Just got back from WARDRIVING

And in my tiny little town, it's amazing how many wireless APs there are.

For those of you that don't know what "WarDriving" is - it's driving around w/ a laptop and an antenna, looking for open and available wireless access points. If you have a wireless access point in your home - pay attention!

I work for an ISP, and we offer wireless and dsl internet, as well as dial up. I *finally* got a laptop last week, and this is something I've been wanting to check out for awhile. My boss, who's also a good friend, came and picked me up this afternoon. We headed to the office to pick up our magnetic 5db antenna and both Orinoco Gold and Cisco wireless cards. I also have wireless built into my laptop. We tried all 3, with interesting results.

Within a couple of blocks from my house we hit 4 wide open APs - we pulled over at the first one we came to, and my computer instantly associated to their network. I was automatically handed an IP address by their network, did an ipconfig, entered the gateway and dns info into my wireless network configuration, and BAM - I was surfing the net while sitting in the car on the side of the road. Basically, hijacking the internet connection on someones internal wireless network in their home. I did a 5MB download, surfed some web pages, checked my email, and a few other things. Based on the dns numbers used, these people were obviously our customers, and obviously they are not practicing good network security! Most people are not. In our short drive we scored MANY hits - and only a small percentage of them had any sort of encryption at all - WEP.

I wasn't able to sniff out any traffic (using windump) because none of the cards I was using supported it. HOWEVER - those of you with a wireless home network should be aware that if I'd had the proper tools (hardware and software) I COULD have, while sitting near someone's home, captured all of the traffic running across their network. This would have allowed me to see any email they were sending, any passwords they entered, any IM conversations they were having, etc. AND - depending on how they had their network set up, I could also conceivably browse their computer - all from my place parked on the side of the street. If they left their AP's set to the default SSID and/or password, I could log into it and change that information, effectively locking them out of their own network.

If you have a wireless network in your house, and are reading this, please change the default log info in your AP, and PLEASE use WEP encryption. Even that is not uncrackable - but anyone trying to hack your network will likely move on to the next Joe Schmoe with wide open access and not take the time or effort to try and hack yours.

It was very illuminating to me to see - and now I know, no matter where I go, chances are I will find internet service free for the taking if I so desire to use it.

My vocabulary hasn't kept up.

that show others "in the know" that there's an open access point in the vicinity.

Or browse someone's computer. And even THEN - you'd have to get caught, which is more unlikely than not.

If I am driving down the road and someone's unencrypted access point hands me an IP address, it's not illegal.

And no - I didn't war chalk anything. I wouldn't. These are (mostly)our customers - and I have all the free highspeed internet I want or need at home and in the office. :)

Basically, what we were doing was assessing our area, our customers, and the obvious lack of security in our area. It was worse than we thought - and it shows there is a definite need for security instruction and information amongst our customers.

I can't BELIEVE how many access points there were - and I live in a town of 1000 or so people.

People like you are why people like me pull cable. I almost succumbed to the wireless network temptation ... but my paranoia got the better of me. Got cat-5e running thru the whole house now. No easy sneaking into my network, Grrrl!

Well - people like ME aren't the ones you have to worry about. I am approaching this strictly from an educational standpoint - and it is in my company and our customer's best interests to be up on these things.

Others I work with have done this in the past - but I (and the particular boss that went with me) have not done it ourselves. We took the opportunity to see it for ourselves - and it was very interesting! AND scary!

Definitely shows there is a sincere need in more education regarding security issues with our customers. We TRY to tell them when we know they have or are considering a wireless network - but some we don't know about, and others simply don't take it seriously.

A wireless network is NOT necessarily a terrible thing - if you use the tools provided to lock them down. It's not that hard!

I plan on getting one myself, now that I have the laptop - I just won't be leaving it wide open and allowing the world at large access to it.

being anything other than a bright, curious, and mildly opportunistic innovator. ;)

Still, being a paranoid old fuddy duddy I'm gonna stick my cat-5e.

So if you get a wireless laptop, you don't have to sign up and pay for an ISP, you can just have coffee at Starbucks or brownies at Chelsea Market and surf away?

I don't understand how you manage email that way, though.

I've got gmail accounts, yahoo accounts, and my domain accounts. I don't use my ISP's accounts because I change ISPs on a semi-regular basis.

Pcat

and netstumbler finds 17 wireless access points. 5 of which have
no encryption. I don't need my DSL at all! But what the heck,
it's fairly cheap and I don't really want to depend on others
IP connections (which are often on dialup, so even when you
associate with the AP, their internet may be down).

But it's entertaining.

Oh, my wireless is setup with 128 bit WEP... that's still lame,
but it's better than nothing.

I married a network security freak... who likes wireless (hell, we'd do wireless power if we could just get it perfected... Where's Nikola Tesla when you need him??)

Please... come try our network.

But yes, I agree. I'm appalled at the lax security. I can get into the university system with no trouble, even though it's supposed to be tied down. Same with a lot of coffee houses and similar.

Pcat

What really freaks me out isn't the average joe households with no security - that's to be expected. It's the BUSINESSES! I picked up a couple with no security today, but those are just little local places around where I live.

One of my former coworkers went to Portland (I think it was Portland) and the hotel he was staying in was across the street from a big Budweiser office building. He turned his laptop and and BAM - instantly associated to accessed their network. Whoops - let me qualify that a bit, he was NOT browsing their network, but the access was there if he'd decided to use it.

Their network admins should be shot! There's no excuse for that!

...my neighbors LACK of wireless security. Theirs is wide open.

I've changed the default SSID and password, and am using 128 WEP. None of those are measures that make me uncrackable. However, it's not too likely anyone would try, as there's a wide up access point just next door.

Another bonus: my internet access was down. I was wondering if it was just me, so I used their access point for a second, and got through. That verified the problem at my house was at my end. Handy.