Warflying 2013 Access Points in Los Angeles

Kallahar writes "We went warflying over Los Angeles and Orange counties yesterday. Flying in a small plane at 1400 feet we detected 2013 802.11b APs in 75 minutes, 71% had no WEP encryption. A map and some pretty pictures are up at my writeup."

That's nuts

[GabeK]

What I find pretty amazing is the 500+ people with the default SSID. It's like my apartment complex...if I'm not careful, I can get on one of three different networks and not know it!

Re:That's nuts

[ericspinder]

Why, is one of those unencrypted networks yours perhaps? Don't you just set a perfered network?

Re:That's nuts

[GabeK]

Not me! The second I fired up my AP I had people in. Not even 5 minutes without WEP and 2 addresses doled out to machines not in my place.

Re:That's nuts

[jgerry]

if I'm not careful, I can get on one of three different networks and not know it!

Maybe you should change the default SSID of your WAP.

Re:That's nuts

[GabeK]

Hmm. Yes. I've done that... And while my AP is the preferred network on my laptop, the other networks get picked up if, say, my linksys locks up.

Re:That's nuts

[gamlidek]

Just because the SSID is default/broadcasted doesn't mean anything special. What's special is that there's no other security enabled on your neighbor's AP's. It also appears you are connecting without any WEP or watnot on your own wifi lan, as well, if you're connecting to your neighbor's APs or you have more than one profile set up. I think you can create a preferred profile.

With MAC adress filtering and 128-bit WEP, the difficulty in hacking that wifi is somewhat prohibitive unless the hacker has unlimited time to do it, ie townhome/apartment/close neighbor, default SSID or not.

Some tips I'm sure a lot of you already know: turn down your signal to the lowest setting you need for your home. Stop broadcasting your SSID. Filter MAC addresses. Add in 128-bit WEP and change your WEP key regularly. If you really want to be a *lot* more secure, use a Cisco 350 AP + client cards (or some similar Radius/LEAP enabled hardware) and set up a Radius server.

Here's a good how-to.

Re:That's nuts

[ad0gg]

I live in LA and I have wifi access point with its default settings. If you can reach it you can reach, i don't care. Hell I can't even get signal in my back yard. I personally don't care if anyone uses my wifi, whats the worse they can do? Browse the internet anonymously(my wired machines sit behind a firewall) they could do this at the library. Even at jury duty, they had ethernet ports you could plug into while waiting to be called in for a trial.

Re:That's nuts

[stripe]

I am not surprised. What is amusing is that when my friends come over to visit they tie into one of my neighbors wireless LAN instead of coding in my SSID and WEP key into their wireless devices. I can see about 4 now, 3 private one that belongs to a hotel chain. I think of all these open wireless LAN's as targets for the RIAA since anyone can latch on to them & run P2P sftw.

Re:That's nuts

[Jarnis]

Laugh when you get your net access cut and/or you get sued due to something that originated from your IP(s). You are responsible what connects to the network via your pipe to the outside. If you prefer to sit on the net with your ass bare for unauthorized Rear Entry, do not whine when someone abuses it and causes you trouble.

New spam tech;
1. Roam around for open wireless networks, run spam off your laptop connected to that wireless lan until cut off.
2. Drive to next WLAN, rinse, repeat
3. Profit!!!

Re:That's nuts

[mcmonkey]

whats the worse they can do?

Download kiddie pr0n, send spam, launch a DoS attack...in short, the types of things that can get you in trouble.

Seriously, jokers like you ruin the internet for the rest of us. "So I'm running an open relay, what's the worst they can do?" Dipshit.

Re:That's nuts

[jezor]

I'm actually researching this question: how responsible is an access point owner for what's done using his/her connection? Will access point owners get the same protections standard ISPs do under US law? Will they have the same responsibilities? I've already written a short piece on the subject.

I look forward to sharing my research with the Internet community. Contact me here if you're interested in the topic. {Prof. Jonathan Ezor, Touro Law Center}

Re:That's nuts

[timeOday]

The Internet is essentially anonymous anyways. It doesn't have any strong authentication. Somebody looking for an Internet hookup COULD sit outside this guy's house, then again they could just go to Starbuck's. Or get a legitimate account and do all the dirty work through compromised hosts. And it's not like normal ISP's do a background check anyways.

There's no point to these "Oh my, there are open access points!" stories anywhere. It's about as exciting as counting the unsecured electrical outlets around town.

Re:That's nuts

[battjt]

Right. And while you are at it, put up razor wire around your yard, a new steel door on the front of your house and bar on the windows.

If someone breaks into my house, I'll bust their lip (or call the cops, depending on my mood and their size, skills, and armaments), same goes for my net. I leave my garage unlocked for convenience and I leave my network unlocked for the same reason.

You steal from me and I'll bust your lip.

[I do lock my office and my office wireless network, but they are not monitored like my home.]

Joe

Re:That's nuts

[mirio]

This is an interesting point. I wonder how many people buy these access points, never change the default settings, then actually end up connecting to a neighbor's AP without ever using the service they are paying for? I bet it happens quite often.

Photos

[Cajun+Hell]

Wireless, schmireless -- I love the aerial photos!

Re:Photos

[venicebeach]

Yeah, I can almost see my house!

Actually I feel a little strange about this... Can anyone just fly over the city like that? And why is it called "warflying"?

Re:Photos

[netringer]

Actually I feel a little strange about this... Can anyone just fly over the city like that?

Yep. But the plane has to be a minimum 1000 feet above a congested area - 500 feet otherwise, unless it's taking off or landing and at an altiude "allowing, in the event a power unit fails, landing without undue harm to persons or property on the ground" The altitudes are less for helicopters.

And why is it called "war flying"?

Because driving around in a car looking for APs is called "wardriving."

Re:Photos

[SkyMunky]

it's called warflying in reference to wardialing (then warchalking, then wardriving)

from ISS:
"Wardialing (aka. scanning or demon dialing) is the practice of dialing all the phone numbers in a range in order to find those that will answer with a modem."

Re:Photos

[Irie]

More photos please. I'm using them to find empty pools to skate !!!

Re:Photos

[pyite]

Actually, it's probably a reference to war driving, which is a reference to war dialing.

Re:Photos

[Cromac]

Mapping out access points with a plane and GPS seems a lot closer to people war chalking the sidewalk than randomly dialing phone numbers.

Care to make a case for why it's referenceing war dialing instead? They don't state that on their website.

Re:Photos

[Matthaeus]

War dialing is systematically searching for phone lines with modem/computer combinations on the other end.

War driving is systematically searching for unsecured wireless networks.

War chalking is simply marking said networks for others to find more easily.

War dialing and war driving are both systematic ways of searching for potential access into a private network.

War chalking is marking the results. I s'pose the people in the plane could have dropped paint balloons or something to mark the APs they found...

Hey thats my SSID

[Delta-9]

"Hackerish SSID (h3lpm3) 15 (0.7%)"

Hey thats my SSID!

All kidding aside, I wonder how many /. readers' SSIDs are in that netstumbler log, and I wonder how many are afraid to reply and say so since their GPS coords are associatated to their SSID.

Re:Hey thats my SSID

[justMichael]

Had they gone down the 405 instead of PCH, mine might be in there, but then again I don't broadcast it.

Somehow I don't think they can crack them that quickly, can they? Don't they need a decent sampling of packets?

Either way, mine would fall into the Hackerish category.

Re:Hey thats my SSID

[Chairboy]

I looked, and while my home AP wasn't listed, an unsecured but unconnected (to a network) one at my work was.

Of interest, none of my corporate APs were listed, even though they are near the disconnected, unsecured WAP. This company uses MAC filtering, I wonder if that means it doesn't show up for Netstumbler? If so, there may have been many, many more APs in their flight path.

Re:Hey thats my SSID

[twistedcubic]

Maybe their plot is inaccurate, because they only list access points directly beneath their aircraft, but I'd guess the signals would have a pretty big radius that far up in the air. That said, they flew directly over my place. Are you jealous?

Re:Hey thats my SSID

[mrgreenfur]

excuse my ignorance, but what's 'Hackerish SSID'?

is 'h31pm3' the ssid? why is this one special?

Re:Hey thats my SSID

[antdude]

I don't remember where I saw this, but one user put his/her SSID as "GETOFFMYNETWORK" or something like that. I will have to try that too. ;)

Speaking of funny SSIDs, what are your SSIDs like?

I use a scientific ant name on mine.

Re:Hey thats my SSID

[Darth_brooks]

Somehow I don't think they can crack them that quickly, can they? Don't they need a decent sampling of packets?

Airsnort used to need about 100meg worth of data (not just SSID broadcast packets) to crack 128bit WEP. Sometimes it needed less, sometimes more. Either way they'd have had to do a little bit of circling to get that much data :)

They'd have had a little more fun had they used Kismet. Then they've have picked up some of the AP's that weren't broadcasting SSID's (kismet works in promiscuous (sp) mode, while Netstumbler is very chatty) and would have gotten a better idea of how many AP's were set to their factory defaults.

