25 replies to this topic

[Bi0s]

Ok. I'll admit it, I'm a total noob at wifi.
So i get a wifi card for christmas. Free! can't beat that. It's a linksys, not the best but it works.
Install net stumbler, and off i go. I find nothing. Nothing at all in my home town.
then tonight, I venture off to the city. and walla, I didn't spend much time there, but i found 4 AP's.

attatched is the NetStumbler file if anyone wats to see it.
I'd really like to know where to go next . I've never used wifi before, so I'm sorta lost. But I have to say I LOVED it! seeing those networks pop up it was sweet!

Attached Files

•  20030110185252.ns1   16.45K   26 downloads

[StankDawg]

bi0s, I am totally with you. Almost the same circumstances, except you are a day ahead of me. I installed netstumbler Wednesday and was going to give it a shot this weekend. Unfortunately, I have a cisco card and it is not supported by netstumbler. I am hoping it still might work, under winXP it says that some cadrs may work even though they are listed as unsupported.

Also, just as another test, I brought along my USB wifi adapter. It may look dumb, hanging off the side of the lappy, but if it works, I dont give a fukk!

[feend]

TERRORIST!

I still have cat5 (and cat5e) all over my room. Wish I could get a free WiFi card .

[StankDawg]

ok, my cisco card worked! Well, at least here in my office, it picked up the WAP right next to it. <_< But that is a start! At least I know it works!

I guess the next step is to start with a little ghettodriving here in my neighborhood.

[Bi0s]

I still have cat5 in my house too. I don't have a WAP.
I just got the card. (bTW: They also say at netstumbler's site that my card isn't supported, but it works.)
I just installed it, and went out looking

[dual]

Cisco cards are great for ghettodriving. And feend, I've got a couple of spare wi-fi- adapters available for a very nominal fee.

[dual]

Sorry, Bi0s, I totally missed the point of your post. Of course obtaining an IP and becoming an internal node on these networks, and subsequently exploring said networks, would be wrrr..wrr...wrrong.

You could then mess with WEP, get your card working on different flavs of Linux, mess with different antennas, etc., etc. (And of course share your experiences.)

edit: Speaking of antennas, how's my pigtail progressing, mut3?

[StankDawg]

I went on my first ghettodrive today. My friend drove to lunch to a restaurant only a few blocks away, so I figured, why not bring along teh lappy?

I got about a dozen hits from my job to lunch. Once I learn how to interpret them, I will post them here.

[feend]

Dual:
Cool I might take you up on that sometime . Right now I know absolutely zilch about WiFi. I'd have to get educated on the subject first. That said, those of you that know a good amount about WiFi I came accross this book that looks interesting.

http://www.newswirel...nder-book1.html

[StankDawg]

I hopped online with someone elses bandwidth yesterday! What a RUSH!

Ok, now, the next step is to find a WEP decryption product that works on XP (I don't wanna hear it, I use it for work). I know that there a few for linux. I can try to port one over to windoze, but I do not know if I am up to the task.

Anyone have any suggestions or alternative WEP tools for XP?

[hacnslash]

Maybe Airopeek is what you're lookin for, the downside is it aint free, check this out:
http://www.ig.com.au...oPeekNXMain.htm

*edit* aint free, but you can get a demo...*edit*

[davetgra]

There is a distribution of Ethereal available for the Windows platform at http://www.ethereal....ribution/win32/ that should allow you to decrypt WEP encrypted packets. As it is a wired network traffic manager, you will need to locate a wireless sniffer that saves ethereal compatible logs though (I use kismet, which is linux only at the moment) to get any use out of it though...

There is a JAVA WLAN sniffer at http://www.chocobosp...rojects/mognet/ that could be used in windows...

Another option would be to use one of those CD booting versions of linux that are available (http://www.wardriving.com has a distro of demolinux specifically designed to be used for WLAN sniffing). I haven't tried it yet though, so I cant say how useful it would be for you.

[Quasi_Mofo]

I've been listening to RFA for a while now and have recently been poking around the forums here at DDP and learning BUTTLOADS of new things. I've have finally taken the leap into Wi-Fi. Now I know how heroin junkies must feel after their first time.....I'm hooked. I bought an Airport card for my PowerBook yesterday, slapped it in and had my first ghetto/wardriving expedition today using the Mac OS X version of NetStumbler, called (originally enough) MacStumbler. It works VERY well. I live in a fairly tech-savvy city so I figured I would find a fair amount of APs. But I was not prepared for the huge amount of unprotected networks that I found within just a few blocks of my house. I was totally floored.

