How-to Wardrive

Wardriving: the act of locating and possibly exploiting connections
to wireless local area networks while driving around a city or
elsewhere. [techtarget.com]


With more and more people going for convenience in home networks,
or even business networks, wireless routers are seen more and more.
Some people consider "wardriving" a hobby, others do it to prove a
point (wireless just isn't secure!), and some just do it cause it's
just plain fun. Throughout the tutorial, some mere basics will be
covered on the art of wardriving.

[list=1]What You Need:[*]Wireless network card[*]Laptop (unless you feel like finding a power source for your desktop,
and you can fit it in your car.. dummy!)[*]NetStumbler (www.netstumbler.com)[*]Antenna (optional)[*]GPS reciever (optional)[/list=1]

Before You Go

NetStumbler Briefing:
When you first open NetStumbler, a window will pop-up with
a title based on the date/time. This is the window where all the
located AP's will show up. If you have more than one wireless network
card in your laptop, you'll want to go to the Device menu, and select
the one that you'll be working with. Also, if you have a GPS reciever,
go into the View menu, then Options. Go to the GPS tab, and change
the settings based on your individual reciever. I recommend leaving
all other settings where they are. Finally, the green arrow located
on the top toolbar indicates whether or not you are currently scanning
for networks or not.

Why should I have GPS?
GPS comes in VERY handy if you're wanting to return to the
networks at a later time, or if you're trying to map out all the networks
that you find. It's better than having to slow down everytime you find
an AP, and write down the exact location.

What's the big deal with antennas?
An antenna is HIGHly recommended, especially an omnidirectional
antenna. There are other tutorials out there on how to make one, cause
honestly, I don't know. Most WiFi cards have terminals to hook up an
antenna, so if you can get your hands on one, take advantage. It will
let you get a MUCH better signal on the AP's, and detect them from
further away.


Drive Boy, Drive!!

1. Place your laptop running NetStumbler somewhere in your vehicle
where it won't be a distraction. Cell phones are bad, but laptops are
definately worse!

2. If you do not have an antenna, you'll need to be a little more
cautious when driving around, because networks won't necessarily show
up if you're blazing by at 60mph. I usually go about 35-40mph until
an AP shows up, then I slow down to about 15-20mph. This helps me
pinpoint exactly which home/business is running the network.

3. You don't HAVE to keep notes, but a lot of times, it's a good idea
if you plan to return to the network... or if you don't have a GPS
reciever. Make a little .txt file where you can jot down information
about the location, address, etc. Just remember, DON'T TYPE AND DRIVE!

4. Be sure to save your .ns1 (NetStumbler) files, they contain lots
of key information if you're ever to return to the network.

5. When your battery dies, or you run out of gas... that's usually the
sign that your wardriving episode for the day is over. If it was the
battery, go home and charge it until next time. If it was the gas,
you're just plain stupid then.


Other Stuff

DiGLE (www.wigle.net), a useful mapping tool based on input from other
wardrivers nationwide.

www.wifimaps.com, another useful online tool to post or view networks
found.


Security Talk

First and foremost, this should not be done on any network unless you
have full authorized access to do so. This is merely a tutorial, and
not a lesson in taking over a network.

Wireless networking is fairly insecure, especially in the hands of Joe
Schmoe who wants to be cool with a wireless network. More than 75% of
the networks you'll find will have the default SSID, and more than
likely, the default router login. ie. Just about all Linksys routers can
be connected through via http://192.168.1.1/, leaving the username blank,
and using "admin" as the password. Also, any hacker can do his dirty
work from the street using poor Mr. Schmoes's network as his connection.
So who do they trace the deed back to? Not Mr. Hacker, but Mr. Schmoe.
.. poor poor Mr. Schmoe. If somebody is computer savvy, they'll most
likely have WEP encryption on their network, which requires a mere key to
connect. AirSnort (a tool for linux) actually with break these keys.

There's really only one secure network that I've actually seen, and it
changes its WEP key every 40 seconds using a mathematical algorithm...
why can't everybody have something like this??


De-Brief

If there are any further questions regarding WiFi or wardriving, be sure
to post them and I'll have them answered as soon as possible!!