Wireless Acking or War Driving

Thread: Wireless Acking or War Driving

  1. unclex's Avatar

    unclex said:

    Default Wireless Acking or War Driving

    I am going to post this all again because CC has gone.

    Wireless acking is going to be the next big thing this year coming up.

    Free internet access and other things

    I will update with sites and software for all your pleasure,

    You may be asking "What is this all about?"

    You need a Wireless card (check out the UK site for the type of card you should buy) + Laptop with card slots, download software (we will talk
    about this later on) ok if you want to go all out a GPS unit to connect to the software and record the location of the network that maybe next
    to you local pub cafe etc. You may also want to fit an external are antenna.

    Burners and SWR Meters, It sounds a bit like the old CB radio days.

    I will try to add more over the next week.

    This is the US Top forum, alot more on this one but if you want one closer to home try the next one.
    Forum [Only registered and activated users can see links. ]
    Site [Only registered and activated users can see links. ]
    Software downloads

    [Only registered and activated users can see links. ]

    other sites
    [Only registered and activated users can see links. ]

    [Only registered and activated users can see links. ]

    This site has just started and is the only UK forum I can find
    site [Only registered and activated users can see links. ]

    Another UK site with a good load of photos to get you started
    site [Only registered and activated users can see links. ]

    I like these two both have extenal antenna option, they are the both the same card both by Lucent
    Lucent Technologies WaveLAN/IEEE (Orinoco)
    Compaq WL110


    Network Stumbler
    Description: Version 0.3.22 (Most recent stable version)

    Supports Windows 2000, XP, 95, 98, Me (not NT 4.0).
    Only works on Hermes chipset cards (Orinoco and OEMs) - see the readme in the archive for a detailed list of cards known to work. Does not
    work on Prism cards (Linksys, DLink, SMC, Cisco, ...)
    GPS no longer locks up when system goes into standby mode.

    AirSnort wireless network sniffer
    To work AirSnort needs only to be installed on a Linux-operated computer with a wireless network card.

    AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring
    transmissions, computing the encryption key when enough packets have been gathered. Prism cards are the ones for this

    download here

    [Only registered and activated users can see links. ]

    [Only registered and activated users can see links. ]

    Check out the sites and go from there, give some feed back.

    Next post

    Ok made my first mistake

    bought the wrong card

    I got it going using a combo of drivers

    over 100 WLAN's open with out protection in the drive that i made around town


    Well more war driving and more open networks with out WEP installed.

    If you are running Linux you can get a program called WEPCRACK, you should be able to crack the WEP with this.

    Sorry no windows version at this time.

    Looking to post soon a map of a large town in England will loads of open networks, just got to import it into autoroute


    Well still going strong, If you have XP it connects just like that, Oh dear me.

    Just thought I would give you all some more info today

    Wireless Security


    Enable WEP (Wireless Encrypiton Protocol). It will act as a first line of defense. It's free. Nearly all Wi-Fi certified product ships with basic
    encryption capabilities. (40-bit key WEP). It's just disabled.

    Change the default SSID of your product. Many access points/wireless routers we find have the manufacturer's default SSID. If it still had the
    manufacturer's default SSID, that the owner probably hadn't bothered to change the default password,

    Don't change the SSID to reflect your company's easily pick-ed off info like names, plants, divisions, or products. If your naming is enticing
    enough, it may attract hackers who are willing to put in the additional effort with tools like AirSnort to
    break your WEP encryption keys.

    Don't change the SSID to your street address. Surprisingly, a large number of SSIDs use the company's street address. It sure does make it
    easier to zero in on your location if you broadcast it.

    If your access point supports it, disable "broadcast SSID". As you take your access point out of the box, broadcast SSID is enabled which
    means that it will accept any SSID. By disabling that feature, the SSID configured in the client must match
    the SSID of the access point.