BAD SECURITY AWARD OF THE DAY from today's exepdition...goes to the resident of 1881 9th Ave. This person had their HOME ADDRESS as the name of their network. I stopped in front of their house, got a very strong signal and was able to hop on their Internet connection, check some auctions on Ebay, yadda yadda yada. What a rush it was. But, not really wanting to sit in front of this persons house too long, I moved on. In less than two hours of driving around town I discovered 36 networks, only 7 of which were password protected and two of those were Starbucks/T-Mobile APs. The local COMPOOSA and Sam's Club both had networks I could access from the parking lot. And if your local mall has an Apple Store, then you have access to an open and free 802.11b AP. All Apple Stores have 802.11b networks set up and they are publicly promoted as being open for public use.

So, one question I have: since it is so easy to access someone elses Internet connection, how easy is it for them to trace back to see who's been sniffing around their network? Other than their router log showing an IP address being assinged to an additional machine, how/if could an outside wireless access be tarcked down?

Thanks to RFA and DDP for giving the the infoformation to fuel my interest in the W-Fi world. Next will be tackling Linux/Unix.

[feend]

Hmm they might see an appearance of a newly added machine like you mentioned and look at the ARP cache to see which machine was using that IP address. I don't know how they would trace you but they might just put a block on that MAC address so you couldn't obtain an IP address on their network again.

Found a script you might want to look at on how this is done (using linux iptables) script.

[StankDawg]

MAC address will always give you away. However, thgere are some cards that let you spoof your MAC address as well!

ADn teh MAC address is only dangerous if it is publicly known. Once you drive away, how will they trace it to your system? IF you have a DELL system or something that comes preshipped with a card, they probably have the MAC address catalogues in their database. But over the shelf, is little risk.

Like Feend said, they can block your MAC address, but they would have to catch and notice you doing something really bad to do that.

[nick84]

I guess they could like review their CCTV tapes to see cars stopping by in their parking lot then driving off. Then if they logged your MAC address they could match it to your wireless card since they are unique. I seriously doubt anyone would bother though if all you were doing is using they internet etc, and if they are logging MAC addresses, they’d likely know how to secure their access points properly…

[Quasi_Mofo]

And the MAC address is only dangerous if it is publicly known.  Once you drive away, how will they trace it to your system?  IF you have a  DELL system or something that comes preshipped with a card, they probably have the MAC address catalogues in their database.  But over the shelf, is little risk.

That's what I would think. I mean, if some people don't know enough to turn on WEP and they use their street address for their SSID, then I doubt they would even know what a MAC address is let alone look to see if there is a foreign address on their network. But, I could be wrong.

The thought of a computer company having a huge database of the MAC address of factory installed cards that they could cross reference with serial number and owner information is a little scary and would make me think twice before buying a machine with a preinstalled card.
Butn then again, even if the card was preinstalled with the computer, it's nothing to swap out that card with another one with a new MAC Address. My card was an add on (paid for in cash, natch) so I can't imaging that there would be much chance of a MAC Address being traced to me. But you've all given me some good info to digest.

I have to correct my first post. It wasn't Sam's Club that I found the open network that I got onto, it was BJ's Wholesale Club. For some reson I always get the two confused. Sam's Club had big signs in their parking lot indicating there were security cameras in use. Even though there was on open network there, I just kept on driving. It was right next door to the COMPOOSA so I stopped there.

A couple of the APs I stumbled on indicated the vendor as Agere-Lucent. Even though I could apparently hop onto these networks, these were the only places I couldn't get Internet access with. Any clues why? Might they be internal office networks with no direct oustide access? One was in an small industrial park, so I'm wondering if that one was some sort if inter-building file sharing network.

[nick84]

Maybe their net access goes through a proxy or something - Therefore possibly try scanning the entire subnet ie 10.0.0* / 192.168.0.* etc for a proxy. Or just watch the network and see how / if any other computers have net access / where their send their “GET” requests.

[dual]

A good way to get out of nets is a program called proxychains (http://proxychains.sourceforge.net/). You're posts are fun to read, btw - welcome to the board, Quasi.

[Quasi_Mofo]

Thanks, dual. Mucho glad to be here. I'll check out using proxychains as time permits.