Domain: netstumbler.org
Stories and comments across the archive that link to netstumbler.org.
Comments · 13
-
Re:Wikipedia and research papers.
As any first-year college student can tell you, an encyclopedia is not meant to be an authoritative source, nor can it be used a primary source in a properly-written research paper.
Why not? OK - I know what you are getting at, but there can be a lot more to a properly-written research paper than the actual research. If I need a few sentences on the history of someone or something, (background or related work), I'm not going to find it in a proper journal article, and there are a lot of people that don't have published biographies to look at. Also, I have seen peer-reviewed articles that are just wrong. One claimed that using the SUM of blocks was a good cryptographic checksum - they would be wrong. How that made it past the peer-review I'll never know.
I think the rule "no encyclopedias" is used as a fail-safe mechanism to prevent students from using an encyclopedia as their only reference, or over-using it as a reference. The real rule should be: Use your judgement on whether or not it is a good reference. However, there are a lot of students that don't have good judgement in this area and need the rule.
I could see the same rule being applied to posts in an Internet forum - "An Internet forum is not an authoritative source." OK - Then explain the KoreK attack on WEP. The attack was posted on the NetStumbler Forum. Would the URL for that post be acceptable as a reference? In context of WEP attacks, it should be. Why? Because anyone other reference will eventually trace-back, through other references, to that post.
I agree that Wikipedia has a lot of articles with mistakes in them. There are also a lot of peer-reviewed papers with mistakes in them. We're human. It happens. I think there will be a lot of headaches from trying to define what a good reference is in the near future as more and more information is served-up through the web. Think about how you get your information on configuring Linux. Was it a journal paper or was it some guy who worked through the problem and posted results on their blog? If you are conducting experiments on performance, how do you know what settings to change, or what those settings do? You probably found it on some blog, website or forum and not in a traditional paper.
-
Re:come here, sweetheart
Ya, it does. http://www.netstumbler.org/f49/disabling-ssid-broadcast-slows-bandwidth-11738/
Especially if the homeowner has more than one WAP to cover his property. -
Re:Thanks Guys
The tools required for wireless worms have been available to Windows users for some time now, if you know where to look:
Wireless Weapons of Mass Destruction -
Re:Bandwidth Speed Tests
ADSL rates for different companies can be found at http://www.netstumbler.org/showthread.php?t=15403
-
Re:Seen this before...
Unless you are talking about a huge community (such as
/.) I can't see why a handful of mods and the ability to IP ban clients from within your CMS couldn't do the trick. It seems to work on most of the community sites I participate in. If you have a particularly unruly bunch trying to ruin it for everyone, then some aggressive mods are in order. Go over to the NetStumbler Forums if you want to see a prime example of moderators who simply do not take ANY shit from ANYone. -
Been there, done that...
Already done on the Netstumbler forums. Personally, I like "You have been hacked fool!". Worst I've personally seen was an address (nnn Afton Valley Ct). Best was "LandOfChocolate". Check them out at Wigle.
-
Try researching the story before posting it!
Who gets their news from a mickey mouse outfit like ABC anyway? If you're going to post some clueless banter about attempted credit card fraud, at least link to an article (or thread) with some relevant information about the case instead of an uninformed soundbite. You could start with one of the following:
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_ 16-5511088.html
http://www.theregister.co.uk/2003/11/22/michigan_w ifi_hackers_try/
http://www.securityfocus.com/news/7438
http://www.securityfocus.com/news/8835
http://www.netstumbler.org/showthread.php?t=11115
Some of the more interesting quotes for those too lazy to click on the links:
"In 2000, as a juvenile, Salcedo was one of the first to be charged under Michigan's state computer crime law, for allegedly hacking a local ISP."
