Who is this an issue for? Residential and commercial or just commercial? I've been told that it's an equal problem for both.

Would going with 11.a reduce the possibility for attack? I'm thinking range and "newness" might help here.

Thoughts?

-Mike

I think this is a problem for homes. Many homes are now beginning to deploy WLANs and most of them don't use any type of security. So, a war driver can jump on their network and use the home's Internet connection. This could become the "poor mans" Internet service (find a home with a WLAN and park outside and surf the web for free).

I agree that at first, the 802.11a home networks won't be visible to most war drivers due to limited proliferation. The limited range could also minimize such attacks. I'm currently doing some testing in a few homes for both 802.11a and 802.11b range. Once I have the data, I'll post another reply with the results for 802.11a (we'll check the range in front of the homes as well).

Hi Jim,

Thanks for the response.

Are you using the vendor apps to measure range or another product? I went out and picked up the MR814 and DI-714 this weekend and have been playing with them a bit myself. Funny enough I can't get either of their monitoring programs to work. GGGggrrr.....

I'm running 98SE on the laptop, so that might be a factor. When I talked to tech support they didn't recognize ther own menus which seems to indicate they're using a newer OS that may have different option tabs?

Anyway, the main free network monitoring app I found won't run with either netgear or D-Link cards so I'm looking for something else. Got any suggestions?

For this testing, I'm using a laptop running WinXP (which makes it easy to switch cards). The operating system has a decent guage, and it's always good to measure using the same type of equpment (user device, radio NIC, and antenna) that the user will be operating. I also use a handheld analyzer from AirMagnet to obtain signal-to-noise ratio (SNR), which is a true measure of the ability to maintain communications with the access point.

I have seen a lot articles in different magazines and other media touting wardriving=hacking, wardiriving is dangerous, wardriving is criminal. Unfortunately so many of those articles are more sensational than true.

Imho wardriving as such is a benign activity, and pretty harmless. The problem rises if somebody uses the knowledge collected by wardriving (or other means!) to trespass those wireless networks. Most wardrivers do not hack the networks, they just collect the information (SSID, MAC, latitude/longitude, WEP enabled or not etc.) Those who do, can be deterred by sober security practices.

Assuming a basic level of security -- WEP enabled -- most if not all hacker-wannabees are kept away. Even by using suitable tools to crack "weak keys" an attacker has to use hours, if days, listening the network traffic. Real wardrivers just drive by and log existence and some vital characteristics of a network. They do not park themselves in front of your office for days.

Disabling beaconing prevents the SSID to be seen, and adds another level of protection. Having APs outside sensitive networks (in DMZ, for example) and using VPN for access to the corporate network should be the rule, not an exception. Etc., etc. - just by doing basic security measures the wardriving "problem" is not a problem any more.

I believe that wardrivers do rather an useful service for the community: They make the inherent weakaness and security issues of a WLAN visible: Anybody can pick the signal, often pretty far away, and attach himself/herself to the network. That is, if you do not do your security homework.

I am more worried about the Real Industrial Spies, they do not make high profile nor they want anybody to know about their existence or potential security holes. They have the time and resources needed for WEP cracking, they may afford to use professional tools to spy and steal trade secrets, and they have nothing to do with wardriving. But the medicine is, again, descent security measures.

For home networking, this is mostly an educational issue. We can safely assume that a home user does not buy any VPN products, nor have they any security competence. However, virtually all 802.11b products I know about have WEP, but it is by default disabled. Home users should be encouraged and instructed to enable WEP, and that should help their security enormously. More than using WEP is likely seldom needed in home networks.

Another sad story is Windows XP, which is so eager to give that "eXPerience" of networking, that it attaches itself automatically to any and all networks it happens to find (assuming again the default configuration). WinXP makes many innocent users to accidentally attach themself to neighbour's unprotected network - no war driving needed, nor conscious hacking attempt!

Wardriving is not a crime, yes I do sometimes use an open AP to check email or do a low bandwidth task. If wep is enabled they must not want me to intude so I don't. What other way are you going to distinguish if the AP owner doesn't mind you on thier AP? Alot of Stumblers(www.netstumbler.com) just do it for fun or to inform others that we do have a security issue on our hands, default setting on most APs is wep disabled. If you would like to know more I would suggest you goto the netstumbler forum and ask what you want to know.

