|
And in my tiny little town, it's amazing how many wireless APs there are.
For those of you that don't know what "WarDriving" is - it's driving around w/ a laptop and an antenna, looking for open and available wireless access points. If you have a wireless access point in your home - pay attention!
I work for an ISP, and we offer wireless and dsl internet, as well as dial up. I *finally* got a laptop last week, and this is something I've been wanting to check out for awhile. My boss, who's also a good friend, came and picked me up this afternoon. We headed to the office to pick up our magnetic 5db antenna and both Orinoco Gold and Cisco wireless cards. I also have wireless built into my laptop. We tried all 3, with interesting results.
Within a couple of blocks from my house we hit 4 wide open APs - we pulled over at the first one we came to, and my computer instantly associated to their network. I was automatically handed an IP address by their network, did an ipconfig, entered the gateway and dns info into my wireless network configuration, and BAM - I was surfing the net while sitting in the car on the side of the road. Basically, hijacking the internet connection on someones internal wireless network in their home. I did a 5MB download, surfed some web pages, checked my email, and a few other things. Based on the dns numbers used, these people were obviously our customers, and obviously they are not practicing good network security! Most people are not. In our short drive we scored MANY hits - and only a small percentage of them had any sort of encryption at all - WEP.
I wasn't able to sniff out any traffic (using windump) because none of the cards I was using supported it. HOWEVER - those of you with a wireless home network should be aware that if I'd had the proper tools (hardware and software) I COULD have, while sitting near someone's home, captured all of the traffic running across their network. This would have allowed me to see any email they were sending, any passwords they entered, any IM conversations they were having, etc. AND - depending on how they had their network set up, I could also conceivably browse their computer - all from my place parked on the side of the street. If they left their AP's set to the default SSID and/or password, I could log into it and change that information, effectively locking them out of their own network.
If you have a wireless network in your house, and are reading this, please change the default log info in your AP, and PLEASE use WEP encryption. Even that is not uncrackable - but anyone trying to hack your network will likely move on to the next Joe Schmoe with wide open access and not take the time or effort to try and hack yours.
It was very illuminating to me to see - and now I know, no matter where I go, chances are I will find internet service free for the taking if I so desire to use it.
|