Slashdot Mirror

NetStumbler for Windows and MiniStumbler for Windows CE downloads are at:
NetStumbler.com

I've been told that the software that actually did the sniffing wasn't NetStumbler, but rather it was Kismet. I don't know the original source of who knows this firsthand though, so I can't verify this. However if this is true it's interesting, because it would mean A) Google was likely using a non-Windows system to do the wireless packet sniffing, B) the author of NetStumbler was using another sniffing utility to do the work rather than his own tool, which would be an interesting irony.

NetStumbler for Windows and MiniStumbler for Windows CE downloads are at: NetStumbler.com

Downloads are free but PayPal donations are accepted.

1. Download a Ubuntu Live CD.
2. Open a terminal and type "sudo apt-get install aircrack-ng"
3. If aircrack-ng installs successfully (you may need to connect an ethernet cable to get an internet connection), type "sudo airmon-ng start wlan0".
4. Type in "sudo airodump-ng mon0" and you'll get a nice list of all the wireless access points in your area (even the hidden ones).
Aircrack-ng (and airodump-ng) documentation can be found here.

You can also try NetStumbler, which runs on Windows, but it much less powerful.

Use NetStumbler http://www.netstumbler.com/ to determine the signal strength of all the other access points to see if any of the channels will have low interference. Although you may see lots of access points, they could be very feint signals because beacon frames are short at about 50 bytes (compared to 1500 for a typical data frame) so they're a lot easier to receive. The strong signal from your own apartment/condo should be able to drown out the noise from all the feint AP signals but if the people next door to you have an AP then it could slow you down so that's why you need to check for strong signals with NetStumbler.

I built one of these with an old dish a while back and was surprised how well it worked. I used it as a cheap proof-of-concept antenna for a 0.7 mile point to point wireless link and connected it to my laptop and NetStumbler to test signal strength. Fun project
Pete

Voting machines with WiFi have been produced, and apparently not as a joke. The commodity hardware from Diebold includes an IRDA port.

What about Wifi Baloons? This may become very cheap, and cover a much larger area.

Sub LaserCallback (bssid, ssid)
If Robot Is Nothing Then Set Robot = CreateObject("Skynet.T9000")
Robot.PointLaserAt(bssid)
Robot.Say "Hasta la vista, " & ssid
Robot.FireLaser
End Sub

I would consider it to be criminally negligent.

It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs.

Lets stop talking about Filibusters and start talking National Security

The name is 345y for me to come off like the 3|\|f0rc3r' Mass Stumbling muthafskas in a course of An everyday situation where I would stalk by Fsck the car, I do a muthafsking walk-by

here

I thought about this after having read a similar proposal a year ago on a blogger's post. For people who wardrive, couldn't this very feature be added on netstumbler quite easily? Mac-heads running iChat and Rendezvous have been reaping the benefits of zeroconf and ad-hoc networks for years now, the same can easily be done for wifi devices such as PDA's with a wardriving kit (GPS, high power antenna, etc.).

I've actually done that before. The only problems you can run into is battery life. I use NetStumbler http://www.netstumbler.com/, put it into the auidble mode, put my laptop into power-save mode so it doesn't completely destroy the battery, and leave it in its case. It can be a hassle, but if it isn't something you do too often it's not too bad.

**snip** Kansas. *hmm err hmm* Done **snip**

Hey, we have 2 outside Kansas City, and a few on our side of the river in Kansas City, that are available right here in "good old Kansas". Entering that data could easily take several seconds.

NetStumbler has had GPS-WiFi mapping for some time now. This is not new.

Any idea if they used NetStumbler for this little project?

Hmm.. Well, the best AP's I know of are the Cisco's and they're all dual antenna. They also cost about a grand a pop, but still...

In any case, the best resource I know of for this sort of basic info is the NetStumbler forums. They have a FAQ section in the forum separated by categories and such, and it seems like it'd be useful for newbit type questions and such. Give it a read through. It's not a "ask a question get an answer" type of forum, they're just using the forum software to hold the FAQ, sort of thing.

Link: http://forums.netstumbler.com/forumdisplay.php?f=1 9

Oh, and one copy of Netstumbler 0.4 (just released!) from http://www.netstumbler.com/. $0.00. Netstumbler works fine with the Netgear MA111 adaptor. I haven't tried it with the BSD scanning tools yet.

Today "Tom in Marketing" can set up a wireless access point in about 5 minutes, potentially leaving a door open to the rest of the network.