Re:Hey thats my SSID

[smackjer]

"h31pm3" is l337 for "help me". It's a little hacker joke.

Re:Hey thats my SSID

[justMichael]

Nope, not jealous... They landed at the airport right next to my office, Santa Monica.

It's a pretty safe bet that our office AP is in that list, most likely as an Informational SSID.

Re:Hey thats my SSID

[pyros]

is 'h31pm3' the ssid? why is this one special?

yes. because it uses numbers instead of vowels.

Re:Hey thats my SSID

[sumbry]

For a second I thought I might be in there but I'm pretty close to LAX so doubt they could have done a flyover and picked me up without getting in the way of a 747.

But I'm all for free wifi access everywhere. I leave my WAP wide open. Some of my neighbors use it, I don't care. I travel alot and do consulting in the area and am always hopping on and off other peoples networks whereever I go - I love it!

There really is no reason why we should not have free wifi access everywhere.

Re:Hey thats my SSID

[Hungus]

I name my equipment and set SSIDs in the same maner ... Fictional characters whos personalities match the use of the equipment. For example I typically name printers after scribes.

Re:Hey thats my SSID

[__aafutm5472]

Indeed, Kismet rocks. Myself and two friends took an hour out of our day to drive around Portland, OR, and find as many access points as possible. We took four devices -- a Compaq iPaq, MiniStumbler, and an Orinoco Gold card and external attenna; my Thinkpad 600E running Red Hat 7.3, Kismet, and a Linksys WFC11 v3.0; my work Toshiba Tecra running WinXP; NetStumbler, and the built-in Cisco wireless card; and another Compaq iPaq running PocketWarrior and a WCF11 card.

I can't find the write-up I did about it, but the one that found the most was (obviously) the iPaq with the external attenna, but it was followed very closely by my 600E running Kismet and the stock antenna. I was impressed.

Re:Hey thats my SSID

[aldoman]

I agree - pretty much all APs do MAC filtering now anyway so you can block any idiot who thinks its funny to swamp your network download pr0n etc...

Re:Hey thats my SSID

[sumbry]

Uh, how 'bout: "because bandwidth costs money"?

Think about it this way, if everyone opened up their wifi networks and you blanketed a city in coverage, sure you'd be paying for your DSL connection, but you'd be able to go anywhere in the city and still be online (cause you would just jump on someone elses open connection).

It's basically like WAP opensource (for lack of a better term).

Re:Hey thats my SSID

[Urox]

I've seen it in an apartment complex in Redwood City, CA, USA. :) IIRC, it wasn't protected either.

Re:Hey thats my SSID

[lscotte]

Maybe their plot is inaccurate, because they only list access points directly beneath their aircraft, but I'd guess the signals would have a pretty big radius that far up in the air.

The map was derived from their GPS tracklog, so it shows the plane's location when the AP was detected, NOT the physical location of the AP.

Re:Hey thats my SSID

[lscotte]

Mine is "GOAWAY".

Re:Hey thats my SSID

[double-oh+three]

It's called open spectrum. There was a wired article about it a few months ago.

Re:Hey thats my SSID

[Bombcar]

So if your WAP is wide open and takes connections from anybody, do you name it after famous whores?

Re:Hey thats my SSID

[rupert2000]

How do you keep people from sending spam or doing other nasty things with your connection?

Re:Hey thats my SSID

[sumbry]

How do you keep people from sending spam or doing other nasty things with your connection?

Well, contrary to popular belief most people that use the internet aren't spammers, aren't child pornographers, and aren't interested in doing anything other than browsing the web and checking mail.

My WAP comes with enough logging that if someone did become a problem, I could figure it out and act accordingly. But I've had my wap (and had it wide open) for 3-4 years now and never had a problem. I'd like to be the optimist in this situation and only lock things down if it does become a problem - but so far that hasn't happened.

As earlier mentioned, most people are only interested in web browsing and checking Email. Whenever I hop on other peoples networks that's pretty much all I do as well.

Re:Hey thats my SSID

[cwebster]

LAX is surrounded by class bravo airspace (positive radar control) and those helpful (well i cant speak for socal approach guys) contollers keep us nice and spread out so we dont get in eachothers way.

Re:Hey thats my SSID

[rupert2000]

Right, but I just wondering if there was any liability. It seems like if everyone had public access, then whenever someone wanted to do something illegal they could just get on someone else's public WAP.

If the owner of the access point wasn't liable for the actions of the users, then how is abuse of public wireless networks prevented? Don't get me wrong.. I'm all for public wireless access points, but I am just curious about this aspect of it.

