26-08-2014, 03:18 PM
Wardriving On Seinar Report
Wardriving.docx (Size: 616.69 KB / Downloads: 31)
ABSTRACT
Wardriving is searching for Wi-Fi wireless networks by moving vehicle. It involves using a car or truck and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect the networks. It was also known as 'WiLDing' (Wireless Lan Driving).Many wardrivers use GPS devices to measure the location of the network find and log it on a website. For better range, antennas are built or bought and vary from omnidirectional to highly directional. Software for wardriving is freely available on the Internet, notably, NetStumbler for Windows, Kismet for Linux, and KisMac for Macintosh.
Wardriving was named after wardialing because it also involves searching for computer systems with software that would use a phone modem to dial numbers sequentially and see which ones were connected to a fax machine or computer, or similar devices
INTRODUCTION
Wardriving is searching for Wi-Fi wireless networks by moving vehicle. Wardriving was first developed by Pete Shipley in April 2001. It involves using a car or truck and a Wi-Fi equipped computer, such as a laptop or a PDA, to detect the networks. Many wardrivers use GPS devices to measure the location of the network find and log it on a website. For better range, antennas are built or bought, and vary from omnidirectional to highly directional. Software for wardriving is freely available on the Internet, notably, NetStumbler for Windows, Kismet for Linux, and KisMac for Macintosh.The gathering of statistics about wireless networks in a given area by listening for their publicly available broadcast beacons is War Driving. Wireless access points (APs) announce their presence at set intervals (usually every 100 milliseconds) by roadcasting a packet containing their service set identifier (SSID; basically, the user-defined name of the access point) and several other data items. A stumbling utility running on a portable computer of some sort (a laptop or PDA) listens for these broadcasts and records the data that the AP makes publicly available.
Wireless networks have become a way of life in the past two years. As more wireless networks are deployed, the need to secure them increases. The activity of driving around discovering wireless access points is called WarDriving. In order to successfully WarDrive,there are some tools, both hardware and software. WarDriving is a fun hobby that has the potential to make a difference in the overall security posture of wireless networking
ORGIN OF WARDRIVING
WarDriving is an activity that is misunderstood by many people.This applies to both the
general public, and to the news media that has reported on WarDriving. Because the name
"WarDriving” has an ominous sound to it, many people associate WarDriving with a criminal activity.
WHAT'S IN A NAME?
WarDriving is the act of moving around a specific area and mapping the population of wireless access points for statistical purposes.These statistics are then used to raise awareness of the security problems associated with these types of networks (typically wireless).The commonly accepted definition of WarDriving among those who are actually practitioners is that WarDriving is not exclusive of surveillance and research by automobile - WarDriving is accomplished by anyone moving around a certain area looking for data.This includes:walking, which is often referred to as WarWalking; flying, which is also referred to as WarFlying; bicycling, and so forth. WarDriving does not utilize the resources of any wireless access point or network that is discovered without prior authorization of the owner.
WARDRIVING MISCONCEPTIONS
These days, you might hear people confuse the terminology WarDriver and Hacker. As you probably know, the term hacker was originally used to describe a person that was able tomodify a computer (often in a way unintended by its manufacturer) to suit his or her own purposes. However, over time, owing to the confusion of the masses and consistent media abuse, the term hacker is now commonly used to describe a criminal; someone that
accesses a computer or network without the authorization of the owner. The same situationcan be applied to the term WarDriver. WarDriver has been misused to describe someonethat accesses wireless networks without authorization from the owner. An individual that accesses a computer system, wired or wireless, without authorization is a criminal . Criminality has nothing to do with either hacking or WarDriving. The news media, in an effort to generate ratings and increase viewership, has sensationalized WarDriving. Almost every local television news outlet has done a story on "wireless hackers armed with laptops" or "drive-by hackers" that are reading your e-mail or using your wireless network to surf the Web . These stories are geared to propagate Fear, Uncertainty, and Doubt (FUD). FUD stories usually take a small risk, and attempt to elevate the seriousness of the situation in the minds of their audience. Stories that prey on fear are good for ratings, but don't always depict an activity accurately. An unfortunate side effect of these stories has been that the reporters invariably ask the "WarDriver" to gather information that is being transmitted across a wireless network so that the "victim" can be shown their personal information that was collected. Again, this has nothing to do with WarDriving and while a case can be made that this activity (known as sniffing) in and of itself is not illegal, it is at a minimum unethical and is not a practice that WarDrivers engage in. These stories also tend to focus on gimmicky aspects of WarDriving such as the directional antenna that can be made using a Pringles can. While a functional antenna can be made from Pringles cans, coffee cans, soup cans, or pretty much anything cylindrical and hollow, the reality is that very few (if any) WarDrivers actually use these for WarDriving. Many of them have made these antennas in an attempt to both verify the original concept and improve upon it in some instances.
THE TRUTH ABOUT WARDRIVING
The reality of WarDriving is simple. Computer security professionals, hobbyists, and others
are generally interested in providing information to the public about security vulnerabilities
that are present with "out of the box" configurations of wireless access points. Wireless
access points that can be purchased at a local electronics or computer store are not geared toward security. They are designed so that a person with little or no understanding
of networking can purchase a wireless access point, and with little or no outside help, set it up and begin using it.Computers have become a staple of everyday life. Technology that makes using computers easier and more fun needs to be available to everyone. Companies
such as Linksys and DLink have been very successful at making these new technologies
easy for end users to set up and begin using. To do otherwise would alienate a large part of their target market.