To check if there are any wireless networks around, you might have to wardrive the premises. An laptop, a WiFi card and network stumbler is all you need for a quick scan of the surroundings. Depending on the layout of the company, a GPS can be added to pinpoint a rouge accesspoint easier. Not strictly necesary though. Just take a walk around the building and you will see what pops up, some of it might be part of your wired network, bridged to wireless and left open to the world.

Sniffing traffic on an unauthorized part of the network is not dificult, snort or similar can do the trick. Fysically removing the AP is easier though... "Tom" will report to your office to get his router/bridge back ..

In tribute to this "Great Book" I submit a great site. Netstumbler.com and Netstumbler.org Forum

yeah a site exists where people do similar things like this for fun... it should help with some info on equipment and FAQ's . http://www.netstumbler.com

I think one or two people may have done something similar... Maybe Slashdot might be of assistance

Ministumbler is a CE version of Netstumbler that runs great on my iPaq. You can even have it dynamically hop between the strongest AP's to - it reconfigures your card settings.

I use a PCMCIA card, but i would probably recommend the CF card option, since they use less power.

we're getting pretty far off target from a family home computer here but, here are some of my favorite alternatives to the above list;

mozilla - if prefer MyIE2
ws ftp - i much prefer filezilla
PuTTY - try transparent putty
vnc - if you're running xp or 2k you should go with ultravnc
gnu-emacs - yikes!if you must have a unix style text editor under windows, may i recommend cream for vim
free-av - i'd probably go with AVG anti virus
boingo - don't forget netstumbler

here are a few more i install before i ever run a new system;

foobar2000 console2
divx player
stuffit expander
trillian
and if you need an email client try popcorn

i've got links to lots more free windows software at my links page

That site was my inspirationg in the begining. Here is a pic of mine: My dish

There is a whole lot of info in the netstumbler threads: netstumbler.com

The downside with the el-cheapo sniffers is they don't tell you if the AP is locked down or not. I think your best bet currently is still a PDA with decent sniffing software.

Yep. Like Netstumbler for PocketPC.

And yes, I feel like a karma-whoring-linker today.

Prepare to be impressed. Wireless works in a moving vehicle (although, obviously the preferred mode for drivers is parking-lot surfing).

Looky here, this is what the PCMCIA sockets are for: Stumbler, Kismet, Paketto, etc....

Sending a certain string over a certain UDP port will cause the AP to return the WEP key, mac filter settings, and admin password over the WLAN and LAN side.

Exploit can be found here

Makes me glad to have bought an Apple Airport for a change.

• GlobalSunTech develops Wireless Access Points for OEM customers like Linksys, D-Link and others. Capturing the traffic of a WISECOM GL2422AP-0T during the setup phase showed a security problem.

  Sending a broadcast packet to UDP port 27155 containing the string "gstsearch" causes the accesspoint to return wep keys, mac filter and admin password. This happens on the WLAN Side and on the LAN Side.

  Systems Affected:

  • 
    Vulnerable, tested, OEM Version from GlobalSunTech:
    
  • WISECOM GL2422AP-0T
  
  Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
  • D-Link DWL-900AP+ B1 version 2.1 and 2.2
  • ALLOY GL-2422AP-S
  • EUSSO GL2422-AP
  • LINKSYS WAP11 v2.2

In other news, JWZ's DNA Lounge is having troubles with their Linksys WAP11-based wireless link, which is their only connectivity right now.

• "...the best sustained throughput they can handle is on the order of 64k."

(They lost their T1 due to XO's bankrupcy and above.net closing a facility. Another T1 is on the way, but it'll be a couple weeks...)

Rather than using signal strength for triangulation, you use it to record a "radio map", and compare your current position to the map. The basic steps are:

1) Walk around a room, recording the signal strength to each AP (so you get a file such as "Access Point #1, Avg signal: 96 AP#2, Avg signal: 74 ..." ). Netstumbler or other software can help you make this file.

Create a "profile" like this for every location you wish to map (roughly, one every square foot or meter). The number of profiles determines the granularity of the system, but too many profiles can cause "collisions" in the sense that different locations have similar profiles, for some reason or another. There are ways to combat this, one of which is to make an educated guess on the new location based on the last one. (i.e., the user could not have walked over 10m in one interval)

2) When a user connects, they can compare their current signal strength info ( such as AP#1, signal: 34 AP#2, signal: 74) to the map: the closest point is probably their location.

I did a simple euclidean distance calculation (taking each profile as a vector in some large space [cool how the pythagorean thm. generalizes, eh?]. There are many better ways, which I am researching this semester, but euclidean distance is fine for now.

