Light
04-09-2003, 01:24 AM
Can anyone recommend a good Windows program that will sniff WLANs while driving?
I'm using a Siemens 32bit SpeedStream
I'm using a Siemens 32bit SpeedStream
Click to See Complete Forum and Search --> : Sniff Sniffff
roofy
04-09-2003, 01:37 AM
www.wardriving.com
its all you need my friend:D
its all you need my friend:D
jsicuran
04-09-2003, 11:38 PM
Originally posted by Light
Can anyone recommend a good Windows program that will sniff WLANs while driving?
I'm using a Siemens 32bit SpeedStream
Try...
Baseband Technologies Linkferret.
http://www.linkferret.ws/wireless/wireless.htm
http://www.baseband.com
/JS
Can anyone recommend a good Windows program that will sniff WLANs while driving?
I'm using a Siemens 32bit SpeedStream
Try...
Baseband Technologies Linkferret.
http://www.linkferret.ws/wireless/wireless.htm
http://www.baseband.com
/JS
beta999
04-10-2003, 03:35 PM
Originally posted by roofy
www.wardriving.com
its all you need my friend:D
Say I want to be a wardriver. Can I just find some un blocked WiFi network and download as many files as I want using their network? Or can they detect that somebody is using a lot of bandwidth and catch me? Thank you!
www.wardriving.com
its all you need my friend:D
Say I want to be a wardriver. Can I just find some un blocked WiFi network and download as many files as I want using their network? Or can they detect that somebody is using a lot of bandwidth and catch me? Thank you!
dld121
04-14-2003, 10:39 AM
beta999,
If you use someone elses WIFI network it could be someone like me who runs two networks. Both are connected to the internet. One is inside my DMZ firewall and running at 22mb (locked) all the time so only 22mb wifi equipment can attach to it. WEP is turned on, and MAC filtering is in place. SSID broadcast is turned off. There is a 2nd Firewall between the WAP and my internal network.
My other WAP is running standard 802.11b without WEP, is broadcasting a "default" SSID, and it does not filter on MAC addresses. So someone wardriving could hit the second WAP to access the internet. (This WAP is outside my firewall.) Another name for this is a "Honey Pot" and it serves as lure for hackers so that they will play with for a while. The internet connectivity will often keep someone on it for a long time, this way his/her activity can be monitored, sniffer trace captures can be saved to disk and analyzed later, this can be used to find out the identity of the person.
Occasionally I will have a sniffer device attached to the 2nd WAP "Honey Pot" network hub so that I can view and capture all traffic that crosses that part of the network...filtering out my own internal traffic is easy, and by doing this, I can run a sniffer for hours and it will only capture traffic that is generated by newcombers.
So if someone attached to my network while I was capturing traffic and they left their "FileSharing" and "Windows Logon" enabled when they connected, I will have the computer name, the MAC address, and maybe even the persons email POP3 userid and password. For me to get the email ID and Password all someone would have to do is check his/her email with MS Outlook Express or another POP3 email program once while connected to my network.
So think twice before you start using someones wireless network.
dld121
If you use someone elses WIFI network it could be someone like me who runs two networks. Both are connected to the internet. One is inside my DMZ firewall and running at 22mb (locked) all the time so only 22mb wifi equipment can attach to it. WEP is turned on, and MAC filtering is in place. SSID broadcast is turned off. There is a 2nd Firewall between the WAP and my internal network.
My other WAP is running standard 802.11b without WEP, is broadcasting a "default" SSID, and it does not filter on MAC addresses. So someone wardriving could hit the second WAP to access the internet. (This WAP is outside my firewall.) Another name for this is a "Honey Pot" and it serves as lure for hackers so that they will play with for a while. The internet connectivity will often keep someone on it for a long time, this way his/her activity can be monitored, sniffer trace captures can be saved to disk and analyzed later, this can be used to find out the identity of the person.
Occasionally I will have a sniffer device attached to the 2nd WAP "Honey Pot" network hub so that I can view and capture all traffic that crosses that part of the network...filtering out my own internal traffic is easy, and by doing this, I can run a sniffer for hours and it will only capture traffic that is generated by newcombers.
So if someone attached to my network while I was capturing traffic and they left their "FileSharing" and "Windows Logon" enabled when they connected, I will have the computer name, the MAC address, and maybe even the persons email POP3 userid and password. For me to get the email ID and Password all someone would have to do is check his/her email with MS Outlook Express or another POP3 email program once while connected to my network.
So think twice before you start using someones wireless network.
dld121
jsicuran
04-14-2003, 11:17 AM
So if someone attached to my network while I was capturing traffic and they left their "FileSharing" and "Windows Logon" enabled when they connected, I will have the computer name, the MAC address, and maybe even the persons email POP3 userid and password. For me to get the email ID and Password all someone would have to do is check his/her email with MS Outlook Express or another POP3 email program once while connected to my network.
True for the kiddies, but the computer name could be changed(spoofed) to anything as well as the mac address. As for email one can use a personal smtp server to send emails directly to other users without the need to authenticate with an ISP.
