Embed Size (px)
DESCRIPTION
Wardriving. 7/29/2004 The “Bad Karma Gang”. Agenda. Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake. Definition : Driving through a neighborhood with a wireless-enabled notebook computer in search for wireless access points (APs) Purpose : - PowerPoint PPT Presentation
Citation preview
WardrivingWardriving
7/29/20047/29/2004
The “Bad Karma Gang”The “Bad Karma Gang”
AgendaAgenda
Introduction to Wardriving
The Tools of Wardriving
Wardriving Green Lake
What isWhat is War DrivingWar Driving??
DefinitionDefinition:: Driving through a neighborhood with a wireless-Driving through a neighborhood with a wireless-
enabled notebook computer in search for wireless enabled notebook computer in search for wireless access points (APs)access points (APs)
PurposePurpose: : Analyze Analyze Wireless LANsWireless LANs & show which APs are open & show which APs are open
ProductProduct:: Wireless Access Point MapWireless Access Point Map
OriginOrigin:: ““War dialingWar dialing””
Some Results of War DrivingSome Results of War Driving
-Source: Wigle.Net-
-WiFiMaps.com-
Nui’s House
Access pointWWWD4 (World Wide War Drive)
June 12-19 , 2004300,000 APs submitted worldwide
32.2%
67.8%
0.0% 20.0% 40.0% 60.0% 80.0%
protectednetw orks
unprotectednetw orks
Wireless Internet Security Awareness -152 networks audited-
Wireless Access Point Maps
Nowel & Budge
WiGLE
Legal BackgroundLegal Background
ActivityActivity LegalityLegality LawLaw
Scan access pointsScan access points Not illegalNot illegal
Intentional access of a computer Intentional access of a computer without authorizationwithout authorization
IllegalIllegal Computer Fraud and Computer Fraud and Abuse ActAbuse Act
Alteration of communication on Alteration of communication on ISP network without authorizationISP network without authorization IllegalIllegal
Electronic Electronic Communications Communications Protection ActProtection Act
Interception of communications Interception of communications as they’re going through the airas they’re going through the air IllegalIllegal
Wiretap ActWiretap Act
FootprintingAddress range,
namespace acquisition
ScanningFind promising points of entry
Anatomy of a Hack(Hacking Exposed 4th Edition)
EnumerationFind user accounts
and poorly protected shares
Gaining AccessInformed attempts to access target
Escalating PrivilegeGain complete
control of system
War driving Process
PilferingGain access to trusted systems
Covering TracksHide system privileges
Creating Back DoorsEnsure ability to
regain access at will
Denial of ServiceCreate ability to disable target
Legal Illegal
Possible Risks Possible Risks
War driving = not illegalWar driving = not illegal
Beyond war driving = illegalBeyond war driving = illegal Encryption key crackingEncryption key cracking Free internet accessFree internet access Identity exposure and theftIdentity exposure and theft Network resource utilizationNetwork resource utilization Data theftData theft Denial-of-serviceDenial-of-service Other hacking activitiesOther hacking activities
Confidentiality
Integrity
Availability
GPS Mouse
Notebook computer
Power Cable
GPS SoftwareDisplay
802.11 network sniffing software (e.g.
Netstumbler)
Text to speech software
"new network found. ssid is thd-
wireless. channel 6. network open."
Typical Wardriving Setup
Netstumbler Screenshot
For the thrifty and adventurous wardriver…Build a “Cantenna”
http://www.turnpoint.net/wireless/cantennahowto.html
Protection of Wireless Networks
• Use Wired Equivalency Privacy (WEP)Network card encrypts “payload” using RC4 cipherReceiving station decrypts upon arrivalOnly works between 802.11 stations.
No longer applies once payload enters wired side of network
Users should change default password and Service Set IdentifierUsers should change keys often
• Physically locate access point to avoid “spilling” signal off premises
• Install hardware or software firewall
• Use passwords for sensitive folders and files
• Users should perform wardriving test
Experiment: War Driving SeattleExperiment: War Driving Seattle
* Doonesbury, December, 2002.
Wardriving: Been there, done that?Wardriving: Been there, done that?
* “War Kayaking”, Summer, 2003.
War Driving ExperimentsWar Driving Experiments
Experiment 1: Open doorExperiment 1: Open door
Opened SBG1000 Opened SBG1000 wireless Internet wireless Internet gatewaygateway
Meant to disable 16 Meant to disable 16 bit encryptionbit encryption
Discovered traffic in Discovered traffic in logs when home logs when home computers offcomputers off
Experiment 2: Tools of the tradeExperiment 2: Tools of the trade
+ + = Access
My house
Results: Access GainedResults: Access Gained
ResultsResults
29 Available networks 29 Available networks in 2 short hours in 2 short hours All available from All available from parked car on parked car on crowded streetscrowded streetsColorful names for Colorful names for wireless routerswireless routers hotstuff, red libre, hotstuff, red libre,
eatshitanddieeatshitanddie most use most use
manufacturer namemanufacturer name
Only 3 required a key Only 3 required a key of any kindof any kind
TThe “Bad Karma Ganghe “Bad Karma Gang””
-Social Engineer Alumni Relations-
Discussion
![Wardriving - Zespół Przetwarzania Sygnałów [DSP AGH]dydaktyka:wardriving.pdf · •"Warwalking, or warjogging, is similar to wardriving, but is done on foot rather than from a](https://img.pdfslide.us/doc/110x75/5e2542fef14ca96f3028e86c/wardriving-zesp-przetwarzania-sygnaw-dsp-agh-dydaktyka-awarwalking.jpg)
![GPRS Intercept: Wardriving your country · BSN 3 BSN 4 BSN 5 [ 63 x the same decode chain ] 2 Demux of 32 identifiers in 2 directions X X … TBF queues + block defrag. Some GPRS](https://img.pdfslide.us/doc/110x75/5e53a56d6b5182569e0bca99/gprs-intercept-wardriving-your-country-bsn-3-bsn-4-bsn-5-63-x-the-same-decode.jpg)