    Change the default password on your access point or wireless router. Any real hacker (not script kiddies) knows the manufacturers' default
    passwords, and will try them first. Since programs like NetStumbler identify the manufacturer based on the
    MAC address, it doesn't take much work to figure out what type of device it is even if you do change the SSID.

    Think about locating the access points toward the center of your building rather than near the windows. Plan your coverage to radiate out to
    the windows, but not beyond. If the access points are located near the windows, a stronger signal will be
    radiated outside your building making it easier for people to find you.

    As a network administrator, you should periodically survey your site using a tool like NetStumbler to see if any "rogue" access points pop up. A
    department might run out to Fry's, buy a couple of NICs and an AP, and plug it into your corporate
    network. Banana peel in the wild spells slippage of your hard work to "harden" your wireless network.

    Take a notebook equipped with NetStumbler and an external antenna outside your office building and survey what someone parked in your
    parking lot might "see". You're gonna drop you jaw.

    Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. If the MAC address of
    your NIC isn't in the table of the access point, you won't associate with it. And while it's true that there
    are ways of spoofing a MAC address that's been sniffed out of the air, it takes an additional level of sophistication to spoof a MAC address. The
    downside of deploying MAC address tables is that if you have a lot of access points, maintaining the
    tables in each access point could be time consuming. Some higher-end, enterprise-level access points have mechanisms for updating these
    tables across multiple access points of the same brand.

    Consider using an additional level of authentication, such as RADIUS, before you permit an association with your access points. While it's not
    part of the 802.11b standard, a number of companies are optionally including some provision for
    RADIUS authentication. Orinoco access points, for example, can enforce RADIUS authentication of MAC addresses to an external RADIUS
    server. Intermec access points include a built-in RADIUS server for up to 128 MAC addresses.

    If you're deploying a wireless router, think about assigning static IP addresses for your wireless NICs and turn off DHCP. It's true that it's more
    of an administrative overhead to manage, but a number of wireless networks passout IP addresses once
    associated with the AP. Although a wireless sniffer could easily pick out IP addresses, by not passing them out, it just adds another barrier. It
    makes it tougher for the casual "drive by" to use your network.

    If you're using a wireless router and have decided to turn off DHCP, also consider changing the IP subnet. Many wireless routers default to the network and use as the default router.

    Don't buy access points or NICs that only support 64-bit WEP. Some low-end products only support 64-bit (40 bit key) WEP, and as you know
    by now, even 128-bit WEP is universally considered not very secure. Note that some NICs may
    only require a driver upgrade to attain 128-bit WEP capability.

    Only purchase access points that have flashable firmware. There are a number of security enhancements that are being developed, and you
    want to be sure that you can upgrade your access point.

    Some products support additional security features that are either not defined by the 802.11b standard, or not mandated by the standard. For
    example Agere Systems' Orinoco access points include a feature called "closed network". This is
    proprietary, and not part of the 802.11b standard, but if you're in a corporation and deploying one vendor's solution throughout, it really
    wouldn't matter. With Orinoco's closed network, the AP doesn't broadcast the SSID, so someone using
    NetStumbler won't see it. The client workstation must be configured with a matching SSID to associate with the AP. The default "ANY"
    configuration wouldn't associate with a closed network.

    Most people agree that the best method of securing your wireless network is by using a combination of the suggestions above. However, the
    most effective strategy would be to put your wireless access points into a DMZ, and have your wireless
    users tunnel into your network using a VPN. (See PC Magazine's VPN story titled "Safe Passage".) If your corporation doesn't already have a
    VPN infrastructure in place, it's going to cost you some money to implement. Even if you do have a
    VPN in place, and all of your clients already have the VPN software, there's going to be an extra effort associated with setting up a VLAN for
    your DMZ. But this solution adds a layer of encryption and authentication that could make a wireless
    network suitable for sensitive data.
    Last edited by unclex; 8th January 2002 at 01:15 PM.
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  2. mitchtech's Avatar

    mitchtech said:


    I see you have had a sucessfull little outing in a big town.

    good work dude
  3. unclex's Avatar

    unclex said:


    Just been working hard to keep everyone informed about something I think is going to kick off big this year.

