Author Topic: Wardriving: What is it, how common is it, and how to protect against it.  (Read 14804 times)

comicfan2000

  • Guest
    Wardriving: What is it, how common is it, and how to protect against it.

  Wireless networks are growing and spreading very quickly. Wireless networks, based on the (Wi-Fi) 802.11 standards, are being used in homes, near bus stations, airports, colleges, coffee houses, hotels\motels and many other areas. It's a miracle for some who may sit down to enjoy a lunch break, have a cup of java, and browse the internet. Others enjoy the lack of wires streaming from one room to another for home or even small business networks. Some may even access while driving through an area, (not a bright idea I may add) if need be, please pull over to the side of the road, you can't surf if you get in an accident. A wonderful way for some to connect, however,with this growth also comes those who would choose to abuse it rather than use it.

   This is where extra measures of security come into play. Are you the type of person who sits down at that coffee house table, browsing, checking e-mails, without the thought that someone may be watching everything you are doing on your computer? Not a problem, you are a Wi-Fi home user, not sitting outside at a coffee table, perfectly safe right? How about at a hotel that includes Wi-Fi , they must be safe, right? If you answered yes to any (oops) you are wrong. Every instance of this technology is unsafe if the proper security measures are not implemented.

  A security risk I would like to touch on is Wardriving. The definition in simple terms would be a person\s who drive around in a vehicle with a Wi-Fi capable unit such as a PDA or laptop.  What many use is a stumbling utility or GPS (Global Positioning System) which is a satellite navigation system.Wardriving was developed by Pete Shipley in April of 2001. The name WARdriving was derived from WARdialing, taken from the use of computers to dial phone numbers at random to find an answer modem.Some say Wardriving was also named for the 1983 movie War Games where this type of dialing was used. While defined as such, there is no need for those to Wardrive when you can simply walk some blocks with a PDA.

  Wardriving has two faces, and the ugly side is what is focused on most. While some may consider it harmless, there are those who taint the name further.  "Network Crackers" are a Wi-Fi hacker of sorts that break into your Wi-Fi network connection without permission , (using your home Wi-Fi connection for example) and then proceed to hack your computer to steal data, traffic malicious material from your connection, to have malicous destructive intent to your data, or simply just to use your connection without asking , (piggyback) which can steal your bandwith and slow your connection to a halt in some instances.  While the "simply to use your connection" may not seem as bad in terms but if someone is loading child porn from your connection, it can get very serious very quickly. 

 While I would gladly write many pages on every aspect of the "why" and "how"and technical details of it all, the purpose is for most typical users to secure their connection and to be informed of the dangers of Wardriving. This isn't specific to Windows or other OSs and is simply trying to cover basic methods. That said, let's help protect you Wi-fi connection. First for futher reading on different types of attacks and definitions, see the link below...

  http://www.microsoft.com/smallbusiness/resources/technology/broadband_mobility/6_wireless_threats_to_your_business.mspx

  With Wi-Fi, you don't have a physical connection, this makes things a bit easier for others to pick up on. Your information is out in the open, not through a solid line or cable which gives users less control over protecting their data. Whether setting up a new WLAN or using an open access point, the basis applies to both>

 1.) With Wi-Fi network gear, the default settings are typically "Wide Open"choose to NEVER broadcast the (SSID) name. It would also be a good idea to change the default name as well. This will leave you wide open for a hacker or a neighbor who may or may not be a hacker known by title but knows enough to be one and perhaps wants to snoop,especially if you are in a crowded area.  As stated previously, if your connection is used for something as horrible as child porn, by a neighbor or hacker, you may find yourself being visited by the F.B.I.

 2.) Change the default (if applicable) password and account on the wirless router. With many "admin" is used for both to get you started but is a huge security risk. How do I know it's a huge security risk? Well," I " know it's admin don't I?

 3.)  With your wireless PCMCIA card, you have a fixed MAC (Media access control) address. MAC address filtering is used to limit the pieces of hardware than may access the wireless network. Just a note, Wlans are more vulnerable to MAC spoofing attacks than wired lans, with the obvious and stated open air problem. This not being secure enough, we need more...

 4.)   Encryption. Making sure your information is encrypted (unreadable to others other than the reciever it's intended for). A security measure of encryption for this type could also be called , wired equivalent privacy  or (WEP) which is an encryption system to keep the baddies out. The newer WPA 2 which uses 802.1x protocol, (Wi-Fi protected access) may be a better method. While this is a very important step, so called eavesdroppers can still get the MAC addresses recording them from frame headers. They can then reconfigure their NIC, (network interface card) to impersonate a wireless station and gain control.