I'm pretty sure this is why they must spend an hour per 10,000 square feet to "calibrate" the system. I had to do the same, but it was a *lot* slower; I need to make a tool to do this automagically.

This semester I am also looking to get my system working with an ipaq robot running familiar. It's the combination of the palm pilot robot kit and this positioning system. Hopefully, the little robot should know (roughly) where it is, and be able to be controlled via the internet.

Check out my webpage if you are interested in more details.

Thats right, the scum of the network are taking advantage of open wireless networks, whether they are chalked or grabbed off online maps such as net stumbler dot com. The rise of drive-by hacking is a natural by-product of the wardriving/chalking community, and it would be naive to considering this a surprising development. Highjacking an open wireless network is only the smart thing to do for hackers whether they are after data or just a spamming platform.

This puts the pressure on network administrators to secure their wireless networks. It is far easier to drive by a NAP and jack in, and the proliferation of wireless networks could obsolete physical intrusion techniques such as connecting a Dreamcast or iPAQ to an internal network. Tools for wardriving are readily available, such as THC-warDrive. A lazy or incompetant network administrator makes it easy for a kid with the parents car, a pringles can, and a laptop.

The cost might not go down, but the client base will go up and their margins on profit might even be smaller, but more customers *should* = more money.

Even the ghetto will have fiber to it's door, with the street dealers taking orders with 802.11(x) iPaq's for crack; and with the FED's downloading NetStumbler and tring to get in on the action.

GOOD TIMES!!!!

Nothing illegal about this or wardriving. However, if you take it to step 2, which is wep cracking or attempting to join the network, then you are in the same boat as walking into an office and plugging in and nosing around. Netstumbler Forums has more info on this, but as you will read most of the people there do this strictly for the fun of it and do not promote accessing other people's networks.

I agree. I don't buy the statement that they are using it to figure out the "tricks of the trade." Anyone can figure out the tricks of the trade by browsing a couple websites. I found netstumbler after doing very little research into this matter.

They are laying the groundwork for controlling and making precedent for what is "unauthorized access." Don't be suprised when someone is arrested for browsing /. from a public transportation bench in the near future. Its a shame that so many sysadmins can't do their job that people like this have to do it for them.

They already have that. Now, imagine you're walking down the street and you need to find an open system. You can't check the web to find one because you need to find one to check the web. This is supposed to be a solution to the problem. (although netstumber/ministumbler would be fine too)...

I had an old Palm 5000 (before the convenience of backlights). Worked just fine until one day the touchscreen simply died. C'est Le Vie...

Now, I have an Ipaq 3635 and just love it. It's capable of running Linux, it has decent rechargable batteries in it, has a nice PCMCIA slot on it, it can be used as a portable security scanner, and did I mention that it can run Linux?

The color screen is pretty decent too. It can even play mpeg files.

Try THAT on your palm device...

True AP mode with Orinoco cards under Linux? Can't be done as far as I know. You must be in ad-hoc mode. FYI actual AP mode with an Orinoco can be done in Windows with the Lucent driver and some undocumented registry settings - for details look here

The only cards that will do actual Access Point mode under Linux are based on Prism2. The HostAP driver provides full AP mode including offloading WEP to the CPU (128 bit WEP on a 40 bit card!), MAC filtering, and lots of other fun stuff. Works beautifully. Check it out here

Now all we need are the 3lee7 h4x0rs drive-by-DOS'ing.

Does anyone know if they've included any extra security packages?

Seeing how WEP is basically an open door, I see no reason not to have ipchains installed and operational by default.

The software is there. Anyone know if they are using it? If not, it seems a bit a complete open door to these guys...

I have my apartment # in my SSID on my wireless AP so people "Netstumbling" can come and chat with me. No takers yet. Yes I am using WEP so that actually have to come see me if they want access.

Although obviously a generic press release, but cute that they don't mention security concerns.

I used to feel the same way until I realized that encryption doesn't keep others from using your network; MAC address filtering does that. What encrytpion does is prevents anyone who happens by with a laptop from sniffing your traffic, including all your clear text POP3 and FTP passwords.

And realize, there are lots of people going around looking for wireless networks to connect to.

Needless to say, I have decided that 128 bit encryption is a must (along with MAC address filtering, of course). I'm glad I didn't buy my access point yet.

With netstumbler, it's easy to map out your freshly discovered APs easily. After you have returned from some wardriving, simply export your netstumbler log, and upload it here. It will output a Microsoft MapPoint 2002 file which will display a pushpin covered map which shows you all the APs that you just discovered.

With netstumbler, it's easy to map out your freshly discovered APs easily. After you have returned from some wardriving, simply export your netstumbler log, and upload it here. It will output a Microsoft MapPoint 2002 file which will display a pushpin covered map which shows you all the APs that you just discovered.

To little, to late, and TO EXPENSIVE!

I owned a Palm VII. Found the wireless service horribly slow, pricey (yet another indication that measured use only discourages people from becoming loyal customers) and useful really only for email (the little web-like applications were terribly limited). The Palm ended up being used 99% of the time as my calendar.

I bought a Compaq Ipaq with 802.11b card and back for the Ipaq this fall. I use it nonstop, love the real browser, the speed and openness of the connection (I can run it at home, work, coffee shop, etc.), and absolutely love the price! (Now, if it could only run Netstumbler...

So, unless it completely falls apart, I'd suggest Palm might become a nice acquisition for AOL/TW. Use that Netscape browser for a change and put out wireless browsers with AOL email. Yea, it'd be gross and for the masses, but perhaps AOL/TW would understand the scale necessary to push this product and get it everywhere for $99. Otherwise, Palm's proved once again that the Apple route is the best way to guarantee failure.

*scoove*

A couple weeks ago, I bought an Orinoco Gold access card, downloaded netstumbler, and had my homemade Pringles antenna ready to go.

The wife and I got out last Sunday to see if I could find any access points. We live a few files from Indianapolis, so I figured we would have to go downtown to find any access points. NOT TRUE! Many of the APs we found were on personal home networks. Every time we would pass an apartment complex.. blip!.. an AP or two would show up. Where they encrypted? Heh, no. We made one loop through downtown Indy and came back to our house and we found 40 access points. 5 were encypted.

So, we found one near a Mr. D's (grocery store). We stopped in the parking lot, I set up my Pringles antenna, and browsed the web via someone's @home connection. Really cool!

You can imagine the looks that I received when passersby saw me scanning back and forth with a pringles antenna, wires coming out of it, and a laptop on my lap. Anyway, wardriving is fun for the whole family. It's kinda like Geocaching, but quite a bit easier. :)

Yeah, like what's the use of Open Source too?? Why not keep your good ideas to yourself. Nobody would want the software somebody else wrote anyway, right? Get a clue, pal. Attach a 15dBi gain antenna to your access point and put it 60' in the air. You'll see just how far it'll go. Chances are you're access point is already being used by others and you don't even know about it! Get on the bandwagon..

Lets hope it brings prices on 802.11b gear down a little. I'm looking forward to doing some Wardriving in Chicago next summer. :)

Cheers,

IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):

The basic act of identifying a wireless network while on the 'public way' is ethical, and usually legal. The moment you connect to a network and begin to access their machines or use their resources, you are on very shaky ground ethically, and, while unlikely to be prosecuted, are committing a criminal act.

Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!

Are you even reading this thread? How in the world are you tagging this fork of the thread as offtopic? It was an answer to a relevent strain of precedence that would have direct effects pertaining to any lawsuit brought against developers of GPL'd software.

If it's correct, that no successful suit has even been brought against a manufacturer of personal weaponry for the actions of the customer base, then it's logically extensible to the software industry with proper licensing agreements.

If this is not the case, then Microsoft is responsible for any network intrusion using unauthorised installations of SMS, or the cDc for any intrusions made with Back Orifice, or Symantec for surreptitious use of PC anywhere (Example argument here).

Do you honestly think either case is going to happen? In the same universe that neither of those cases would occur, lives software coded under the GPL and distributed without warrantee, as accepted by the user each and every time they use that product.

A good example exercise would NetStumbler, an exquisitely useful diagnostic tool which just happens to be a large double edged claymore of a sword. Are the authors of this software responsible for any use that leads unauthorised parties into a poorly configured (read: Unsecured) 802.11b network?

If you'd like to kick the ball about in left field, is Ford or Budweiser responsible for any deaths at the hands of a drunk driver? The answer is, vehemently, no, because humans possess free will and can do stupid or illegal shit at anytime. They accept responsibility for their actions anytime they turn a key, pop a bottle cap, or click a mouse. The differences in prosecution will lie wholly in the intentions behind the action, and the consequences of the same. The bottom line remains, however, that the manufacturer/developer is NOT responsible for the actions of (arguably) sapient users in possession of power tools.