Articles

Cisco IOS Commands
An Introduction to Computer Security
Pix Configuration Guide
Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers

Wardriving

From Wikipedia, the free encyclopedia.

Wardriving is an activity consisting of using an automobile and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks. It is also known (as of 2002) as "WiLDing" (Wireless Lan Driving), originating in the U.S. with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio. Many wardrivers use GPS devices to measure the location of the network find and log it on a website. For better range, antennas are built or bought, and vary from omnidirectional to highly directional. Software for wardriving is freely available on the Internet, notably, NetStumbler for Windows, KisMac for Macintosh, and Kismet for Linux.

Wardriving was named after Wardialing because it also involves searching for accessible computer systems.

The average wardriver is typically only out to log and collect information from the Access Points (APs) they find while driving.

The legality of wardriving in the U.S. is uncertain. There has yet to be a sustained conviction for wardriving, and there is an untested argument that the 802.11b and DHCP protocols operate on behalf of the owner to give consent to use the network, but not if the user has other reason to know that there is no consent. A New Hampshire bill which would have clarified that the duty to secure the wireless network lies with the network owner did not pass due to concerns that it would create a loophole for criminal activity. The specific laws, in any case, vary from state to state.

The law differs in other countries. For example, a wardriver in the UK might be caught with the 'use of a computer for a purpose for which one does not have permission' clause. This is a commonly misunderstood concept. Wardrivers do not, in fact, usually use services without authorization and may not even transmit a signal at all.

Ethical considerations

Wardriving is frequently pointed out as an example of questionable activity. However, from a technical viewpoint, everything is working as designed: access points broadcast identifying data accessible to anyone with a suitable receiver by necessity.

In cases of listen-only software, such as kismet, wardriving can be likened to listening to a radio station that happens to be broadcasting in your area. But again, this may differ in other countries. For example, in the UK it is illegal to listen on some radio frequencies or to some transmissions (such as those used by the police or armed forces).

With other types of software, such as NetStumbler, the wardriver sends probes, and the access point responds per design. Most access points, when using default settings, are intended to provide wireless access to all who request it. Some argue that those who set up access points without adding security measures are offering their connection (most likely unintentionally) to the community. Others believe that this reasoning is akin to stating that people who leave their doors unlocked are asking people to take what they like. In fact, when people unfamiliar to wardriving see how many unsecured access points there are and how easy it is to find them, they often want to make their own access points more secure. Some wardrivers go to the extent of informing the access point's administrator about their insecurity and offer steps to correct it. However, there are many wardrivers who, while securing their own networks, are delighted to offer wireless Internet access to whomever wants it, with the exception of those who use too much bandwidth.

Wireless network security

More security-conscious network operators may choose from a variety of security measures to limit access to their wireless network, including:

  • MAC address authentication in combination with discretionary DHCP server settings allow a user to set up an "allowed MAC address" list. Under this type of security, the access point will only give an IP Address to computers whose MAC address is on the list. Thus, the network administrator would obtain the valid MAC addresses from each of the potential clients in their network. Disadvantages to this method include the additional setup. Methods to defeat this type of security include MAC address spoofing, detailed on the MAC address page, whereby network traffic is observed, valid MACs are collected, and then used to obtain DHCP leases.
  • IP security (IPsec) can be used to encrypt traffic between network nodes, reducing or eliminating the amount of plaintext information transmitted over the air. This security method addresses privacy concerns of wireless users, as it becomes much more difficult to observe their wireless activity. Difficulty of setting up IPsec is related to the brand of Access Point being used. Some access points may not offer IPsec at all, while others may require firmware updates before IPsec options are available. Methods to defeat this type of security are computationally intensive to the extent that they are infeasible using readily-available hardware, or they rely on social engineering to obtain information (keys, etc) about the IPsec installation.
  • Wired Equivalent Privacy (WEP) can be used on many Access Points without cumbersome setup, but offers little in the way of practical security. It is cryptologically very weak, so an access key can easily be stolen. Its use is often discouraged in favor of other more robust security measures, but many users feel that any security is better than none. In practice, this may simply mean your neighbors' non-WEP networks are more accessible targets. WEP is sometimes known to slow down network traffic in the sense that the WEP implementation causes extra packets to be transmitted across the network.
  • Wi-Fi Protected Access (WPA) is more secure than WEP but is not yet very widespread. Many Access Points will support WPA after a firmware update.
  • VPN options such as tunnel-mode IPSec or OpenVPN can be the (respectively) most difficult to set up, but often provide the most flexible, extendable security, and as such are recommended for larger networks with many users.