  5.) Use DHCP to limit the number of IP addresses, or use static IP addresses.
 

 6.) Many businesses are resorting to using VPN, (virtual private network) which tunnels your information through an IPsec Gateway. Many will say for a typical user, unless you are transmitting sensitive data, this is not needed. Perhaps more for businesses but I feel a good number of  typical users will adhere to the idea and many already have.
 
 7.) There are wireless drop viruses out there. A hacker can drop a virus onto your computer to do all sorts of nasty things. I will assume those reading this know what a virus, trojan, malware, and all the goodies are. That said, you need Anti-Virus software installed just as you would (actually more so to speak) on your wired computer. Always make sure to update your virus definition files, an Anti-Virus can't fight well without being told what to look for, so updating is a must. CAV will do just that and is FREE for life.

 8.)  Just as with wired and once again perhaps more so, you need a firewall for you Wlan. With all these intrusive behaviors, it's obvious that routers alone cannot do the job. They need backup. Just as with your Anti-Virus, keep your firewall up to date as well. Like the Comodo Personal Firewall (CPF) , it has auto setup and has proven "leak proof" even on this setting so if you are a newbie to firewalls, this would be perfect for you. Once again, FREE for life as well.


    If you are interested and would like more in depth information, I found this article from Crossroads"The ACM Student Magazine" and goes far more in depth as to the issues and technical aspects of Wi-Fi....

  http://www.acm.org/crossroads/xrds11-1/wifi.html 

 
 Paul


 We hope the above article was useful to you and would like to invite you to join our forums and discuss this or other issues you may have with security, get your questions resolved or just help Comodo community.
 
 Thank you,

 Sincerely, Comodo

Offline Rotty

  • Comodo's Hero
  • *****
  • Posts: 903
  • http://www.venganza.org/ - Noodly Appendage
WARNING:  With hiding the SSID, some wireless networks can have big problems with the hiding of the SSID.  The suggested Idea is to allow SSID broadcasting (Change the default name though) and get your network working when you first set it up, then disable it when everything is working and check again to make sure everything is running fine with SSID Broadcasting disabled.  If you have no problems then cool, if you do then turn SSID broadcasting back on.

Hiding your SSID broadcast is NOT a security measure to be used by itself. ALWAYS use encryption and if you use WEP i would suggest getting another Wireless Access Point that support(check to see if your wireless access cards support the stronger encryptions as well) WPA or WPA2, so things are more ALOT more secure.

Hiding your SSID is not a "Dumb" measure, to detect a connection that has it's SSID hidden.  A person would need to download a program.  This won't stop a determined hacker, but will stop people who pass by as the people who pass-by won't get curious if they can't see the connection.

IMO, use the WPA2 (Or strongest) with a 128 to 256 bit passphrase. This is the first and best line of defense.  And change the default SSID.


cheers, rotty



 
« Last Edit: October 25, 2006, 11:13:28 PM by Rotty »
The opinions expressed in my posts are my own. 
They do NOT necessarily represent or reflect the views of my employer.

Offline Bob Jones

  • Newbie
  • *
  • Posts: 6
The six dumbest ways to secure a wireless LAN by George Ou:
http://blogs.zdnet.com/Ou/index.php?p=43

Wireless LAN security guide: Security for any organization large or small:
http://www.lanarchitect.net/Articles/Wireless/SecurityRating/

Simple advice for securing your home wireless LAN:
http://blogs.zdnet.com/Ou/index.php?p=42

comicfan2000

  • Guest
   I will agree with one issue, SSID and should have been more thorough and I left out a sentence about re-enabling it before changing the name and making sure securities were in place. This was an honest mistake. < But NEVER did I say to use only this method by itself >
 
  While some articles will call this a myth , dumb, etc...what they don't explain as these need to be in combination of securities, alone, none may work at all obviously but to simply say, don't hide SSID, don't use MAC filtering, don't use WEP, is singling out each instead of saying, USE these in "combination with" or "making sure you use the latest along with".  This can be done with other things as well....>>>>>

 [4 dumbest securities on a pc,

 Firewall, while offering great protection initiallly , this doesn't mean 100% you can't get a virus or that you won't be hacked by someone so this is a myth of firewall protection.

 Anti-virus, this may help aid in virus protection but not 100% you can still get one, as well it doesn't do anything to block ports, or protect against hackers,another myth of protection

Encryption, this can still be broken and does nothing to secure your pc against hackers, viruses, malware, spyware, myth 3 in protection.
 