Bugilt.

Thanks guys, I appreciate the responses.

Jim,

I didn't know that about xp. GGgggrrr.. I just ordered 2k pro for my laptop. Maybe I'll get xp and dual boot it. I'm prolly gonna need it anyway.

Ted,

Is disabling beaconing done in the AP itself? I've been playing with a dlink and netgear and don't recall running into that option anywhere? Is it a feature I'd only expect to see in a enterprise class product?


bugilt,

Ya, those bastages at netstumbler are going to force me to spend money on a new card if I want to use the software. Small price to pay for a free wireless analizer I guess.;)

Mike,
In Cisco access point 350 it is the option "Broadcast SSID." I am not sure how many APs of "home network quality" do have a similar option.

Btw. the Netstumbler program did originally support only Orinoco/Avaya and compatibles, but the newest version is said to work on more cards. Netstumbler is not quite a "wireless analyzer" but may be useful for some kind of surveys. It is designed for basic (and fast) property gathering of many networks, and is indeed dependent on the beacon feature. The current release is still preliminary, and finalizing will take time - it is a hobby project of it's author.

Ted

Originally posted by Ted
In Cisco access point 350 it is the option "Broadcast SSID." I am not sure how many APs of "home network quality" do have a similar option.

I know that the newer D-Link APs have the ability to "broadcast SSID" or not. I know the 614+ and 900AP+ do for sure.

Originally posted by color_copier


I know that the newer D-Link APs have the ability to "broadcast SSID" or not. I know the 614+ and 900AP+ do for sure.

Linksys BEF access points have this feature as well

If you can turn off the broadcasting of SSIDs in the beacons, then you certainly add some security (i.e., WinXP and most analyzers won't capture the SSID). Keep in mind, however, that you can still obtain the SSID from association requests even if the SSID broadcasting is off. I've turned off the broadcasting and used an analyzer that captures the 802.11 frames to easily find the SSID. For this to work, though, you need to capture the association frame, which occurs when the user device boots up.

Or spoof a deauthenticate frame, which will cause the client to immediately reconnect, divulging the SSID.

Incidentally, I am aware of one case in which someone compromised a residential AP and emailed a death threat to a third party. Fortunately, the homeowner was able to prove that he was not home at the time (keep those boarding passes, kids..), but not before a 3am search warrant execution.

I execpt that residential cable modems and DSL connections with less-than-adequate security will be targets for both hackers who want to hack third parties with impunity and spammers who seek similar free and anonymous bandwidth.

I also expect spammers to be the death of "freenets".

I think of war driving as being as harmless as turning on your radio and picking up a boradcasted signal, which is EXATLY what you are doing. I also recommend turning off the SSID Broadcast although as Jim said you can still pick it up when a user authenticates to the access point at which time the SSID is decloaked during the authentication. The tools I've seen which are capable of picking this up are linux tools.

I've found this feature in the Linksys BEF APs with the latest firmware. I've not tried this on the WAP11 but do plan to test one soon. I personally never bought an access point, I built one using a d-link PC card with the prisim 2 chipset, pcmcia to pci adaptor, and StarOS http://www.station-server.com. This has been the best solution I've seen because it is a cost effective linux release designed by ISP's for ISP's to get the best features with a neat SSH client and user (I guess you can call it a) GUI. Novices beware, this OS is only helpful if you know a good bit about networking.

Originally posted by JimGeier
For this testing, I'm using a laptop running WinXP (which makes it easy to switch cards). The operating system has a decent guage, and it's always good to measure using the same type of equpment (user device, radio NIC, and antenna) that the user will be operating. I also use a handheld analyzer from AirMagnet to obtain signal-to-noise ratio (SNR), which is a true measure of the ability to maintain communications with the access point.

This might be a bit off-topic and I apologize in advance for that. I'm using WinXP and I think I know what gauge you are talking about. Some of our laptops at work have it displayed in the task bar constantly. They are running Orinico wireless cards and my home laptop is running a 3Com card. Is there a way that you know of to get that signal meter in my task bar on my home laptop?

that little meter is an Orinoco thing. 3com won't do it, unless their client utility has something.