cheaptrinkets-ga:
Thank you for your Question regarding wardriving/warwalking. I hope
that you find the following information useful. For the most part,
this Answer is written based on my own personal knowledge, with links
to useful resources on the Web to help broaden the perspective I am
providing. There is a lot of reading material out there on this
subject, so hopefully the view I am giving you here will help guide
you towards the most relevant information for your needs. After
reading this Answer, please let me know if there is anything you would
like clarified that would result in you giving a five-star rating to
express your complete satisfaction!
----------------------------------------------------------------------
What is WarDriving/WarWalking?
WarDriving is the art of discovering and documenting the locations of
wireless access points while driving. Warwalking is the same thing,
except that instead of walking, the warwalker uses smaller handheld
equipment while walking. A related activity is warchalking, which
involves visibly marking (often with chalk on a sidewalk or wall) the
location and status of wireless access points. With the rapid growth
of wireless networking devices, warchalking has been replaced to a
certain extent by online databases complete with maps.
The name comes from two origins: the first is the old hacker activity
called war-dialing, where a hacker would use a computer and modem to
methodically dial up every number in an exchange to see which numbers
would lead to dial-up servers on private, corporate networks. The
second origin is the concept of "wireless access revolution", the idea
that with the advent of wireless networking devices, Internet access
would become ubiquitous and free. Well, as long as someone has to pay
somewhere along the line, Internet access will never be truly free.
There are several categories of wireless access points that are
regularly discovered by wardrivers:
- free public access hotspots, set up by individuals or organizations
explicitly for the purpose of providing free Internet access to anyone
with the proper wireless networking equipment;
- fee-based public access hotspots, set up by individuals or
organizations where users must first establish a payment relationship
before being allowed to access the Internet through the hotspot's
wireless access point(s);
- private network access points, set up by individuals or
organizations, that are not intended for public use.
Within each of these categories, different levels of security may be
in place to prevent unauthorized access and use. For example, free
public access hotspots will usually have no security whatsoever,
allowing anyone who enters the coverage area to easily get online. At
the other extreme, some private network access points will feature
multiple layers of security to prevent an unauthorized person from
discovering the access point, connecting to it, and accessing the
network resources connected to it. Unfortunately, many installations
that should fit into this latter group, do not have the necessary
security in place. As a result, the networks attached to those access
points are not secure, either, making them vulnerable to both innocent
and intentional violation. Due to this, many individuals have taken up
wardriving as an activity to try to raise awareness of the security
lapses, and to raise awareness of wireless networking itself. By
'sniffing' out the locations of access points in need of security
changes, the hope is that the operators of those access points will
step up to their responsibility to turn up the necessary security
features.
----------------------------------
Additional links:
wardriving - a searchSecurity definition
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci812927,00.html
Wireless LAN Glossary
http://www.wireless-nets.com/glossary.htm
Computerworld: "Sniffing, war-chalking and more: A wireless vocabulary evolves"
http://www.computerworld.com/networkingtopics/networking/lanwan/story/0,10801,74321,00.html
Guardian Unlimited: "Working the web: Warchalking"
http://www.guardian.co.uk/internetnews/story/0,7369,748618,00.html
----------------------------------
At this point, it is important to discuss the legal side of
wardriving. Wireless access points operating with the 802.11 family of
protocols are, by default, configured to broadcast their service set
identifiers, or SSIDs ( http://www.webopedia.com/TERM/S/SSID.html ).
The purpose of this is to allow wireless access clients to easily
detect and connect to wireless access points. This is fine, as long as
the wireless access client is authorized to use the network that the
access point is attached to.
Current computer crime laws throughout the US classify the
unauthorized access of a private network as a crime. Due to this, many
amateur wardrivers have found themselves on the wrong side of the law
after they inadvertantly access the resources of a private network
through an unsecured wireless access point. The law and case history
for this is evolving, though, with some jurisdictions looking to
classify the lack of security for a wireless access point connected to
a private network as a form of negligence on the part of the network
operator, thus creating a defensible position for the wardriver who
stumbles across the access point and accidentally accesses the
network.
