Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Tracking Down Insecure WLANs

From: InfoSec News <isn () c4i org>
Date: Wed, 23 Oct 2002 01:04:10 -0500 (CDT)
http://www.eweek.com/article2/0,3959,645093,00.asp

By Dennis Fisher
October 22, 2002 

Looking for something to do this weekend? Well, if you have a laptop
and a wireless card, you can join dozens of other technophiles with
time on their hands in searching out insecure WLANs.

A group of security professionals and enthusiasts later this week will
kick off the second WorldWide WarDrive, a week-long coordinated effort
to identify wireless LANs and assess their security levels. The first
event, held in late Aug. through early Sept., drew participants from
10 states and six countries.

The second wardrive starts Oct. 26 and runs through Nov. 2.

War driving is the practice of canvassing a given neighborhood or city
in search of WLANs. Practitioners typically cruise an area, armed with
a notebook PC or handheld with a WLAN card and a software program,
such as NetStumbler or Kismet, that listens for signals sent out by
WLAN access points.


From the information broadcast by the AP, war drivers can tell if the

device has WEP (wired equivalent privacy) encryption enabled and other
vital information, such as the network's SSID (service set
identifier).

There is nothing illegal about simply identifying such networks but
connecting to them and using bandwidth and network resources for free
is a crime. Which is why the organizers of the WWWD are careful to
point out that they do not connect to any of the networks they find.  
In fact, the group's Web page lists instructions on how to avoid
connecting to a network inadvertently.

The organizer of the event did not respond to an e-mail seeking
comment for this story.

The first WWWD event produced an interesting set of statistics. For
example, of the more than 9,300 WLANs the group found, just 30 percent
had WEP enabled. And 26 percent were using the default SSID and did
not have WEP enabled.

The effort grew out of a war driving contest held in conjunction with
the DefCon hacker convention last summer. And while its level of
organization may be somewhat unique, the WWWD is just the tip of the
iceberg. There are dozens of Web sites that offer war driving tips,
sniffing software and forums where hobbyists can trade techniques and
stories.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: