Securing wireless access points: War driving and war walking

This portion of the Vines penetration testing tip on securing wireless access points describes war driving and war walking.

War driving is a term used to describe the process of a hacker who, armed with a laptop and a wireless adapter card and traveling via a car, bus, subway train, or other form of mechanized transport, goes around sniffing for WLANs.

War walking refers to the same process, commonly in public areas like malls, hotels, or city streets, but using shoe leather instead of the transportation methods listed above.

The concept of war driving is simple: Using a device capable of receiving an 802.11b signal, a device capable of locating itself on a map, and software that will log data from the second when a network is detected by the first, the hacker moves from place to place, letting these devices do their job. Over time, the hacker builds up a database comprising the network name, signal strength, location, and ip/namespace in use.

Via SNMP, the hacker may even log packet samples and probe the access point for available data. The hacker may also mark the location of the vulnerable wireless network with chalk on the sidewalk or building itself. This is called war chalking, and alerts other intruders that an exposed WLAN is nearby.

Common war driving exploits find many wireless networks with WEP disabled, and using only the SSID for access control. The SSID for wireless networks can be found quickly. This vulnerability makes these networks susceptible to what's called the parking lot attack, where, at a safe distance from the building's perimeter, an attacker gains access to the target network.


Penetration testing -- Securing wireless access points

  Introduction
 War walking and war driving
  WLAN vulnerabilities, SSID issues, WEP weakness
  WLAN DoS attacks, MAC address vulnerabilities
  Wireless testing tools
  WLAN security countermeasures

About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is
The CISSP and CAP Prep Guide, published by John S. Wiley and Sons.

This was first published in February 2007

Dig deeper on Identity management and access controls

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close