Back in the old days before everyone had broadband internet access, modems were the standard way of accessing other computers and consequently other networks. In order to connect to another computer, you first had to know what phone number to call. People would often run programs that would call huge amounts of phone numbers in an attempt to find computers that they could connect to. Often times people would find dial-in phone numbers to corporate, school, or other networks that they probably shouldn't have access to.

With the advent of the Internet, a similar activity has been born. Scanning. On the Internet, an IP address is analogous to a phone number. People often scan through large amounts of IP addresses looking for computers that are running certain types of servers.

The new wireless age has introduced a new brute force attack. War driving is when crackers (or harmless interested parties drive around in a car equipped with wireless gear looking for illicite access to unsecured wireless networks. Recently TheRegister had [http://www.theregister.co.uk/content/8/17976.html an article] about War driving.

There are some tools to facilitate finding AccessPoint's.

• A Windows application by MariusMilner called NetStumbler.

  • http://www.netstumbler.com/

• JimBinkley's Wscan which works under FreeBsd and Linux (currently true AccessPoint scanning is only available under the FreeBsd version, though the patches needed are supposed to be in the latest version of the 2.4 orinoco_cs driver)

  • ftp://ftp.cs.pdx.edu/pub/mobile/

  • under Free BSD 4.5 it available in ports.
  • cd /usr/ports/x11/wscan
  • (as root) make install clean

• IBM's WirelessSecurityAuditor, a NetStumbler clone written for Linux on the iPAQ.

  • http://www.research.ibm.com/gsal/wsa/

• Bret Mounet's Netstumbler'ish program for Windows 2000 and it only works with Prism2Cards.

  • http://www.bretmounet.com/ApSniff

• A perl script by Peter Shipley to pull stat's from FreeBsd's wicontrol and lat/long from a GPS unit.

  • http://lists.bawug.org/pipermail/wireless/2001-April/000679.html

  • The [http://www.dis.org/wl scripts] and [http://www.dis.org/wl/maps maps] are available.

• Two perl scripts by frisco@blackant.net which he used to map around Ann Arbor MI (supposedly there are some bugs in this so beware).

  • http://blackant.net/other/wireless.php

• Kismet (great curses based Linux auditor and stumbler)

  • http://www.kismetwireless.net/

• Wellenreiter (Perl-GTK auditor and stumbler for Linux)

  • http://www.remote-exploit.org/

• PrismStumbler (command like and Perl-GTK)

  • http://prismstumbler.sourceforge.net/

  • http://home.attbi.com/~sboger1/prismstumbler.html

There are also some tools available to help you subvert the security of an AccessPoint (or more acurately audit the security of your own AccessPoint ... right?). These should be refactored into another page.

• There are many WirelessSniffers available.

• THC-RUT (aRe yoU There) is a tool for attacking Lucent AccessPoint's

  • http://www.thehackerschoice.com/

• AirSnort

  • http://airsnort.sourceforge.net/

• WepCrack

  • http://wepcrack.sourceforge.net/

[CategorySoftware]