you or anyone else are interested, I have an article written on wireless networking equipment terminology here. Enjoy!
Conclusions / Feedback Request
Please let me know what additional topics or content could be added to improve this lens. If you want to share your knowledge, build your own lens. It's easy!
Use the Contact the LensMaster Button.
Thanks,
--Todd
Use the Contact the LensMaster Button.
Thanks,
--Todd
by Edmands
Explore related pages
How to Pick a Lock- If you have ever lost your keys and had to call out an expensive locksmith, you...
Computer Security Jump Bag- A Jump Bag is the term used to describe the bag or container holding all of the...
Computer Network Secure?- Computer security. With many people switching their systems to a broadband...
Importance And Uses Of Wireless- keepTired of your old wireless plan? Like to take advantage of the new portabili...
WiFi Security - What you NEED to know- Welcome to my lens! If you’re here, you’re probably an individ...