    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  4. Astrolox's Avatar

    Astrolox said:


    This sounds like what Pete at [Only registered and activated users can see links. ] started off.

    I met him at last year's [Only registered and activated users can see links. ], he gave a talk about all of this. I have mp3 recordings of his talk if anyone wants copys I'm sure I could find a web site to put them on.

    Anyways it's cool stuff, enjoy the above links.
    Last edited by Astrolox; 9th January 2002 at 01:30 AM.
  5. unclex's Avatar

    unclex said:


    I would like to get a copy of that, I am making a presentation to the London meeting in the next few weeks.

    i am doing a something like that for some large towns in the UK as a project to show how weak it is in the UK.

    As said by [Shipley [Wyatt] [Aaron] [Seric] [Cal] research procject to collect and analyze statics on open 802.11

    doing the same
    Last edited by unclex; 9th January 2002 at 09:56 AM.
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  6. unclex's Avatar

    unclex said:


    Another place to try is a high hill top.

    Get yourself a high gain directional and point and snifff
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  7. charlievarley's Avatar

    charlievarley said:
    Great update bro thx
  8. Elwood's Avatar

    Elwood said:


    How easy is this to do? I was considering getting a mobile phone to use for anonymous surfing, would this be a good alternative?


  9. unclex's Avatar

    unclex said:


    anonymous surfing - this can be done this way through someones cable or adsl connection.

    you have to be carefull!

    In XP or Win2K you can get auto connections by switching on the DCHP so the router or server gives you an IP address

    The MAC that is on the wireless card can be spoofed or changed to hide your tracks.

    For me this is an test and this is not something I would go out and do all the time.

    My interest is to see how many are out there in my local area that are open.

    connection are very easy to make - go to the links and read the forums.

    watch your back though.

    Mr Typo stricks again
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  10. Astrolox's Avatar

    Astrolox said:

    Defcon MP3

    That MP3 that i mentioned previously is currently on my DC Share as an ISO image.

    I will post it on a web site as soon as I get some time, but am a bit busy at the moment.

    Anyways just thought I'd tell ya.
  11. unclex's Avatar

    unclex said:


    Ok no probs

    thanks - when you have time that would be great
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  12. eminem's Avatar

    eminem said:
    this is a top post uncle X, ive just tried to take the 1st steps in securing my personal home network @ home just incase and havin a few probs with WEP. Ive got a SMC Router and separate Access Point and a Lucent and cisco 340 wireless cards. When i enable WEP on the access point and cards i cant communicate @ all but all is fine after disabling it. Any ideas man?

  13. unclex's Avatar

    unclex said:


    The WEP keys need to be the same in all the units.
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  14. hxbro's Avatar

    hxbro said:

    Default Where to buy wireless equipment ?

    Anyone know where is the best place to buy wireless equipment, something thats in a bundle would be nice (access point + a couple of cards pcmcia and pci preferrably, although I could manage with usb at a push) - I'm moving into a new house that doesn't seem to be designed for trailing network cables around - so need to go wireless ;-)

  15. unclex's Avatar

    unclex said:


    Do you want too, are you sure

    If you are running windows, use a Lucent chipset

    Compaq WL110 or a wavelan card Gold 128bit silver 56bit

    go to [Only registered and activated users can see links. ]

    UK site [Only registered and activated users can see links. ]

    [Only registered and activated users can see links. ]

    It does not matter about the make they are all the same channels in IEEE region - if you buy off ebay in the states be carefull

    UK has 13 Ch

    US has only 11 Ch

    Japan has 14 Ch

    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  16. unclex's Avatar

    unclex said:


