Friday, August 12, 2005

More on war driving and WiFi security

More and more articles are popping up talking about war driving and home users who are not locking down their wireless networks. Well folks, it is not as easy as they would make it seem. There are two modes. Unsecured and Secured. If your WAP is unsecured it means that you are broadcasting your SSID to the world and you are broadcasting information via clear text format and NOT having it encrypted via either WEP or WPA. So, with that in mind I set out this evening trying to get my laptop wireless adapter (pcmcia card) to connect to the Motorola WAP in my house with WPA 64bit or 128 bit encryption. After about an hour I gave up. LOL... I am not sure WHY exactly I could not make it work. However I did figure out a work around with regards to securing my access point to the public. Everyone can do this so I would highly recommend you doing this if you have not.
Log on to your wireless router and go into Wireless networking. Turn SSID broadcasting off. When you do that someone war driving in your neighborhood with a laptop that is sniffing for a WAP wont find yours. You can further lock down your WAP by going in and adding the MAC address to an accepted MAC address list on your WAP. That means that if the MAC address that is trying to connect is not found in the approved list it wont make the connection.
So, my WAP is now invisible to outsiders and you have to know my MAC address for my wireless network card to connect.
Here is another word on war driving folks. In some states it is actually a felony if you get caught intentionally connecting to someone's WAP and accessing the Internet without their permission. There are not many states implementing this and I guess some of these laws are more municipal ordinances and not really statutes. So, that means if you war drive like I do from time to time you need to know what the law is because ignorance is no excuse.
When I need to find a place to log on so I can check my e-mail when I am away from home I never go into a residential neighborhood. What I do is I find a busy business district and start scanning for WAP signals and when I find some I just pull into a parking lot and join an unsecured business WAP, check my email and go along my merry way. DOH!!! Why are businesses not locking down their WAP's ?
Did you see the news article in the Post and Courier here in Charleston where the city is going to be implementing a wireless cloud over the entire Charleston peninsula by sometime in 2006 ? They said it would cost 1 million or more to do this but wireless Internet would be free for all within this cloud. Wahoooo, I cant wait. LOL...
Something else I did on my network inside the house is to lock down web access. I installed Weblocker on the kids computer and I turned on IE Content Management control. That means that there is a master password for IE content management on my main pc and if the kids try to go to a site that is being denied they have to figure out the master password to add it to the accepted website list. I also turned off the ability to view unrated sites. So if the site is not rated it wont be viewed by wandering eyes.

3 comments:

Anonymous said...

If someone is war driving in your neighbor hood using netstumbler which sends out wireless probes. They will not see your SSID, but if they are using a wireless sniffer ( many version available for free ) they will see your SSID, MAC and IP address. Spoofing your mac address and IP address is simple and you will probably not even notice. With out some basic encryption ( WEP ) a sniffer will capture all of your communication including passwords in plan text. Also it may not even be your neighbor . With a high gain antenna during a security audit for a company I captured data over 3 miles away.

James Moffitt said...

Well, that IS disturbing news to say the least. I was under the impression that if I turned SSID broadcasting OFF that it was no longer broadcasting its netbios host name. So the million dollar question is this. Is SSID really turned off when I turn it off at the WAP and if not what is it really doing if you can use a wireless sniffer to detect it. It sounds as if it must be broadcasting. As for 802.11b or g is concerned I find it difficult to believe that anyone with or without a high gain antenna can receive data from a WAP that does not have the ability to transmit that far. I am thinking that the typical WAP is only going to broadcast up to 1500 feet at the maximum. How can it send a signal 3 miles??

James Moffitt said...

"anonymous voice from the past" was so kind as to leave this comment on my latest published post on my blog. I want to keep this comment in line with the rest of the conversation so I deleted the comment from my last published post and moved it here. :)
-------------------------------
Wireless followup info.
When you turn off SSID your WAP will stop sending beacon packets. which is a broadcast that contains the SSID. SSIDs are still sent out within management packets and a wireless sniffer can see this info.
On the question of range.
This is truly driven by physics and is a relationship between signal strength(WAP output power), interference(ground,trees,walls and etc) and receiver antenna. The example I gave had the WAP elevated( 30 feet above the ground) and had little interverence ( clean line of site)and the receiver antenna had 14db gain.
1500 feet is still nearly 1/3 mile . I do beleive with the right conditions your home WAP could be sniffed up to a mile away.
Here is another example "BlueTooth" which everyone know is short range "RIGHT". We performed a range test using a blackberry and a laptop computer and a 14db flatpanel antenna we established a headset attachment from the laptop to the blackberry(low power) at a range of 2000 feet. "Something to think about the next time you buy a Bluetooth enabled cell phone"