Looking for unprotected Wireless LAN: full access to war driving

Liu Yuan
With the rise of Wireless LAN technology, more and more people are deploying wireless LAN at home and in their units to enjoy the fun of wireless networks. At the same time, the security issues highlighted by wireless LAN have also become the focus of widespread attention. Among these numerous Wireless LAN security problems, "War driving" is afraid that it has not been concerned by the majority of ordinary wireless users, this is mainly because many people do not know much about war driving.

For war driving, war driving enthusiasts can bring endless fun to themselves and bring security threats to wireless LAN users. As an ordinary wireless user, we can also learn about the security of the wireless LAN deployed by using the technology used by war driving, and find the corresponding Wireless LAN security solution.

In view of the role of war driving, this article will start from the principle of war driving and discuss with everyone how it works through a specific example of war driving, so that we can understand how to prevent and reduce the security risks caused by war driving, and how to use war driving technology to help us find security vulnerabilities in Wireless LAN.

I. What is war driving?

Here, we refer to war driving as a wireless LAN reconnaissance platform built using the corresponding hardware and software, A general term for finding unprotected wireless access points (APs) in each street of each town by walking or using the appropriate means of transportation. This undefended Wireless LAN is similar to the old war code used by hackers to search for undefended Wireless LAN via free phone. In addition, in order to find a wider range of undefended Wireless LAN, usually it will drive the corresponding means of transportation (such as bicycles or cars), thus it is called war driving.

For war-driven vehicles, the goal is not only to find undefended wireless access points, but also to use GPS devices to locate the longitude and latitude of each open Wireless AP, then, the open AP found in the GPS plot is identified in the GPS map according to the specific longitude and latitude, the information, along with the name of the wireless access point, the SSID, and the name of the institution where the Wireless AP is located, will also be posted to the corresponding website or forum on the Internet.

Nowadays, there are already many war-driven groups. Generally, They are war drivers in a specific city or region. They often perform war-driven activities, then, the undefended Wireless LAN information is published to the relevant network. These war drivers are often on forums, such as our country's.

For those who drive purely war, their activities only aim to find as many undefended wireless access points as possible, that is, to test the signal strength of the detected AP at most, and connect to the Internet free of charge through these wireless APs. Even war drivers may post information on the Internet or use other methods to remind insecure Wireless LAN users to take security measures. However, for malicious attackers, these unprotected Wireless LAN is the best way for them to intrude into networks and obtain confidential data.

Therefore, the main purpose of this article is to give Wireless LAN users a clear understanding of war driving. It is not an article about how to attack a wireless LAN, if you are interested in this, you just need to have fun with war driving, or learn about the security of your wireless LAN, and make the best contribution to wireless security.

Ii. equipment required for war driving

To drive a war, you must prepare the following equipment for this purpose:

1. hardware required for war driving

War-driven hardware usually refers to laptops or PDAs, mainly because both devices are mobile and can be carried by war drivers along the streets. These hardware devices are usually built in or can be connected to different wireless NICs, powered by battery power, and have powerful data processing capabilities, can fully meet the needs of wireless access points. In particular, the emergence of mobile phones and PDAs with WIFI and GPS functions makes war driving easier and easier. However, PDAs have far fewer functions than laptops, laptops are still the best device for war driving. The content described in this article is only for war driving using laptops.

2. software required for war driving

War driving mainly uses a variety of wireless reconnaissance software to search for wireless LAN signals using the 802.11a/B/g protocol and the next generation of Wireless LAN Standard 802.11n protocol, therefore, we have to choose the appropriate wireless reconnaissance software for war driving. At present, although there are already many wireless reconnaissance software available on the market, there are both free and commercial systems and operating system platforms, we also need to know which types of wireless Nic chips they support. Therefore, when selecting the desired wireless sniffing software, we must make the selection based on understanding the main functions of the software and supported operating platforms.

Next, I will give a brief introduction to three wireless LAN detection software used by war drivers, we hope to help readers who need this information with software selection.

(1) Netstumbler
NetStumbler is a free wireless LAN detection tool used to search for IEEE802.11a/B/g/n standard. It supports most mainstream wireless NICs, including PCMCIA wireless NICs, and also supports global GPS satellite positioning systems. NetStumbler can be used to verify the weaknesses in wireless customer and Wireless AP configurations. It can be used to detect the reasons for interference with wireless LAN signals. It can be used to detect unauthorized wireless access points. It works with GPS, it can also be used to locate the specific orientation of the detected undefended Wireless AP. NetStumbler can display the searched Wireless Access Point's SSID name, MAC address, IP address, and whether encryption is applied.
NetStumbler can be run in Windows 98 and later versions. The latest version of NetStumbler0.4.0 is available. We can download the latest version from www.netstumbler.com/downloads/website.

(2) Ministumbler
MiniStumbler is a wireless reconnaissance engineer under Windows CE. It can detect a wireless LAN established using the 802.11a/B/g protocol.

MiniStumbler is actually the lite version of NetStumbler. We can use it to verify the security devices of the wireless LAN and find the specific location where the wireless LAN signal cannot be reached, check whether other wireless information is interfering with your wireless LAN, and detect unauthorized wireless access terminals connected to the wireless LAN, in addition, it can help the optimal connection location between the relay AP when deploying a Distributed Wireless LAN. It also has the biggest feature of its ability to use it to easily drive a war of entertainment through a PDA or smartphone.

Currently, MiniStumbler can only be used in HPC2000, PocketPC 3.0, PocketPC 2002, and Windows Mobile 2003. This limits its versatility. If you want to use it for war driving, you should choose a PDA product that supports it. The latest version of MiniStumbler is MiniStumbler0.4.0. We can download this package from the html "> http://www.stumbler.net/readme/readme_mini_0_4_0.html.

(3) Kismet
Kismet is also a free wireless LAN sniffing Tool Based on IEEE802.11a/B/g/n standard. Kismet works with most wireless NICs that support wireless monitoring. For example, the wireless chips PRISM2, 2.5, 3, and GT are used, as well as wireless NICs of Orinoco Gold and Atheros a/B/g wireless chips. Kismet is primarily used to sniff wireless networks in a passive manner. It can store sniffing files in formats that can be read by software such as Tcpdump, detects the IP address range used by the wireless network and the hidden wireless network SSID name.

It can also identify wireless access points and manufacturers and working modes of wireless adapters Among wireless customers, and work with GPS to draw network maps of wireless access points and wireless customer locations, and can work with more other software to expand the application scope of these software, for example, can work with snort as a wireless intrusion detection system. Kismet can even detect hosts installed with NetStumbler software in wireless networks to find illegal Wireless Access persons.

Kismet can be run in Linux2.0 or later releases, or on Windows 2000 or later. When Kismet runs in Linux, we should.

If you want to install the file in Windows, you must download the setup_airpcap_3_2_1.exe file of airpcapfrom www.cacetech.com/support/downloads.htm.

However, if you are running in a Windows system, you may not be able to find the built-in wireless network adapter in your laptop. Instead, you need to reinstall the USB interface or the wireless network adapter of the pcmcia Interface supported by AirPcap, I recommend that you run it in Linux to specify the wireless Nic type for Kismet.

As a matter of fact, NetStumbler and Kismet are two essential war driving software for war-driven use of laptops. Before war-driven use, we must prepare them, their installation and configuration will be described in the following content.

3. Selection of wireless network cards required for war driving

Another necessary condition for war driving is to select the wireless network card supported by the wireless LAN detection software used, the main reason is that a wireless LAN detection software may only support one or more wireless NICs that use a certain wireless chip. Therefore, before deciding what kind of wireless network detection software to use, you must first understand which wireless network adapters it supports.
The wireless network card type mentioned here is not the manufacturer of the wireless network card, but the chip type used by the wireless network card. Currently, the following wireless network card chips can be used for war driving:
(1) Hermes chip: vendors that use such wireless Nic chips include Dell, IBM, Sony, and Lucent.
(2) Prism2/2.5/3 chips: vendors that use such wireless Nic chips include Intel, Linksys, Netgear, proxim, SMC, and ZOOM.
(3) Aironet chip: Only Cisco is the vendor that uses this wireless Nic chip.
(4) Atheros chip: vendors that use such wireless Nic chips include Netgear, D-Link, IBM and