Wardriving

Posted by: ShortyWolf

Wardriving - 08/11/04 12:42 AM

Ok, I know what wardriving is and I've done it a few times myself (just scanning, not hacking into network). So I have two questions:

1) Why do people wardrive? I mean if you were to wardrive in my neighborhood, all you would find is a bunch of families. Nothing really that special.

2) If someone is wardriving on my network, and they are trying to break my encryption with prgms like AirSnort, is there any way I can find out/stop them?
Posted by: Gremelin

Re: Wardriving - 08/11/04 02:36 AM

1:
Free Internet Access
Access to personal files

2:
Yeh, change the key.
Posted by: sinetific

Re: Wardriving - 08/11/04 04:45 AM

1) Exlporation. Residential areas will only have family type networks, that should be obvious. Try an urban area, it should yield more interesting results.

2) Like Gizmo said, change your ESSID regularly. It takes a program like airsnort 10,000 packets to get your key. That takes a little while so if your extremely paranoid you can change your key daily, rotate them. Something that I do that helps is that I have my wireless router outside of my LAN so none of my internal servers are accesible from the wifi network (except from the same means that they are accessible to the rest of the internet).
Posted by: ShortyWolf

Re: Wardriving - 08/11/04 07:27 PM

thanks for the help guys, im not really parinoid, my friend keeps threatening me about how he is gonna break my encryption and infest my system. So is there no way i can find out if some one is snorting me?
Posted by: Gremelin

Re: Wardriving - 08/11/04 11:23 PM

Nope; some reouters allow you to not broadcast your SSID
Posted by: Infinite

Re: Wardriving - 08/12/04 12:28 AM

Quote:
Originally posted by sinetific:

2) Like Gizmo said, change your ESSID regularly. It takes a program like airsnort 10,000 packets to get your key. That takes a little while so if your extremely paranoid you can change your key daily, rotate them. Something that I do that helps is that I have my wireless router outside of my LAN so none of my internal servers are accesible from the wifi network (except from the same means that they are accessible to the rest of the internet).
Id oubt he has an essid... That is the ssid on an ESS: more than one AP linked together. If he has only one AP then it's a BSSID :p

As well, AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

Infinite
Posted by: ShortyWolf

Re: Wardriving - 08/12/04 06:04 PM

cool thanks for all your help
Posted by: sinetific

Re: Wardriving - 08/13/04 04:13 PM

Oh woops. Yeah anyways...Also try implementing an access control list. Most routers are capable of this function. It only allows certian MACs to connect to your router. You can still be sniffed, but they cant connect to your network. 802.11g routers use WPA, which unlike the more popular WEP isn't as easily cracked.
Posted by: Gremelin

Re: Wardriving - 08/13/04 08:21 PM

Yes, a reverse MAC address filter is awesome for secutiry; I have it on my 802.11GS, works quite well and will refuse any connections to the router or network unless their in the MAC address list or wired in.
Posted by: ShortyWolf

Re: Wardriving - 08/20/04 07:16 AM

Cool, I'll give it a try, I'm almost positive my router can do that.