Wardrivers, in general, are able to protect themselves while
wardriving simply by disabling the TCP/IP capabilities of their laptop
or handheld computer. This prevents the laptop or handheld from
accidentally or intentionally receiving a DHCP-assigned IP address for
the network, meaning that it is not possible to access the network or
the resources within it. In such a configuration, it is still possible
to detect the wireless access point and determine whether or not any
wireless security settings have been activated. It is not, however,
possible in this mode to determine of the wireless access point is
connected to an open connection to the Internet, as any such use could
be determined to be a violation of a computer crime law for
unauthorized access to a private network.
----------------------------------
Additional links:
Wired News: "Licensed to War Drive in NH"
http://www.wired.com/news/wireless/0,1382,58651,00.html
- note: a quick review of the current NH law at:
http://www.gencourt.state.nh.us/rsa/html/LXII/638/638-17.htm
shows no evidence that this proposed law has made it into the actual state law.
"The FBI takes an interest in War Chalking and War Driving"
http://www.oreillynet.com/pub/wlg/1827
----------------------------------
So, prior to proceeding on with the rest of this Answer, I must warn
you that if you decide to take up wardriving/warwalking as a hobby,
that you will need to stay up to date on the computer crime laws of
your state and municipality to ensure that what you are doing remains
legal.
----------------------------------------------------------------------
An Overview of Wireless Networking Equipment used for Wardriving/walking
The basic equipment required for wardriving includes:
- a laptop computer
- a wireless access adapter that optionally supports an external antenna
- an optional antenna for the wireless access adapter
- a GPS receiver with PC interface
- sniffer software on the laptop to control the wireless access adapter
- optional mapping software to map detected access points
- a vehicle to drive all this around in :)
---
Laptop Computer
Pretty much any laptop computer will work for wardriving, so the
features to look for are:
- lightweight, rugged construction
- ability to run Linux, as the vast majority of sniffer software is
designed for Linux
- ability to run Windows XP, for compatibility with mapping software
such as MS MapPoint
- serial and/or USB port to connect to GPS receiver (depends on GPS
unit interface)
- PC Card slot for wireless access adapter
---
Wireless Access Adapter with External Antenna Support
Not all wireless adapters are supported by the various sniffer
software applications out there. With the recent burst of new adapter
designs on the market to support the 802.11g standard, the choice has
gotten even more difficult.
The most commonly supported cards are based on the Prism2 chipset.
However, the Prism2 chipset is also being phased out by the major
manufacturers. That said, the folks who have programmed the sniffing
software typically have not had either the funds, or the desire, to
reprogram their applications to work with the newer designs.
Of the current cards available on the market, the one I would get
myself is the Proxim ORiNOCO Gold 11b/g PC Card. There is also a
Silver version, but the Gold version is best. This card supports an
external range-extender antenna:
ORiNOCO Gold 11b/g PC Card
http://www.proxim.com/products/wifi/client/
http://www.proxim.com/products/wifi/client/11bgpccard/index.html
http://www.proxim.com/learn/library/datasheets/11bgpccard.pdf
---
Optional External Antenna
For wardriving, what you need is a good omni-directional antenna. That
way, you can drive along without needing to worry about aiming an
antenna. You are also less likely to be accused of trying to
intentionally break into a network, since there is no conscious intent
involved when using an omni-directional antenna.
A decent antenna to use on a car is the one available from Netstumbler.com:
Mobile Netstumbler Kit
http://shop.netstumbler.com/customer/product.php?productid=61&cat=4&page=1&XCARTSESSID=96a6c672ab75a6102cc274eca44b1a62
A similar antenna is available from HyperLink Technologies:
HyperGain® Range Extender 8 dBi "Range Doubler" Omni Antenna
http://www.hyperlinktech.com/web/re09u.php
This HyperGain unit is the one that I personally would want, as it has
the higher 'gain' on the signal. However, since it is 16 inches tall,
you may want to paint it black before using it so that it isn't as
noticeable.
