http://www.linuxworld.com/site-stories/2002/0218.wardriving.html By Joe Barr February 19, 2002 (LinuxWorld) -- The idea was innocent enough: Enable my girlfriend to use a laptop computer to surf wirelessly from the sofa while watching TV. That, however, is not quite how things worked out. As I put the finishing touches on this story I am: * Packing my gear. * Making sure my laptop is fully charged. * Checking to see if I have the latest versions of all the prerequisite "tools." Okay. All set. Me and the laptop are wardriving again. A month or two back I wrote a column about an Austin, Texas firm named RockSteady. As part of the research for that story, I installed a "Rock Box," a dedicated firewall/network appliance. Included in it was a wireless NIC. All I had to do to be able to check e-mail or do research from the living room or the deck was to get a wireless PC card for my laptop. Temptation proved too great. I recently sprang for a D-Link DWL-650 802.11 wireless LAN card. Beginning with a fresh installation of Red Hat 7.2 on my Sony Vaio (PCG-XG700K), I added the latest releases of pcmcia-cs and wlan-ng to get the most out of my Prism2 based D-link card. Your own card might require different tools, depending on what chipset it uses. At the time, the latest releases were pcmcia-cs-3.1.31 and linux-wlan-ng-0.1.12. You can find them at the sites noted in Resources. I won't walk you through compiling and installing them, but I will mention that many wireless tools require you to have the kernel source code available for them to compile. I found myself guessing at some of the options in the /etc/wlan-ng.opts configuration file simply because I wasn't familiar with wireless terminology. Adhoc or infrastructure? Naturally, I chose the wrong one for the RockBox setup the first time. When I changed the option setting to adhoc, it worked just fine. For the benefit of any other late arrivals to the wireless party, I've included a brief primer explaining some the terms I ran across which were new to me. I also recommend spending some time on IRC visiting with the folks on the #wireless channel on openprojects.net. With a little more fiddling, I had the configuration set for adhoc mode and an SSID of RockNet. That's all it took. Since then, I've learned that an SSID of "Any" works as well. There I was, surfing from my armchair in the living room, feeling like this was the way Internet access always have been. Now, at last, if I feel like it, I can respond to those annoying realtime polls all the networks are doing in prime time TV. Susan can get on the 'net to exchange e-mail, shop, or visit dating sites to find a less nerdy boyfriend. Ah, the high life -- wireless Web surfing without leaving the flickering glow of the monocular monster, our TV. Trouble in paradise Alas, the wireless lifestyle is not all joy and light. Yes, wireless 802.11 cards and access points are flying off the shelves. People want and find easy connectivity with 802.11-standard products. Ah, there's the rub, and a real dilemma it presents. Once again, we are caught between ease of use and security. It's almost enough to make me feel sympathy for Microsoft's chronic security problems, which are often excused as being the result of those same two choices. There are two major problems with wireless today. One is that all too often it is implemented without any kind of security at all. The other is that the out-of-the-box security options, if the consumer switches them on, are completely ineffectual. Wireless is so wide open, in fact, that it has given birth to a new geek Olympic sport: wardriving. Wardriving is to wireless like wardialing used to be to modems. The game is all about seeing how many potential targets you can find. Wardriving is a lot easier than wardialing, and a lot less intrusive. All you need to play is a laptop, a wireless PC card, and some software. In my case, the software I needed is called Prismstumbler, designed to play nicely with the chipset my D-Link card is based on. IANAL, (I Am Not A Lawyer) but my understanding is that wardriving is completely legal. (Ed. Even if he was a lawyer, the laws in your jurisdiction might vary.) Prismstumbler, for example, is less intrusive than Windows XP. According to what I've read on the 'net, a wireless XP box tries to associate with every wireless beacon it hears. Prismstumbler simply listens and tells you what it has heard. It is completely passive. Unless Microsoft is operating under a completely separate legal system than the rest of us, scanning for wireless beacons can't be illegal. On second thought, perhaps I should come up with a different analogy. Wardriving can get sophisticated. You can connect an external antenna to your wireless card and put it on the roof of your car. You can attach a GPS device to the laptop, and an external antenna to that. Then you can concentrate on driving and map the results later. I kept it simple, no GPS, and no antenna. Nevertheless, I still had a lot of fun and was surprised at how easy the game really is. My first excursion was to a small town of about 50,000 souls. I started up my Prismstumbler script and watched its findings appear by pointing my browser at http://localhost:9000. Suddenly, there it was. My first "catch"! It was a used car dealership with not one, but two access points. Then another access point appeared, and then another. I drove only a couple of miles into the center of town and found more than a dozen. Most appeared to be unprotected. Only one was using the built-in encryption. The encryption used for wireless LANs, however, is useless. It has been cracked and the method to do so made public. One program (Airsnort) claims to be able to crack WEP in about a second, given the right number of packets to examine. The first line of defense for wireless -- the built-in encryption -- is just about as useful as ROT13. Making matters worse is the ease of installing access points. I wonder how many IS shops have them in place and aren't even aware of it. I wonder how many are in place behind conventional lines of defense. I have fun with my wardriving, and I've even alerted a few folks to the problems they invite with unprotected wireless. But trust me. Not everyone out there wardriving is satisfied at stopping with a little innocent fun. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 03:34:27 PST