"It was six months later - Botbyl allegedly admitted to agents - that Botbyl and his friend Salcedo hatched a plan to use the network to steal credit card numbers from the hardware chain"
"At some point in their wardriving experience, Timmins and Botbyl came upon a Lowe's hardware store with an open wireless network. Timmins later admitted to Kevin Poulsen of Security Focus that what he did next was technically illegal: he used the Lowe's network to check his e-mail. When he realized it was Lowe's private network, however, he says, he disconnected."
"That in itself might have been the end of the story. However, Lowe's became aware of the breach and contacted the FBI, who, after its investigation, charged Timmins with one count of unauthorized computer access. And that by itself would have been a significant story: Timmins's plea has been reported as the first instance of a wardriving conviction. I think the claim is an exaggeration, however. The charge would have been the same had he used a wired connection."
"But here's where the story gets interesting. Several months later, Botbyl returned to the Southfield, Michigan, Lowe's with a new friend, Brian Salcedo, now 21. Salcedo, it turned out, was in the final weeks of a three-year probation for an earlier computer crime."
"According to the indictment, the hackers used the wireless network to route through Lowe's corporate data center in North Carolina and connect to the local networks at stores around the country. At two of the stores - in Long Beach, California and Gainseville, Florida - they modified a proprietary piece of software called "tcpcredit" that Lowe's uses to process credit card transactions, building in a virtual wiretap that would store customer's credit card numbers where the hackers could retrieve them later."
"Brian Salcedo, 21, faces an a unusually harsh 12 to 15 year prison term under federal sentencing guidelines, based largely on a stipulation that the potential losses in the scheme exceeded $2.5 million."
"As for how it was computed here's one probable way: Maximum number of cards in the system at the time they could have captured, multiplied times the maximum credit limit on each. (So say Lowe's does an average of 2500 credit cards transactions nationally in a night, and each has a $1000 Credit Limit. That is $2,500,000 right there.)"
"They were not able to access nationwide credit card files or get into corporate systems," says Lowe's spokesperson Gina Balaya. "They did access six credit card transactions from one store."
"My initial reaction when I heard the charges was one of skepticism," says Karl Mozurkewich, founder of the Michigan software company Utropicmedia, and a member of the group. "Eighty percent of the people in the 2600 group in Michigan are more the c -
Re:home based wireless lan's
AirSnort relies on the now three year old "standard" FMS attack, and is sub-optimal. On the other hand, the very lastest release of aircrack with the korek patch introduces a whole new set of attacks, making it possible to crack a 104-bit WEP key with as few a half a million encrypted packets (the probability of success is about 90%). With the help of WEP encrypted arp-requests re-injection, you can gather enough packets in less than an hour.
For more information, see this thread about aircrack -
Re:Security
Hi, you might want to look into Weplab. It uses optimizations not present in airsnort/dwepcrack to attempt to crack keys using packets with not only the traditional weak IVs.
-
Re:Line of sight?
The idea of line of sight doesn't need to go over amateur bands. In fact, doing so would be a bad idea for many reasons including transmission speed (9600?!?!?!) and the part 97 rules which don't allow for any kind of commercial activity.
However, there have been many such links done over long distances that used standard 802.11 gear and highly directional antennas. Here in NYC we've done many such links through the nycwireless project. A good source of info would be the Personal Telco site. Other projects to take a look at would be the 310km WiFi link at The Swedish Space Corporation, even though that's probably way over budget ;). See here for a slightly out of date (1998) mini how-to on a Linux wireless router for a 5 mile link. Also just try google for pertinent info. All of this is, of course, a moot point if you don't have line of sight to anything. What about a regular telephone line? Cell Phone?
Good luck with this, post back to let us know what you did and how it worked!
-Derek, KC2JKD -
To follow up.
In tribute to this "Great Book" I submit a great site. Netstumbler.com and Netstumbler.org Forum
-
Re:What's next?
What like the Net Srumbler one?
-
Info sites
Here are a few links to informations and the like..
Windows: Netstumbler
Linux and various links: Wardriving.com