---
GPS Receiver with PC interface
An important consideration when choosing a GPS receiver for wardriving
use, is how the unit is powered. For use in a car, it makes best sense
that the unit be powered using a cigarette-lighter adapter. A great
unit that features this, along with a PC interface and a good antenna,
is the Garmin GPS V (V as in the roman numeral five):
Garmin:GPS V
http://www.garmin.com/products/gps5/
Accessories for GPS V
http://shop.garmin.com/accessories_for_product.jsp?sku=010-00226-00
For portable use while war-walking, you may instead wish to consider:
Garmin eTrex Vista
http://www.garmin.com/products/etrexVista/
This unit can be upgraded with a cigarette lighter adapter as well as
a PC interface cable:
Accessories for eTrex Vista
http://shop.garmin.com/accessories_for_product.jsp?sku=010-00243-00
Garmin has the reputation of making some of the best GPS receivers
available on the market, so you will not go wrong with their products.
Do not forget to purchase the serial cable required to connect either
of these units to your laptop computer. Please note that the data
cables for the two units are not interchangeable, unfortunately. Since
you have a convertible, you can probably just go with the eTrex Vista
since you have no metal roof to interfere with the GPS signal for the
eTrex.
---
Sniffer Software
As I previously mentioned, the majority of sniffer software is
designed for use with Linux. However, if you are just starting out, I
would recommend that you use NetStumbler, a Windows-compatible
package. This application is available for download from the
developer's website:
stumbler dot net
http://www.stumbler.net/
The current version is version 0.3.30, which has not been updated
since 2002. However, in December the developer did post a teaser to
indicate that he is finally beginning work on version 0.4 again, which
will include support for many of the newer cards. Using Windows XP
will also help a lot in getting your card to work with Netstumbler.
A listing of other software packages available can be found at:
http://www.wardrive.net/wardriving/tools
Again, note that many of these are Linux packages that require a
reasonably high level of knowledge in using Linux in order to use.
For myself, I would use Netstumbler anyway, simply to avoid the hassle
of having to set up and maintain a Linux installation on my laptop
(which I use for other purposes that require MS Office applications).
There are also some packages available for Apple Mac users, but these
are very limited.
---
Mapping Software
If you do use NetStumbler, then the best mapping package to use is
Microsoft's MapPoint software:
MapPoint Home
http://www.microsoft.com/mappoint/default.mspx
You will also need StumbVerter 1.5 to translate the NetStumbler
discovery files into a format compatible with MapPoint 2004:
StumbVerter Home
http://www.sonar-security.com/
----------------------------------
Additional Links:
Wireless LAN Security & Wardriving (802.11)
http://www.wardrive.net/
Wardriving Articles, Links, and Whitepapers
http://www.wardrive.net/wardriving/links
Wireless on the fly - CNET Asia
http://asia.cnet.com/reviews/hardware/networking/0,39001739,39129260,00.htm
----------------------------------
To use all of this hardware and software, you will need to do the following:
1. Install wireless access card in the laptop per manufacturer's requirements
2. Calibrate GPS unit per manufacturer's requirements
3. Install Netstumbler on laptop, confirm compatibility with wireless card
4. Connect GPS unit to laptop serial port, confirm compatibility with Netstumbler
5. Connect range-extender antenna to wireless access card using card's
optional antenna connector (see manufacturer's documentation)
6. Test system by driving around your neighborhood! You should be able
to detect your own network as you drive in and out of range
See the CNET article above for more information about this.
----------------------------------------------------------------------
Wardriving info for Santa Monica
Interestingly enough, Santa Monica is home to Boingo Wireless, the
self-proclaimed best/easiest-to-use network of WiFi hotspots in the
world.
