Network penetration testi

Securing wireless access points: War driving and war walking

War driving is a term used to describe the process of a hacker who, armed with a laptop and a wireless adapter card and traveling via a car, bus, subway train, or other form of mechanized transport, goes around sniffing for WLANs.

War walking refers to the same process, commonly in public areas like malls, hotels, or city streets, but using shoe leather instead of the transportation methods listed above.

The concept of war driving is simple: Using a device capable of receiving an 802.11b signal, a device capable of locating itself on a map, and software that will log data from the second when a network is detected by the first, the hacker moves from place to place, letting these devices do their job. Over time, the hacker builds up a database comprising the network name, signal strength, location, and ip/namespace in use.

Via SNMP, the hacker may even log packet samples and probe the access point for available data. The hacker may also mark the location of the vulnerable wireless network with chalk on the sidewalk or building itself. This is called war chalking, and alerts other intruders that an exposed WLAN is nearby.

Common war driving exploits find many wireless networks with WEP disabled, and using only the SSID for access control. The SSID for wireless networks can be found quickly. This vulnerability makes these networks susceptible to what's called the parking lot attack, where, at a safe distance from the building's perimeter, an attacker gains access to the target network.


Penetration testing -- Securing wireless access points

 Introduction
 War walking and war driving
 WLAN vulnerabilities, SSID issues, WEP weakness
 WLAN DoS attacks, MAC address vulnerabilities
 Wireless testing tools
 WLAN security countermeasures

About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is
The CISSP and CAP Prep Guide, published by John S. Wiley and Sons.


This was first published in February 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: