Slashdot Mirror
Warflying 2013 Access Points in Los Angeles
Kallahar writes "We went warflying over Los Angeles and Orange counties yesterday. Flying in a small plane at 1400 feet we detected 2013 802.11b APs in 75 minutes, 71% had no WEP encryption. A map and some pretty pictures are up at my writeup."
On December 10, 2003 we went out Warflying over Los Angeles and Orange counties. Not5150 was the pilot of the 4-seater beechcraft and Kallahar was the laptop/gps/antenna operator. In a 75 minute flight from Pomona to Los Angeles to Santa Monica to Long Beach to Orange and back to Pomona, 2013 access points were found.
The antenna was a mere Orinoco Omnidirectional Range Extender which was hand held. Unfortunately, the GPS didn't work for the first 20 minutes, and the wireless card crashed (had to reboot) while we were over long beach (took 7 minutes).
Equipment
Laptop Compaq Presario 2190US (2.4Ghz Celeron)
802.11b card Orinoco Silver
Antenna Orinoco 2-3dBi Omni
GPS Magellan Meridian
Software NetStumbler on Win2k
Flight Time: 1 hour 15 minutes @ 1400ft
(699x446 - 134k)
Statistics
Total APs 2013
No Encryption 1441 (71.6%)
WEP Encryption 572 (28.4%)
Default SSID 513 (24.5%)
Hackerish SSID
(h3lpm3) 15 (0.7%)
Informational SSID
(southcoastcircuits) 23 (1.1%)
Someone's Name 110 (5.5%)
NetStumbler Files
WarFlying (1.0MB)
The drive home (168k)
(for reference purposes)
The More Knowledge you have the Luckier you Get- J.R. Ewing
On December 10, 2003 we went out Warflying over Los Angeles and Orange counties. Not5150 was the pilot of the 4-seater beechcraft and Kallahar was the laptop/gps/antenna operator. In a 75 minute flight from Pomona to Los Angeles to Santa Monica to Long Beach to Orange and back to Pomona, 2013 access points were found.
The antenna was a mere Orinoco Omnidirectional Range Extender which was hand held. Unfortunately, the GPS didn't work for the first 20 minutes, and the wireless card crashed (had to reboot) while we were over long beach (took 7 minutes).
Equipment
Laptop Compaq Presario 2190US (2.4Ghz Celeron)
802.11b card Orinoco Silver
Antenna Orinoco 2-3dBi Omni
GPS Magellan Meridian
Software NetStumbler on Win2k
Flight Time: 1 hour 15 minutes @ 1400ft
(699x446 - 134k)
Statistics
Total APs 2013
No Encryption 1441 (71.6%)
WEP Encryption 572 (28.4%)
Default SSID 513 (24.5%)
Hackerish SSID
(h3lpm3) 15 (0.7%)
Informational SSID
(southcoastcircuits) 23 (1.1%)
Someone's Name 110 (5.5%)
NetStumbler Files
WarFlying (1.0MB)
The drive home (168k)
(for reference purposes)
Pictures (Click for fullsize)
1298x1027 - 263k
1032x1200 - 206k
1600x883 - 194k
1457x1151 - 280k
1600x993 - 205k
1433x998 - 186k
1541x949 - 201k
1600x1200 - 317k
1600x1049 - 175k
1600x1200 - 234k
1600x796 - 196k
1400x986 - 203k
1600x1062 - 281k
1600x1200 - 173k
1600x1200 - 136k
1600x1039 - 105k
1600x991 - 211k
1600x932 - 155k
1374x893 - 169k
Site by Kallahar - kallahar@quickwired.com
http://slushdot.org/mirror/warfly/warflying.php
Coming slowly but surely!
Well, he was using a more sensitive handheld antenna, but also consider there was almost no interference between him and those access points, no walls, trees, etc - just a roof and clear sunny skies in most cases.
-N
I've nothing to say here...
Mirror
Air to ground doesn't have anything to block the radio waves. You get really good range.
Same thing across open water. Although you get less range than in the air.
The ratio of people to cake is too big
get a fat omni like this one: Borg 8+8 Slot Waveguide 360 Degree
--- If I were a fish, I'd be wet
You can boost the signal strength of the Linksys WRT54G with this "undocumented feature". Basically it's a back door will let you up the transmission strength to the maximum output. Find details at this thread: WRT54G Increased transmission strength. People's comments there indicate pretty good results.
Check out great deal on electronics and computer at Retail Retreat. Do your Christmas shopping online!
> Air to ground doesn't have anything to block the radio waves. You get really good range.
Most people don't put APs on their roofs, so I'd say that there is a lot to block those waves. Wood, shingles, metal, clay, etc. The antenna and a card with good sensitivity helped this a great deal.
1000 feet above ground level in populated areas is the FAA legal minimum.
500 feet in unpopulated areas such as over the ocean.
1400 is just fine.