Here is a list of publicly known hotspots in the Santa Monica area:
http://www.wi-fihotspotlist.com/browse/us/2000238/2050355/
Beyond these, I was able to find a reasonably detailed map containing
the results of previous wardrivers searching in the Santa Monica area:
WifiMaps.com
http://www.wifimaps.com/modules.php?name=Map&Y=34.011746005965&X=-118.49468658462&RES=0.0075890934800071
Read the FAQ first to learn how to use this system:
http://www.wifimaps.com/modules.php?name=FAQ&myfaq=yes&id_cat=4&categories=WiFiMaps.com+Documentia
Basically, use 'Browse' mode, and the Zoom-In and Zoom-Out icons under
the compass to zoom into the neighborhood you are interested in, then
use 'Query' mode and click on a symbol in the map to learn about the
wardriving results for that area. There is more information here than
I can possible begin to describe in words.
----------------------------------------------------------------------
Safeguarding Your Own Wireless Network
The final piece of this Answer, is information on threats to your own
wireless network, and steps that you can take to safeguard it.
The first and most important thing is to turn on any security features
that your access point has available. It continues to baffle me why
anyone would buy a wireless access point, plug it in, and not take the
time and trouble to configure it for security. That's the equivalent
of buying a keg of beer for the Superbowl, then leaving it on the
front lawn with a tap and a stack of beer cups so that anyone walking
by can help themself to some beer. While that may be a wonderful way
to win the friendship of your neighbors, it's also a way to attract
undesirables onto your property!
What is worse, is when someone buys a wireless access point, then does
not bother to change the administrative password from the factory
default. That's like leaving the doors to your car unlocked, AND
leaving the keys in the ignition.
Security features available on all WiFi access points includes wired
equivalent privacy (WEP), and the ability to not broadcast the SSID.
Some access points also allow MAC address filtering to only allow
pre-authorized MAC addresses to use the access point to access network
resources (such as an Internet connection). Newer access points have
implemented WiFi Protected Access (WPA). Some manufacturers have even
designed their own proprietary security protocols, such as Cisco's
Lightweight Extensible Authentication Protocol (LEAP).
Regardless of what your wireless access point has available, you have
to be religious about using it. Personally, I try to change my 128-bit
WEP key on a semi-regular basis. I also regularly review the
connection logs for my access point, to see if anyone other than me
has managed to crack my WEP key, and connect. I also semi-regularly
change the administrative password on my access point.
You can read more about how wardrivers and hackers can be kept out of
your wireless network, in the following articles:
---
Wireless LAN Security FAQ
http://www.iss.net/wireless/WLAN_FAQ.php
Links to Wireless Security Articles - Tom's Networking (<=== A Must Read!!!)
http://www.tomsnetworking.com/Weblink-req=viewlink-cid=12-orderby=dateD.php
Wi-Fi 'wartrappers' snare the drive-by hackers - ZDNet UK
http://news.zdnet.co.uk/internet/0,39020369,2123600,00.htm
---
The last article is perhaps the most interesting, the idea of setting
up honeypot access points to attract wardrivers and hackers, to
distract them from the real wireless network in your location.
----------------------------------
Additional Links:
Overview of the WPA Wireless Security Update in Windows XP
http://support.microsoft.com/?kbid=815485
802.11 Security Articles, Links, and Whitepapers
http://www.wardrive.net/security/links
802.11 Security Books
http://www.wardrive.net/security/books
Wardriving is not a crime - Reno News & Review
http://www.newsreview.com/issues/reno/2003-12-18/cover.asp
----------------------------------
----------------------------------------------------------------------
I hope that you found this Answer informative. Again, please let me
know where you would like some clarification so that you are satisfied
with this as a five-star Answer!
Best Regards,
aht-ga
Google Answers Researcher |