A wardrive..... :eek:

[Tiger Shark]

Out of interest I decided to drive the four miles between my home and my watering hole with Netstumbler fired up. The drive is through mixed suburban areas, some commercial some residential. I was surprised at what I found.

1. Excluding my own WAP's at either end of the trip there were a total of 68 WAP's broadcasting their SSID.

2. Fourty of those WAPs were unencrypted.

3. Thirty eight were broadcasting the default SSID

4. 31 were Wireless-G indicating more recent purchase.

5. 18 of the Wireless-G were unencrypted.

6. One Government office, (porbably the Police station I passed ), was running a Linksys in default configuration.... I will resist the temptation.....

7. 3 people used their house number as the SSID

8. 3 People used their first name as the SSID

9. One person used their initial and last name as the SSID

10. 3 companies used the company name as the SSID

11. One company had three WAP's all broadcasting the same SSID, (MAC's were different, Fake network?)

12. The local Cemetery has wireless access... I find this funny for two reasons.... it's encrypted.... and it's where I want to be buried....

Hope you find that little wardrive as interesting as I did. It seems that wireless is making quite big inroads into normal people's lives but that they have no clue about even the most basic personal security issues.

[rider_royal]

I had an experience similar to it when one of my friend purchased a new laptop with wireless access card included, when i asked him about his safety measures his reply was " Hey this is branded laptop and preloaded with windows XP and you know microsoft has just released SP2 which is much secure and also dealer told me that this system is state of art, So why do I have to worry". Well if this is how these terms are interpreted , then it is no wonder that you experienced this in your wardrive. :-)

[Tiger Shark]

rider: On the client side with XPSP2 I would suspect that this isn't quite such as big deal as the WAP's themselves but I do get your point.

Seems to me that I can go anywhere and do anything completely anonymously because the unprotected WAP's give me almost unlimited opportunity.

Lets say I'm a terrorist and whether I am or not I think there is a high possibility that I am being watched. The scanario goes something like this......

1. OBL has a mail server in Jakarta listening on port 1234
2. I wardrive while going to work and save the log.
3. I get home and pick my three target WAP's that make it look like I will get straight on.
4. I configure my laptop to connect to them automatically.
5. I write a script that begins to ping yahoo constantly until I get a reply.
6. When Yahoo replies the script then runs a .reg file to alter my MAC address then deletes the .reg, disconnects and reconnects to the WAP.
7. The script sends a message to OBL's mail server with my encrypted attachment.
8. When the message is sent the script checks for mail and d/l's the encrypted IP address and port of the next mail drop, (they rotate on OBL's end for security's sake).
9. When the send/receive are done the script runs a .reg file that changes my MAC back to normal and deletes the .reg file and terminates.
10. I fire it up and drive to work.

Even if I am being followed and listened in on it will appear that the transmission came from somewhere else and that all I was doing was driving to work.

and that isn't all that difficult to do..........

[muert0]

.One of my roommates has a tablet pc and I put a input into the stereo and a ac/dc power adapeter in the car too. We'd ride around and just run stumbler. It's amazing how many open APs there are around here. I'll see if the numbers are still saved on his computer tomorrow after he wakes up.

[rider_royal]

Thats what my whole point was tiger shark, users are there who think all thses security related (even simple ) things too much work to do. there assumption of accessing something without dwidling with wires, shows that they like to be pampered so that they have to do less work, but when it comes to simple safety precautions it s boring, geeky and so on.
Now even a single user ina big company(anyone with sesitive data) with attitude can a potential hazard to company's data, as was case in your drive along 'police station'.
My point with SP2 was also that when it was released there is much huphullah in magazines(general pc users) that it is making them beleive that now everything is being taken care of and there is nothing to worry about. So much for technologically advanced society.

[|3lack|ce]

Tiger, you'd love my neighborhood. There's a wireless ISP broadcasting from atop the local water tower not 2 blocks from my house...

Love the cemetary encryption - Perhaps they're downloading PR0N from Beyond?

[Tiger Shark]

Perhaps they're downloading PR0N from Beyond?

Yeah, but I like my ladies with a little "meat" not the boney old things they'd be watching..... ROFLMAO

[SecGod]

My point with SP2 was also that when it was released there is much huphullah in magazines(general pc users) that it is making them beleive that now everything is being taken care of and there is nothing to worry about. So much for technologically advanced society.

A great point Rider! Education must be put out there that even though SP2 has some advances in security; it is quite a long way from being secure.

[R0n1n]

I conducted a wardrive from Staten island to 59th St (i was doing some work for a client and just let netstumbler run on the drive home) picked up hundreds of open APs, Manhattan seems littered with them.

Although, the client I was working on was using the new TKIP supported implementations (well, it was new then), now that was an entirely different beast.

[RoadClosed]

(porbably the Police station I passed )

Resist.... resist... resist.....

Actually that "chaps my ass" I fought and fought at a local level to keep wireless out of the local police headquarters and they did it anyway. ALL it takes is One tech to leave a link open and bam, you know damn well local government agencies do not have the audit and tech talent necessary to fight back and protect their "toyz". Do me a favor Tiger, go out tonight and war chalk their office. Watch them come in tomorrow and go WTF!!!! Chalk them right at the front entrance.

My local grocery chain has the ability to order croceries on the net and then have them either delivered or ready for pickup. I set here everyday staring at their open WAP link. I even checked out the antennas and routers to see exactly which they are and the model number as well as lights that are one indicating configuration etc. They are on a shelf in 4 locations across the main building. Sigh.... I am a white hat, I am a white hat.... big juicy truck full of steaks.... white hat white hat...