Choosing A Wireless Network Interface Card
Most of the wireless networks that are currently deployed are 802.11b networks. You will
find more access points if you use an 802.1 lb NIC. 802.1 lg access points, which transfer
data at nearly five times the speed of 802.11b (54 MBps as opposed to 11 MBps) are gaining popularity and it is likely that an 802.1 lg card will soon supplant an 802.1 lb card as the favorite of WarDrivers. In addition to increased speed, the 802.1 lg standard supports WiFi Protected Access (WPA) encryption. Once effectively deployed,WPA will help to improve the overall security posture of wireless networks. Some 802.1 la cards are currently supported by WarDriving software under certain conditions. As a general rule, 802.1 la (or any 802.1 la/b/g combo) cards are not recommended for WarDriving. This is because 802.1 la was broken into three distinct frequency ranges: Unlicensed National Information Infrastructure (UN1I)1, UNII2, and UNII3. Under Federal Communications Commission (FCC) regulations, UN1I1 cannot have removable antennas. Although UNII2 and UNII3 are allowed to have removable antennas, most 802.1 la cards utilize both UNII1 and UNII2.Because UNI 11 is utilized, removable antennas are not an option for these cards in the United States.
When Kismet and NetStumbler were first introduced, there were two primary chipsets available on wireless NICs: the Hermes chipset and the Prism2 chipset. Although there are many other chipsets available now, most WarDriving software is designed for use with one of these two chipsets. As a general rule NetStumbler works with cards based on the Hermes chipset. Kismet, on the other hand, is designed for use with cards based on the Prism2 chipset.This is not a hard and fast rule since some Prism2 cards will work under NetStumbler in certain configurations. Also, with appropriate Linux kernel modifications, Hermes cards can be used with Kismet.
Deciding on an external antenna
In order to maximize the results of a WarDrive, an external antenna should be used. An
antenna is a device for radiating or receiving radio waves. Most wireless network cards havea low power antenna built in to them. An external antenna will increase the range of the radio signal detected by the wireless network card. Many different types of antennas can be used with wireless NICs: parabolic antennas, directional antennas, and omni-directional antennas are just a few. Because of their size, parabolic antennas (see Figure 5.) are not overly practical antennas for WarDriving.
Omni-directional Antennas
As the name indicates, Omni-directional antennas "see" in all directions at once. An Omnidirectional antenna is best used when driving alone, and can be purchased for $50.00 and up depending on the gain and mounting mechanism. One common misconception is that the stronger the gains of the antenna, the better your WarDriving results will be. This is not entirely true, however. The important thing to understand from the preceding definition of dBi value is the last sentence: "If the gain is high, the angle of coverage will be more acute." Because the signal of an omni-directional antenna is shaped roughly like a donut, the higher the gain, the "shorter" the donut.The opposite is true as well. A smaller
gain antenna has a "taller" donut.The signal donut of the 5 dBi is taller than the signal donut of an 8 dBi gain omni-directional antenna. What this means is that although it has a "weaker" signal, as indicated in the overhead view, a 5 dBi gain omni-directional antenna is likely to provide better results in a neighborhood with tall buildings such as an urban downtown area. Also, because these antennas rely on line-of-sight communication, a 5 dBi gain antenna works very well in residential areas where homes and other buildings provide obstructions between your antenna and any wireless access points. Another advantage of the 5 dBi gain antenna is that many are available with a magnetic base.This means that you can simply put it on the roof of your car and the magnet will hold it in place while driving; no additional mounting brackets are required.
Directional Antennas
Directional antennas also rely on line of sight to transmit; however, unlike omni-directional
antennas, they can only "see" in the direction they are pointed. Directional antennas are
excellent for use in areas with tall buildings. From a stationary position near the base of the building, you can sweep the antenna up and down the length of the building and detect access points that would have been missed with an omni-directional antenna. Additionally,
directional antennas can have a much stronger dBi gain in a shorter package. For example, a 14.5 dBi gain directional antenna, as shown in ,is just slightly longer than the 8 dBi gain omni-directional antenna shown in Figure 10., but has a significantly stronger dBi gain.
CONCLUSION
The sudden popularity of wireless networks, combined with a popular misperception that no additional steps to secure those networks are necessary, has caused a marked increase in the number of insecure computer networks that can be accessed without authorization. This in turn has given rise to the sport of wardriving detecting and reporting the existence of insecure wireless networks, ostensibly without actually accessing the network. Wardriving may also involve illegally accessing and monitoring the networks once so discovered. The sport of discovering connections to wireless computer networks can be done while driving in a car or while strolling on foot with a PDA When a network is identified, the Hotspot access point(AP) can be marked with a coded symbol in chalk on a wall or sidewalk, or war chalked. This will alert others to the presence of an open or insecure wireless network in a given location which they might choose to access themselves. Other variations include war stumbling (accidental discovery of an open access point).
Most hackers or wardriving hobbyists use freeware tools such as NetStumbler, or Kismet.These software programs can be used for the wholly legitimate purpose of helping network administrators make their systems more secure. They work by detecting the service set identifier (SSID) number that wireless networks continuously broadcast to identify themselves to their authorized users. Unfortunately, unless steps are taken by the wireless network operator to restrict what and to whom the network broadcasts as part of this process of signaling to users, then unauthorized users can also discover the existence of the network. In that event, drive-by snoopers and casual passersby alike will not only be able to detect the network, but will be able to access network resources unless some system is in place to restrict network access, such as requiring a user ID and password to log on to the system.
Information gathered in this manner can be correlated with geographical information provided by the Global Positioning System (GPS) and uploaded to maps posted on the Internet showing the location of access points (AP) for Wi-Fi networks. Commercial services such as Wi-Finder provide maps of wireless networks that provide free or paid public Internet access.