Search for Security Vulnerabilities in Wireless LAN (1)

With the rise of Wireless LAN technology, more and more people are deploying wireless LAN at home and in their units to enjoy the fun of wireless networks. At the same time, the security issues highlighted by wireless LAN have also become the focus of widespread attention. Among these numerous Wireless LAN security problems, "War driving" is afraid that it has not been concerned by the majority of ordinary wireless users, this is mainly because many people do not know much about war driving.

For war driving, war driving enthusiasts can bring endless fun to themselves and bring security threats to wireless LAN users. As an ordinary wireless user, we can also learn about the security of the wireless LAN deployed by using the technology used by war driving, and find the corresponding Wireless LAN security solution.

In view of the role of war driving, this article will start from the principle of war driving and discuss with everyone how it works through a specific example of war driving, so that we can understand how to prevent and reduce the security risks caused by war driving, and how to use war driving technology to help us find security vulnerabilities in Wireless LAN.

I. What is war driving?

Here, we refer to war driving as a wireless LAN reconnaissance platform built using the corresponding hardware and software, A general term for finding unprotected wireless access points (APs) in each street of each town by walking or using the appropriate means of transportation. This undefended Wireless LAN is similar to the old war code used by hackers to search for undefended Wireless LAN via free phone. In addition, in order to find a wider range of undefended Wireless LAN, usually it will drive the corresponding means of transportation (such as bicycles or cars), thus it is called war driving.

For war-driven vehicles, the goal is not only to find undefended wireless access points, but also to use GPS devices to locate the longitude and latitude of each open Wireless AP, then, the open AP found in the GPS plot is identified in the GPS map according to the specific longitude and latitude, the information, along with the name of the wireless access point, the SSID, and the name of the institution where the Wireless AP is located, will also be posted to the corresponding website or forum on the Internet.

Nowadays, there are already many war-driven groups. Generally, They are war drivers in a specific city or region. They often perform war-driven activities, then, the undefended Wireless LAN information is published to the relevant network. These war drivers are often on forums, such as our country's.

For those who drive purely war, their activities only aim to find as many undefended wireless access points as possible, that is, to test the signal strength of the detected AP at most, and connect to the Internet free of charge through these wireless APs. Even war drivers may post information on the Internet or use other methods to remind insecure Wireless LAN users to take security measures. However, for malicious attackers, these unprotected Wireless LAN is the best way for them to intrude into networks and obtain confidential data.

Therefore, the main purpose of this article is to give Wireless LAN users a clear understanding of war driving. It is not an article about how to attack a wireless LAN, if you are interested in this, you just need to have fun with war driving, or learn about the security of your wireless LAN, and make the best contribution to wireless security.

Ii. equipment required for war driving

To drive a war, you must prepare the following equipment for this purpose:

1. hardware required for war driving

War-driven hardware usually refers to laptops or PDAs, mainly because both devices are mobile and can be carried by war drivers along the streets. These hardware devices are usually built in or can be connected to different wireless NICs, powered by battery power, and have powerful data processing capabilities, can fully meet the needs of wireless access points. In particular, the emergence of mobile phones and PDAs with WIFI and GPS functions makes war driving easier and easier. However, PDAs have far fewer functions than laptops, laptops are still the best device for war driving. The content described in this article is only for war driving using laptops.

2. software required for war driving

War driving mainly uses a variety of wireless reconnaissance software to search for wireless LAN signals using the 802.11a/B/g protocol and the next generation of Wireless LAN Standard 802.11n protocol, therefore, we have to choose the appropriate wireless reconnaissance software for war driving. At present, although there are already many wireless reconnaissance software available on the market, there are both free and commercial systems and operating system platforms, we also need to know which types of wireless Nic chips they support. Therefore, when selecting the desired wireless sniffing software, we must make the selection based on understanding the main functions of the software and supported operating platforms.

Next, I will give a brief introduction to three wireless LAN detection software used by war drivers, we hope to help readers who need this information with software selection.

(1) Netstumbler

NetStumbler is a free wireless LAN detection tool used to search for IEEE802.11a/B/g/n standard. It supports most mainstream wireless NICs, including PCMCIA wireless NICs, and also supports global GPS satellite positioning systems. NetStumbler can be used to verify the weaknesses in wireless customer and Wireless AP configurations. It can be used to detect the reasons for interference with wireless LAN signals. It can be used to detect unauthorized wireless access points. It works with GPS, it can also be used to locate the specific orientation of the detected undefended Wireless AP. NetStumbler can display the searched Wireless Access Point's SSID name, MAC address, IP address, and whether encryption is applied.

NetStumbler can be run in Windows 98 and later versions. The latest version of NetStumbler0.4.0 is available. We can download the latest version from www.netstumbler.com/downloads/website.

(2) Ministumbler

MiniStumbler is a wireless reconnaissance engineer under Windows CE. It can detect a wireless LAN established using the 802.11a/B/g protocol.

MiniStumbler is actually the lite version of NetStumbler. We can use it to verify the security devices of the wireless LAN and find the specific location where the wireless LAN signal cannot be reached, check whether other wireless information is interfering with your wireless LAN, and detect unauthorized wireless access terminals connected to the wireless LAN, in addition, it can help the optimal connection location between the relay AP when deploying a Distributed Wireless LAN. It also has the biggest feature of its ability to use it to easily drive a war of entertainment through a PDA or smartphone.

Currently, MiniStumbler can only be used in HPC2000, PocketPC 3.0, PocketPC 2002, and Windows Mobile 2003. This limits its versatility. If you want to use it for war driving, you should choose a PDA product that supports it. The latest version of MiniStumbler is MiniStumbler0.4.0. We can download this package from http://www.stumbler.net/readme/readme_mini_0_4_0.html.