AS
Private Instrument Rated Pilot
FAR 91.119 - Minimum safe altitudes: General.
Except when necessary for takeoff or landing, no person may operate an aircraft below the following altitudes:
(a) Anywhere. An altitude allowing, if a power unit fails, an emergency landing without undue hazard to persons or property on the surface.
b) Over congested areas. Over any congested area of a city, town, or settlement, or over any open air assembly of persons, an altitude of 1,000 feet above the highest obstacle within a horizontal radius of 2,000 feet of the aircraft.
WEP is fine, but if you live in an apartment building, you have unlimited time for your hacker neighbors to crack the WEP, even 128-bit. Please use MAC address filtering. Here's a
good how-to if you're interested.
And stop broadcasting your SSID! =)
"In theory, theory and practice are the same; in practice, they are not."
More likely, they were picking up the signals diagonally through windows, rather than from directly below through roofs. One of the reasons satellite phones perform poorly indoors is because signals have difficulty passing through the roof. (Cellular towers are at much lower altitude, and their signals reach you mainly through windows.)
To "spoof" a MAC address on a lot of cards involves typing in the new set of numbers, nothing more. Many network cards come with the software needed to change the MAC address in the event of a conflict since many small time vendors only use a small range of addresses on cards they ship.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Ya might want to rethink that, cause it's not hard at all to spoof MAC's.
Thank's for the access point.
1. He was flying in a plane over LA. -For simplicity's sake when flying under Class B Airspace, many pilots on VFR flights tend to stick to flying over interstates - its easy and keeps you out of trouble.
2. He had a laptop with only one 802.11 card and only one antenna for reception. The necessarily rules out any radio direction finding for accurate plotting of the access points. Instead what you see is what he picked up as he flew and the exact lat / long the plane was at at the time of the signal hit. If he could do some RDF by maybe having antennas in an array attached to the plane at say the wingtips he could with the right software plot out where each possible transmitter was. But he would need to know what altitude the plane was at, what the heading was and the different signal strengths received at each antenna as well as the distance between the antennas in his array. I don't know of any software out there that does this but the information to do this is readily available.
If he had that setup you would see a map with the projected location of each access point arrayed around the path of the aircraft.
Hmmm...
Just because the SSID is default/broadcasted doesn't mean anything special. What's special is that there's no other security enabled on your neighbor's AP's. It also appears you are connecting without any WEP or watnot on your own wifi lan, as well, if you're connecting to your neighbor's APs or you have more than one profile set up. I think you can create a preferred profile.
With MAC adress filtering and 128-bit WEP, the difficulty in hacking that wifi is somewhat prohibitive unless the hacker has unlimited time to do it, ie townhome/apartment/close neighbor, default SSID or not.
Some tips I'm sure a lot of you already know: turn down your signal to the lowest setting you need for your home. Stop broadcasting your SSID. Filter MAC addresses. Add in 128-bit WEP and change your WEP key regularly. If you really want to be a *lot* more secure, use a Cisco 350 AP + client cards (or some similar Radius/LEAP enabled hardware) and set up a Radius server.
Here's a good how-to.
"In theory, theory and practice are the same; in practice, they are not."
Way back in the day there was a movie called War Games. In it the main character, the stereotypical teenage movie hacker, had a little script that would cause his modem to sequentially dial every number in an exchange (ie 555-0000, 555-0001, 555-0002, etc.) looking for another modem to connect to. The script then logged all the #'s where a modem was found so that the protagonist could hack the computers attached to the modems at his convenience. This process became known as Wardialing. With the advent of WiFi, people saw a parallel between wardialing and driving around town logging all the APs that were available. Thus, wardriving. Eventually, people also started making chalk markings at the location of the found APs to let others know there was a network there, hence warchalking. Finally, man discovered flight, and decided to look for APs that way, thus arriving at Warflying.
Stay alert for a new Connections with James Burke on this topic.
It's been mentioned already by many posters that WEP is insecure. Take a look at AirSnort for details, but basically, depending on the traffic of your network, you can be cracked in as little time as under a day.
Talk about a false sense of security.
WEP is completely disabled to reduce needless overhead on my AP. But I do run a certificate based relaying (See http://vpn.ebootis.de/ & http://www.freeswan.ca/ for details. So if you don't have the right certificate, you can't route any packets in or out of my wireless network.
Have fun cracking a 1024-bit RSA key.
LAX is surrounded by class bravo airspace (positive radar control) and those helpful (well i cant speak for socal approach guys) contollers keep us nice and spread out so we dont get in eachothers way.
The problem with doing that is the fact that you would probably end up spending far more on propane to keep the balloon up, than it would cost to be on the internet. Even the most costly internet service you can find would be cheaper than keeping a balloon up. A single 3hr ride costs about 200$, not to mention the fact that people might get suspicious about that balloon that is always hovering over their house. Good luck finding a way to make doing that profitable.