Lastly, the worst myth,  Anti spyware , this is by far the worst, it doesn't guarantee against hackers, viruses , doesn't enable encryption methods , blocks ports, or scan email. All it does is keep some spyware off your computer. ]

 <My point here is to show that a combination of securites needs to be in place, not one. As well I see my point was missed...>

Quote
Hiding your SSID broadcast is NOT a security measure to be used by itself. ALWAYS use encryption and if you use WEP i would suggest getting another Wireless Access Point that support(check to see if your wireless access cards support the stronger encryptions as well) WPA or WPA2, so things are more ALOT more secure.


  My write...

The newer WPA 2 which uses 802.1x protocol, (Wi-Fi protected access) may be a better method.

 


   Even so, back to Georges article<" provided by BOB JONES" >for a minute.....Disable DHCP? I agree, don't. I prefer to limit it, which is exactly what I wrote. MAC filtering not secure, I agree as well which is why I stated it's not enough. LEAP? It was cracked a while ago which many knew, no surprise there.  Antennae placement? Wouldn't mention that to anyone myself, and didn't.

 "Last by George"< <Just use 802.11a or Bluetooth: Fortunately, I haven’t heard this one for a while. There were so called security experts that went around telling people that they simply needed to switch to 802.11a or Bluetooth to secure their wireless LAN. 802.11a refers to a physical transport mechanism of wireless LAN signals over the air, it does not refer to a security mechanism in any way.>>

  I haven't heard that from many and seems like a quick stab to fill in the no.6 in his article. Where are these security experts he knows of that went around telling people this? Just wondering. I and many others before having much knowledge of wireless at all, knew bluetooth wasn't a security method so I can safely say, I haven't heard any security experts tell anyone this.



 So within reason here, yes, I left out parts on the SSID, no doubt about it and glad it was pointed out.  I can also agree with George's article that these are myths, however think they are a bit overblown and made to purposely make one's self look more intelligent by calling other security experts myth beleivers who are "going around" telling people the wrong things, etc...Cisco for example was not pushing LEAP as George so bluntly puts and not to mention STRONG passwords are becoming a higher standard every day. If anyone would like to read Cisco's side , not just another's, here's the link to response of someone who was going to release this "attack code" , while sure they found it since many of us unlike these people don't have time to sit on our duffs and crack codes and are criminals by all rights, still were treated with respect as it was a flaw....

 http://www.securityfocus.com/archive/1/340565/2003-10-03/2003-10-09/2

 On this I would like to say, it's hard to build a house and get it right, but easy for someone to come in and point out flaws and leave. However, draw your own conclusions, I am not taking sides , just trying to even them out here.

 

 All in all I would like to say thanks to those writing back and pointing out issues, links, etc...it's appreciated. But most of all, my article is  pointed towards those who don't have a high knowledge of understanding on these things and just to give some solidity to the terms. It is not a University or 20\20 article, meant to teach them to become security experts just  basic understanding and why I gave a link to a far more in depth view that what I provided. I would also hope that many would read this and see the pattern of beefing up security and not staying with simple MAC filtering , SSID, etc...


 Paul


 


 
 

 

 

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
I don't know so much about wireless, but you can read some about it here: http://www.tomsnetworking.com/wireless_tn/index.html

Snort a wireless connection... http://www.tomsnetworking.com/2005/09/28/how_to_snort/

comicfan2000

  • Guest
I don't know so much about wireless, but you can read some about it here: http://www.tomsnetworking.com/wireless_tn/index.html

Snort a wireless connection... http://www.tomsnetworking.com/2005/09/28/how_to_snort/

 TX for the links, didn't see this before.  :o You mean wireless isn't cutting your network cable in half? Damn! No wonder I don't have a home network! ::)

 Paul

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
I only have one computer that is connected with wireless, the other two are wired.
I couldn't get the WEP, WPA or WPA2 to work...  (:AGY)
At the moment I only use "invisible" and MAC filtering.

comicfan2000

  • Guest
I only have one computer that is connected with wireless, the other two are wired.
I couldn't get the WEP, WPA or WPA2 to work...  (:AGY)
At the moment I only use "invisible" and MAC filtering.

What do you mean specifically by, "can't get it to work"?

 Paul

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
I've tried 2674 times... ;)
I just can't get an connection if I use those WEP or WPA...
I've been really careful with using the same key and so on...
I have managed to get it a couple of times, but it's lost after a short while... ???
I gave up... ;D
I haven't tried it for a while now, so i might give it a try soon... :D

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek