Before everyone had broadband internet access1, modems were the standard way of accessing other computers and consequently other networks. Supermarkets carried magazines such as "Byte" that had articles on how to build your own PC or modem and carried ads for partially pre-assembled kits, parts, or completed circuit boards. In order to connect to another computer, you had to know what phone number to call. People would use programs that would call huge amounts of phone numbers in an attempt to find computers they could connect to. The process was called 'Wardialing', and many of today's older programmers first learned to program by writing short programs to instruct their computers and modems on how to best dial a list of telephone numbers and save the results. Sometimes people would find dial-in phone numbers to corporate, school, or other networks that they probably shouldn't have had access to. Other times, they would connect to personally owned computers intentionally connected to a telephone modem by the owner so different people could connect and write blogs and trade helpful software they had authored. This was the usual goal of 'war dialing.' This type of computer set up was called a BBS and was fairly popular in the US in the 1980s amongst those who owned early computer systems.
Many BBS computer connections were intentionally free to the user and initially often required no password. Just call and post your message or a response to someone else's message. Some BBS systems also offered early online gaming. The BBS owners were called System Administrators or Sysops. They provided the free service as a hobby and maintained the system and occasionally deleted offensive posts or harmful software. Like any other human endeavor some people acted with malice against others and passwords and user registrations began to appear as a safeguard.
As computer technology evolved 'pay for use' sites such as 'Fido nets' also began to appear. The Fido nets offered increased data storage by allowing different personal computers to share storage space across the telephone lines. Sadly, this was in the days prior to cheap telephone calls and some calls between computers were more expensive than others. The cost of the connection was related to distance. Often only one or two donated computers in any town were on the Fido net. The next nodule (node) in a connection to a data storage site could be, and often was, a long distance telephone call away. The Fido sites were therefore expensive to operate and owners were forced to pass the cost on to their users who unhappily became customers of what had previously been a basically free service.
With the advent of the Internet and the evolution of BBS setups into Internet nodes and websites, a similar activity has been born: scanning. On the Internet, an IP address is analogous to a phone number. People often scan through large amounts of IP addresses looking for computers that are running certain types of servers.
The new wireless age has introduced a new brute force attack 2. Originally, WarDriving was when crackers and wireless laptop computer owners far from their home drove around in a car equipped with wireless gear looking for unsecured wireless networks, to gain free Internet and email access. As many broadband systems allow unlimited access with virtually infinite broadband spectrum at no extra cost to the owner of the service the practice is viewed by many as harmless and generally beneficial to the public. Indeed, there are continuing parallels with prior events as some computer owners intentionally supply open wireless routers solely as a hobby while some business owner's see an opportunity for a small profit and have 'pay as you go' connection points. The area where a user can wirelessly connect is called a 'hotspot.' Over time, the term 'War driving' has evolved to include harmless types like us simply checking on the RF environment. A year ago, TheRegister had an article about War driving. There are some tools to facilitate finding AccessPoints.
Tools
For a complete list of Wardriving Tools/Software visit http://wardrivingonline.com/downloads/wardriving.htm
-- DanRasmussen 2012-05-27 13:28:14 The above list still exists, but there's no date. Could be obsolete..
- A searchable web-based map displaying wardriving data contributed by users
WiGLE.net consolidates location and information of wireless networks world-wide to a central database, and has user-friendly java, windows, and web applications that can map, query and update the database via the web. WiGLE.net currently accepts files in any of NetStumbler's exported file formats, DStumbler's text output, Kismet's CWGD, XML, CSV, or GPS formats, Pocket Warrior's text output, as well as via our online form. Screenshots of their client software can be found here, and a current map of findings across the United States is shown here. WiFi-Where is an iPhone application with built-in upload of wardriving data to WiGLE.net.
WiGLE.net currently has 6,082,331 networks with locations in their database. (05-06-2006) --JasonMcArthur
- An IPAQ running familiar and GPE can run an application called arial
Musatcha Advanced WiFi Mapping Engine - This is essentially a client program for WiGLE.net, the largest WiFi network database in the world. Note: This software is still in it's alpha stages! It's not even beta yet.
A Windows application by MariusMilner called NetStumbler.
A Mac OS X application by korben@cox.net called MacStumbler.
A Mac OS X application by captainsonic@gmail.com called ApScanner.
A site dedicated to the advancement of WiFi and its research. Great articles with actual war driving data. Site still young & expanding looking for your input and visit!
JimBinkley's Wscan which works under FreeBsd and Linux (currently true AccessPoint scanning is only available under the FreeBsd version, though the patches needed are supposed to be in the latest version of the 2.4 orinoco_cs driver). It's available in ports under FreeBSD-4.5
# cd /usr/ports/x11/wscan # make install clean
IBM's WirelessSecurityAuditor, a NetStumbler clone written for Linux on the iPAQ.
- Paul Fox has written a simple, dynamic stumbler program, in shell, based on the iw-tools. It should work on any system where "iwlist ethX scan" works. It finds nets, lets you associate, can configure WEP etc for known networks, starts DHCP, shows connection status.
Bret Mounet's Netstumbler'ish program for Windows 2000 and it only works with Prism2Cards.
A perl script by Peter Shipley to pull stats from FreeBsd's wicontrol and lat/long from a GPS unit. The scripts and maps are available. Two perl scripts by frisco@blackant.net which he used to map around Ann Arbor MI (supposedly there are some bugs in this so beware).
- Kismet (great curses based Linux auditor and stumbler)
- Wellenreiter is a GTK/Perl wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. It detects essid broadcasting or non-broadcasting networks and detects WEP capabilities and the manufacture automatically. Dhcp and arp traffic will be decoded and displayed to give you further informations about the networks. A flexible sound event configuration lets it work in unattended. An ethereal / tcpdump-compatible dumpfile can be created. GPS is used to track the location of the discovered networks immediately. Automatic associating is possible with randomly generated MAC addresses. Wellenreiter runs also on low-resolution devices that can run GTK/Perl and Linux/BSD (such as iPaqs). An uniq Essod-bruteforcer is now included too.
PrismStumbler (command like and Perl-GTK)
AirTraf - AirTraf is a 100% passive wireless 802.11b network analyzer. It is capable of performing promiscuous channel scanning to detect access points in the area, as well as pick off 'other' connected wireless nodes, acquiring signal strength information for each node. It performs packet count/byte analysis on different layers (datalink, network, transport), as well as breaking down the 802.11b protocol. It is also capable of parsing higher level protocols such as IP, TCP, UDP, ICMP, and get packet statistics as well as bandwidth information. Furthermore, it supports Cisco Aironet cards & PrismII-chipset cards.
Auditing Tools
There are also some tools available to help you subvert the security of an AccessPoint (or more accurately audit the security of your own AccessPoint ... right?).
THC-RUT (aRe yoU There) is a tool for attacking Lucent AccessPoint's
- macgen
Power Inverters
Power Inverters can be used to run laptops and computers in cars or trucks. The range in power from those able to power laptops to those able to power several computers in a van. A wide selection of power Inverters can be found at: http://www.4lots.com