Jeremy Martin, CISSP-ISSAP, NSA-IAM/IEM, CEH – firstname.lastname@example.org It is a cloudy Friday night and I am in the listening to another episode of 2600’s “Off the hook” radio when the interruption of the phone catches my attention. I had been expecting the call from my colleague, because I needed help with some new proof-ofconcept ideas for a penetration test I have the following week. During the conversation, we eagerly decided to head out for the night to Wardrive in the area. Wardriving is always a good excuse to test new programs and ideas. We position both laptops for optimal WiFi signal, easy access to the GPS devices, and secure them for the least amount of movement while driving. Right before we leave, we make sure the power converter is turned on, and the systems are plugged in. To cover all our bases, one laptop runs Windows XP Pro, NetStumbler, and Cain&Able while the second system has Suse 9.2 Linux with Kismet, Airsnort, Aircrack, and Void11. Using two devices with such different environments improves success while surveying WiFi in an area or “footprinting” them. Here is where the fun begins. After driving for a few miles, we enter a well lit street in the business section of town, and hear the ping of live access points every few seconds. Even though we have been doing this for years, we are both amazed at the percentage of companies that employ WiFi that do not implement any sort of encryption. This allows us to park and let Kismet do what it does best... passively listen to network traffic running over the 802.11 signal. We are able to map several subnets and gather other interesting information being broadcast to the public. At the end of the night, we were able to gather over 127 WiFi hotspots after only driving seventeen miles round trip. With this type of information gathered, playtime for hackers begins.
Also referred to as “Geek’s catch and release fishing”, is the act of driving around and scanning for open WiFi hotspots. This is considered a sport in many circles and is growing in popularity across the globe.
Is similar to Wardriving, but on foot. There are many PDA devices that will allow you to install wireless and network auditing tools.
Wardrive is done for many reasons. Some do it for a social activity with friends. Others Wardrive as a community service to increase awareness, as a business model to secure for profit, or even the cause the dreaded criminal acts of spreading viruses, hack, or commit fraud.
Windows system: ♦ Acer Aspire 1520 laptop ♦ Riklen GPS ♦ FM Modulator ♦ Windows XP Pro ♦ NetStumbler ♦ Cain & Able ♦ MS Streets & Trips Linux system: ♦ Acer Travelmate ♦ Microsoft MN-520 ♦ Suse Linux 9.2 ♦ Kismet ♦ AirSnort ♦ Void11
Wardriving does not take a long list of special tools and equipment. Above is a list of equipment I use and have found to work, it is not a requirements list. Almost any WiFi enabled Windows machine can scan for hotspots right out of the box by installing either Cain or NetStumbler. Linux is another story. Since the Linux environment allows for more direct access to the hardware, there are more items to consider. These include Linux compatibility, correct drivers, and knowledge of iwconfig or similar configuration utility for using the card in promiscuous mode. Many “Live Linux” distributions take care of most the work for you if the WiFi card has compatible chipsets. The most common and well known WiFi chipset for Linux use is the PRISM 2. The Orinoco Gold card became very popular because of it’s easy of use and ability to work with most Linux environments out of the box. You can use most Windows based cards in a Linux environment by using an NDIS driver, but they will not work for scanning purposes because of the inability to access the hardware directly. The problem you may come across is that most Windows based scanning utilities use a method of scanning called “Active scanning”...