Warflying 2013 Access Points in Los Angeles

← Back to Stories (view on slashdot.org)

Warflying 2013 Access Points in Los Angeles

Posted by CmdrTaco on Thursday December 11, 2003 @06:58AM from the now-thats-just-crazy dept.

Kallahar writes "We went warflying over Los Angeles and Orange counties yesterday. Flying in a small plane at 1400 feet we detected 2013 802.11b APs in 75 minutes, 71% had no WEP encryption. A map and some pretty pictures are up at my writeup."

5 of 328 comments (clear)

Min score:

Reason:

Sort:

2013 access points... by foxtrot · 2003-12-11 07:00 · Score: 4, Insightful

...is nothing; it's really kinda cool that there are that many.

1430 of them being unsecured, that bothers the heck out of me.

-JDF
1. Re:2013 access points... by gnuadam · 2003-12-11 07:07 · Score: 5, Insightful
  
  Just because it doesn't have wep doesn't quite mean that they're unsecured. I don't use wep, but I only allow designated mac addresses onto my network, and make sure that any traffic I care about is either encrypted at the protocol level, or is ssh-tunneled to a wired machine. I trust ssl much more than wep.
  
  --
  You say :wq, I say ZZ. Why can't we all just get along?
Flew over my office. by Brigadier · 2003-12-11 07:13 · Score: 3, Insightful

According to his map he flew right over one of our offices (Inglewood). It does seem enticing to stick an antenna out on the terrace and see what comes up. Especially since VPN traffic seems to be eating up mos of our T-1 these days.

on a side note I recently enquired at a major computer store. one which right now is advertising free set up. And talkign to the tech he assured me that all I had to do to set up a wireless network was plug it in. Now with things like nimda, Cade Red and such with the advent of everyoen goign wireless at home and not either encryting there connections or passwording it off. hackers/script kiddies will have a field day with this. I jus tpull up to some pure schmucks house log in launch and attack then drive off and the feds would never find me.
No WEP != No security by wowbagger · 2003-12-11 07:14 · Score: 4, Insightful

Just because a system does not use WEP does not mean it is insecure.

I've been playing with a WAP - my intention is to firewall it to the point that the only things you can do are DNS, DHCP, VPN, and accessing a password-protected HTTP proxy with bandwidth throttling.

The only thing WEP would do in such a case is prevent somebody from sniffing the proxy's password from the air, and if I cared I would just move the proxy over to HTTPS.

Just as WEP != secure, !WEP != !secure.

So all the "OMFG! 73% of all the APs we sniffed weren't using WEP, therefore 73% of all APs aren't secured" is somewhat flawed reasoning.

Granted, it is likely pretty close to the truth. But it is not guaranteed to be the truth.

--
www.eFax.com are spammers
Re:WEP + MAC filtering by pclminion · 2003-12-11 07:40 · Score: 4, Insightful

Right, like a person capable of cracking WEP isn't going to know how to sniff a valid MAC and reset the MAC on his own card...
MAC locking is only secure against very casual intrusion. Most cards (all?) can be re-flashed with a new MAC.