A laptop and card purchased from an "off the truck" source makes it very hard to track down. So even if you were sniffing and you obtained some hardware signiture in part of a packet or some Windows info(If windows is used) describing a laptop's model/SN or the wireless card's model/SN it would be almost impossible to track it from the manufacture to the vendor if it was stolen or sold sevreal times with no receipets.
Your honeypot is a good idea to learn about some exploit patterns and behavior but for the pro you are just giving them an open portal for access...
/JS
True for the kiddies, but the computer name could be changed(spoofed) to anything as well as the mac address. As for email one can use a personal smtp server to send emails directly to other users without the need to authenticate with an ISP.
A laptop and card purchased from an "off the truck" source makes it very hard to track down. So even if you were sniffing and you obtained some hardware signiture in part of a packet or some Windows info(If windows is used) describing a laptop's model/SN or the wireless card's model/SN it would be almost impossible to track it from the manufacture to the vendor if it was stolen or sold sevreal times with no receipets.
Your honeypot is a good idea to learn about some exploit patterns and behavior but for the pro you are just giving them an open portal for access...
/JS
jatkins679
04-14-2003, 11:37 AM
Originally posted by jsicuran
[I]Your honeypot is a good idea to learn about some exploit patterns and behavior but for the pro you are just giving them an open portal for access...
Agreed. I would argue that this honeypot in and of itself is a security risk since all it does is encourage people to delve more into your network. I would wonder, too, how many admins have the kind of free time to setup and maintain such a thing anyway.
[I]Your honeypot is a good idea to learn about some exploit patterns and behavior but for the pro you are just giving them an open portal for access...
Agreed. I would argue that this honeypot in and of itself is a security risk since all it does is encourage people to delve more into your network. I would wonder, too, how many admins have the kind of free time to setup and maintain such a thing anyway.
dld121
04-14-2003, 11:39 AM
jsicuran,
True enough. Anyone who is an experienced network person would be prepared with SSL or VPN for email. So the ID's and passwords are not going to be captured from a professional hacker. MAC addresses are not much use, except to keep track of how often a particular cards' address is accessing your system.
My response wasn't written for the professional hacker, rather to inform the non-professional that someone could be watching.
For the person who doesn't know much about networks...they should be very careful about borrowing someones WIFI network connection.
The safest for most any WIFI connection public or private is to assume that all your traffic is being captured. Remember that others are watching everything you do. This can keep some people from doing things that they shouldn't.
The Professional Criminal will just become more careful, and do worse and worse things until they get caught. Then they will do some jail time. Life is much easier if you just don't do anything that you shouldn't,
dld121
P.S. - I am not saying that using an open WIFI network connection is right or wrong. I am just suggesting that if you use one, act like you are a guest in someone's home because the home owner might be watching everything you do. It could be embarrasing if the home owner likes to tell everyone what sites are visited by those who use his/her open network connection.
True enough. Anyone who is an experienced network person would be prepared with SSL or VPN for email. So the ID's and passwords are not going to be captured from a professional hacker. MAC addresses are not much use, except to keep track of how often a particular cards' address is accessing your system.
My response wasn't written for the professional hacker, rather to inform the non-professional that someone could be watching.
For the person who doesn't know much about networks...they should be very careful about borrowing someones WIFI network connection.
The safest for most any WIFI connection public or private is to assume that all your traffic is being captured. Remember that others are watching everything you do. This can keep some people from doing things that they shouldn't.
The Professional Criminal will just become more careful, and do worse and worse things until they get caught. Then they will do some jail time. Life is much easier if you just don't do anything that you shouldn't,
dld121
P.S. - I am not saying that using an open WIFI network connection is right or wrong. I am just suggesting that if you use one, act like you are a guest in someone's home because the home owner might be watching everything you do. It could be embarrasing if the home owner likes to tell everyone what sites are visited by those who use his/her open network connection.
jsicuran
04-14-2003, 11:59 AM
Good points DLD
I always liked this one" It could be embarrasing if the home owner likes to tell everyone what sites are visited by those who use his/her open network connection."
I wonder how many wardrivers used some home's connection to purpously access some porn sites so the homeowner gets in trouble by his wife if they have some kind of link log or scanning for the kiddies:D
I can hear it now" But honey I was not visiting x** .com, beleive me, I wuv you" ha ha ha...
/JS
I always liked this one" It could be embarrasing if the home owner likes to tell everyone what sites are visited by those who use his/her open network connection."
I wonder how many wardrivers used some home's connection to purpously access some porn sites so the homeowner gets in trouble by his wife if they have some kind of link log or scanning for the kiddies:D
I can hear it now" But honey I was not visiting x** .com, beleive me, I wuv you" ha ha ha...
/JS
wi-fiplanet.com
Copyright 2007 Jupitermedia Corporation All Rights Reserved.
Copyright 2007 Jupitermedia Corporation All Rights Reserved.