    Netsumbler from the .com

    Just thought I would get you going by posting some software

    this works with Lucent chipset cards

    Compaq WL110 from [Only registered and activated users can see links. ]

    wavelan silver or gold

    get stumberling
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  17. unclex's Avatar

    unclex said:


    this one is for people who have prism cards with windows

    prism cards do not work with netstumbler

    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  18. unclex's Avatar

    unclex said:


    Still doing it and it still rocks - setting up an long distance test at the weekend , to see if I can hook up into the city area
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  19. unclex's Avatar

    unclex said:


    Thanks to ackers

    Wireless computer networks are often wide open to intruders.
    The security features of popular wireless network adapters are switched off by default, and many installers do not bother to turn them on or configure them sensibly.

    Driving around the City of London, two security consultants found eight unprotected networks in a quarter of an hour.

    The equipment they used - a laptop, an off-the-shelf network card and a piece of software downloadable from the internet - could be acquired for around 1,000.

    Open doors

    Building on such knowledge to penetrate computer networks would require some technical knowledge and would in most circumstances be illegal, but it would not be very difficult.

    Wireless network systems are generally sold with all their security features turned off because this makes them easier to set up.

    The idea is that the network installer gets the network up and running, then switches on a scrambling feature which is intended to afford as much security as that enjoyed by a conventional wired network.

    And if the installers bother to switch on the security measures, many will use easily guessed passwords and system IDs, or do not change such settings from their defaults.

    But all this may be pointless anyway because the security technology at the heart of some of these networks is flawed.

    A cracker monitoring even a well-configured network for long enough would be able to break in and masquerade as an insider.

    There is one way of making a wireless network much more secure than this, but it is rarely used.

    Convenient option

    Wireless networks are popular because they connect computers together without the need for running cables and drilling holes in walls. But they can be a headache for people responsible for computer security, sometimes bypassing expensive and carefully maintained firewalls.

    Most wireless interface cards on the market employ a system known as Wired Equivalent Privacy (Wep) to provide the user, in theory, with the same level of privacy they would have on a standard, cabled network.

    But even if Wep is properly configured, it simply lengthens the period of time an intruder would need to gain access.

    A quirk in the way Wep manages the initial stages of conversation over a network leaves it vulnerable to the kind of intruder that has enough time to hang around and listen in on hours or days of network traffic.

    Software downloadable from the internet without charge listens in works out the key protecting the network. Once the intruder has the key, the e-mails and documents stored on computers on the network are extremely vulnerable.

    Public service?

    Basic scanning tools will provide an idea of how many machines are on the compromised network and whether they hold much data. At the moment, few tools are straightforward to install and use.

    Often they do not run on Microsoft Windows systems, nor do they come with the kind of installers that make commercial software easier to use.

    And many require a fair degree of familiarity with the internals of Unix-based systems - not something the average user has.

    The creators of these tools make them available via the internet. They say that having such tools publicly available makes people aware of the problems of wireless networking and helps find a solution.

    Some people criticise them, saying that they put into the public arena powerful tools which can be used for good or bad.

    Groups of individuals have also published lists of vulnerable networks.

    Legal position

    Listening to the airwaves to see who has an unsecured wireless network in the area is a passive activity, as is listening in to enough network traffic to gain the key to a secured network.

    Provided no-one goes a stage further and tries to use that knowledge to log on to systems without authorisation, it is not clear that such activities fall foul of the law.

    Those in the know say network administrators should use scanning tools to identify the weaknesses in their own systems. Then they should use a commonly available system called IPsec to scramble everything that passes across the airwaves.

    IPsec is much harder to crack than Wep, so even with the key to a network, the intruder would still be faced with a stream of apparent gibberish which was seriously difficult to decode.
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
  20. unclex's Avatar

    unclex said:


    New version of Netstumbler out - also a new pocket pc version...

    [Only registered and activated users can see links. ])
    Have Fun.

    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot: