[ISN] Tracking Down Insecure WLANs

From: InfoSec News (isnat_private)
Date: Tue Oct 22 2002 - 23:04:10 PDT

  • Next message: InfoSec News: "Re: [ISN] Researchers predict worm that eats the Internet in 15 minutes"

    By Dennis Fisher
    October 22, 2002 
    Looking for something to do this weekend? Well, if you have a laptop
    and a wireless card, you can join dozens of other technophiles with
    time on their hands in searching out insecure WLANs.
    A group of security professionals and enthusiasts later this week will
    kick off the second WorldWide WarDrive, a week-long coordinated effort
    to identify wireless LANs and assess their security levels. The first
    event, held in late Aug. through early Sept., drew participants from
    10 states and six countries.
    The second wardrive starts Oct. 26 and runs through Nov. 2.
    War driving is the practice of canvassing a given neighborhood or city
    in search of WLANs. Practitioners typically cruise an area, armed with
    a notebook PC or handheld with a WLAN card and a software program,
    such as NetStumbler or Kismet, that listens for signals sent out by
    WLAN access points.
    From the information broadcast by the AP, war drivers can tell if the
    device has WEP (wired equivalent privacy) encryption enabled and other
    vital information, such as the network's SSID (service set
    There is nothing illegal about simply identifying such networks but
    connecting to them and using bandwidth and network resources for free
    is a crime. Which is why the organizers of the WWWD are careful to
    point out that they do not connect to any of the networks they find.  
    In fact, the group's Web page lists instructions on how to avoid
    connecting to a network inadvertently.
    The organizer of the event did not respond to an e-mail seeking
    comment for this story.
    The first WWWD event produced an interesting set of statistics. For
    example, of the more than 9,300 WLANs the group found, just 30 percent
    had WEP enabled. And 26 percent were using the default SSID and did
    not have WEP enabled.
    The effort grew out of a war driving contest held in conjunction with
    the DefCon hacker convention last summer. And while its level of
    organization may be somewhat unique, the WWWD is just the tip of the
    iceberg. There are dozens of Web sites that offer war driving tips,
    sniffing software and forums where hobbyists can trade techniques and
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 01:45:07 PDT