Diff for "WarDriving" - Personal Telco Project

Differences between revisions 14 and 17 (spanning 3 versions)

Back in the old days, before everyone had broadband internet access, modems were the standard way of accessing other computers and consequently other networks. In order to connect to another computer, you first had to know what phone number to call. People would often run programs that would call huge amounts of phone numbers in an attempt to find computers that they could connect to. Often times people would find dial-in phone numbers to corporate, school, or other networks that they probably shouldn't have access to.

With the advent of the Internet, a similar activity has been born. Scanning. On the Internet, an IP address is analogous to a phone number. People often scan through large amounts of IP addresses looking for computers that are running certain types of servers.

The new wireless age has introduced a new brute force attack. Originally, WarDriving was when crackers drove around in a car equipped with wireless gear looking for unsecured wireless networks, to gain explicit access. Over time, the term has evolved to include harmless types like us simply checking on the RF environment. A year ago, TheRegister had an [http://www.theregister.co.uk/content/8/17976.html article] about War driving.

There are some tools to facilitate finding AccessPoint's.

A Windows application by MariusMilner called NetStumbler.
- http://www.netstumbler.com/
JimBinkley's Wscan which works under FreeBsd and Linux (currently true AccessPoint scanning is only available under the FreeBsd version, though the patches needed are supposed to be in the latest version of the 2.4 orinoco_cs driver)
- ftp://ftp.cs.pdx.edu/pub/mobile/
- under Free BSD 4.5 it available in ports.
- cd /usr/ports/x11/wscan
- (as root) make install clean
IBM's WirelessSecurityAuditor, a NetStumbler clone written for Linux on the iPAQ.
- http://www.research.ibm.com/gsal/wsa/
Bret Mounet's Netstumbler'ish program for Windows 2000 and it only works with Prism2Cards.
- http://www.bretmounet.com/ApSniff
A perl script by Peter Shipley to pull stat's from FreeBsd's wicontrol and lat/long from a GPS unit.
- http://lists.bawug.org/pipermail/wireless/2001-April/000679.html
- The [http://www.dis.org/wl scripts] and [http://www.dis.org/wl/maps maps] are available.
Two perl scripts by frisco@blackant.net which he used to map around Ann Arbor MI (supposedly there are some bugs in this so beware).
- http://blackant.net/other/wireless.php
Kismet (great curses based Linux auditor and stumbler)
- http://www.kismetwireless.net/
Wellenreiter (Great Perl-GTK auditor and stumbler for Linux)
- http://www.remote-exploit.org/

Wellenreiter is a GTK/Perl wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. It detects essid broadcasting or non-broadcasting networks and detects WEP capabilities and the manufactor automaticly. Dhcp and arp traffic will be decoded and displayed to give you further informations about the networks. A flexible sound event configuration lets it work in unattended. An ethereal / tcpdump-compatible dumpfile can be created. GPS is used to track the location of the discovered networks immediately. Automatic associating is possible with randomly generated MAC addreses. Wellenreiter runs also on low-resolution devices that can run GTK/Perl and Linux/BSD (such as iPaqs). An uniq Essod-bruteforcer is now included too.

PrismStumbler (command like and Perl-GTK)
- http://prismstumbler.sourceforge.net/
- http://home.attbi.com/~sboger1/prismstumbler.html
Airtraf
- AirTraf is a 100% passive wireless 802.11b network analyzer. It is capable of performing promiscuous channel scanning to detect access points in the area, as well as pick off 'other' connected wireless nodes, acquiring signal strength information for each node. It performs packet count/byte analysis on different layers (datalink, network, transport), as well as breaking down the 802.11b protocol. It is also capable of parsing higer level protocols such as IP, TCP, UDP, ICMP, and get packet statistics as well as bandwidth information. Furthermore, it supports Cisco Aironet cards & PrismII-chipset cards.
- http://airtraf.sourceforge.net/

There are also some tools available to help you subvert the security of an AccessPoint (or more acurately audit the security of your own AccessPoint ... right?). These should be refactored into another page.

There are many WirelessSniffers available.
THC-RUT (aRe yoU There) is a tool for attacking Lucent AccessPoint's
- http://www.thehackerschoice.com/
AirSnort
- http://airsnort.sourceforge.net/
WepCrack
- http://wepcrack.sourceforge.net/

[CategorySoftware ]

-  ← Revision 14 as of 2002-09-05 11:26:17 →
  Size: 4871
  Editor: 63
  Comment:
+  ← Revision 17 as of 2002-11-08 23:25:05 →
  Size: 4902
  Editor: pm3b-79
  Comment: Fixed vandalism.
-Deletions are marked like this.
+Additions are marked like this.
 Line 5:
-The new wireless age has introduced a new brute force attack.  Originally, WarDriving was when crackers drove around in a car equipped with wireless gear looking for unsecured wireless networks, to gain illicit access. Over time, the term has evolved to include harmless types like us simply checking on the RF environment. A year ago, TheRegister had an [http://www.theregister.co.uk/content/8/17976.html article] about War driving.
+The new wireless age has introduced a new brute force attack.  Originally, WarDriving was when crackers drove around in a car equipped with wireless gear looking for unsecured wireless networks, to gain explicit access. Over time, the term has evolved to include harmless types like us simply checking on the RF environment. A year ago, TheRegister had an [http://www.theregister.co.uk/content/8/17976.html article] about War driving.
 Line 34:
- * Wellenreiter (Greate Perl-GTK auditor and stumbler for Linux)
+ * Wellenreiter (Great Perl-GTK auditor and stumbler for Linux)
 Line 36:
-Wellenreiter is a gtkperl program that makes the discovery and the audit of 802.11b wireless-networks much easier.It has an embedded statistic engine for the common parameters provided by the wireless drivers which enables you to fetch the detail about the consistency and signal strength etc of the network.

For discover accesspoints / networks / ad-hoc cards, Wellenreiter got an amazing easy scanner window.

It searches for any accesspoint in the range of the scanning device. It detects and differs essid boradcasting or non-broadcasting wireless networks in every channel,doing frequency switching automaticly. The manufactor is detected by the devices MAC-Address. WEP detection is also implemented and Wellenreiter detects and differs wherever the beacon broadcasting machine is an true accesspoint or an AD-Hoc mode station.
+Wellenreiter is a GTK/Perl wireless network discovery and auditing tool.

Prism2, Lucent, and Cisco based cards are supported. Its scanner window

can be used to discover access-points, networks, and ad-hoc cards. It

detects essid broadcasting or non-broadcasting networks and detects WEP

capabilities and the manufactor automaticly. Dhcp and arp traffic will

be decoded and displayed to give you further informations about the

networks. A flexible sound event configuration lets it work in

unattended. An ethereal / tcpdump-compatible dumpfile can be created.

GPS is used to track the location of the discovered networks

immediately. Automatic associating is possible with randomly generated

MAC addreses. Wellenreiter runs also on low-resolution devices that can

run GTK/Perl and Linux/BSD (such as iPaqs). An uniq Essod-bruteforcer is

now included too.