Obviously it hasn't been a major problem, otherwise there probably wounldn't be so many public WAPs out there.

Re:Hey thats my SSID

[sumbry]

Right, but I just wondering if there was any liability. It seems like if everyone had public access, then whenever someone wanted to do something illegal they could just get on someone else's public WAP.

Well I think the liability question is a good one, but I say look at it this way. There are a number of companies (McDonalds, Starbucks, Borders) that provide free Internet access for their customers. You just show up w/a laptop, goto a webpage where you agree to some conditions, and sign on. In these same places someone could theoretically do something illegal but the companies aren't held liable for their users actions either.

IANAL but I guess it's in the same way that ISPs aren't liable for their users actions. I dunno but I definetely am not a lawyer.

Re:Hey thats my SSID

[Saeger]

Mine was "IMPLAUSIBLE DENIABILITY" before I changed it to "FREE WIRELESS IS TERRORISM"

--

Re:Hey thats my SSID

[Patik]

From: antdude (http://antfarm.ma.cx/)
Message: I use a scientific ant name on mine.
Sig: Ant/AntDude from The Ant Farm.

Creepy, dude... You're like Willard for tiny little insects.

Re:Hey thats my SSID

[antdude]

:P Except, I am the only one to myself as a colony. ;)

Re:Hey thats my SSID

[Bombcar]

Damn! How'd you know my mom's named Netgear?

Re:Hey thats my SSID

[Lord+Kano]

Help MP3

2013 access points...

[foxtrot]

...is nothing; it's really kinda cool that there are that many.

1430 of them being unsecured, that bothers the heck out of me.

-JDF

Re:2013 access points...

[gnuadam]

Just because it doesn't have wep doesn't quite mean that they're unsecured. I don't use wep, but I only allow designated mac addresses onto my network, and make sure that any traffic I care about is either encrypted at the protocol level, or is ssh-tunneled to a wired machine. I trust ssl much more than wep.

Re:2013 access points...

[Atario]

Maybe some of them are open on purpose? Like Starbuck's and so forth? (Or are those open? I don't even know...)

But if we had more open access points, on purpose, there'd be no need for a wireless internet company. You'd just use whatever nearby WAP was up. Free internet wherever you go.

In other news, they flew into the future -- 2013! (Must have used a Cessna and a Commodore 64.) What are things like ten years from now??

Re:2013 access points...

[mntgomery]

There were probably just Intel employees testing their new chipset. ;)

Re:2013 access points...

[NightSpots]

Remember that it's an area of millions of people....

2013 access points for 20 million people isn't all that impressive, to me at least.

(If they had flown a little further south, down to the Irvine/Laguna/Mission Viejo areas, they would have started to see a few more secure points, as they flew over eEye and Foundstone, and all the new tech that's growing down here).

Re:2013 access points...

[twistedcubic]

The MAC address is being sent in the clear, so anyone can sniff it and spoof it pretty easy. Not that I blame you, for I do the same thing, and just hope that the measures I use to detect outsiders works.

Re:2013 access points...

[gnuadam]

Yeah. Step 2 in my plan is frequent log checking. But spoofing a mac is at least as hard as wep cracking - only someone who really wants into my network will try it. If I really really cared about my network's security, I wouldn't use 802.11b.

Re:2013 access points...

[Kenja]

To "spoof" a MAC address on a lot of cards involves typing in the new set of numbers, nothing more. Many network cards come with the software needed to change the MAC address in the event of a conflict since many small time vendors only use a small range of addresses on cards they ship.

Re:2013 access points...

[Al+Scagnetti]

I don't use WEP or MAC control because some of my clients don't talk to the router with it on. For instance, the USB NIC I use for my Tivo won't work with encryption on.

Re:2013 access points...

Ya might want to rethink that, cause it's not hard at all to spoof MAC's.

Thank's for the access point.

Re:2013 access points...

[gnuadam]

But it still requires you to sniff it. Which, I admit is easier than cracking wep, but not by enough to make me worry too much.

Re:2013 access points...

[Kenja]

If your running unencrypted they nust need to download some software to "see" the MAC address you're using. Granted, they would need to want access to YOUR site rathr then any others in the area, but it is very easy to do.

Re:2013 access points...

[gnuadam]

And to crack a wep key, all you have to do is download some software, and wait a bit, and you've got access. If someone wants on, they can get on. Wep or not you've still got to be watchful.

Re:2013 access points...

[murphyslawyer]

Maybe some of them are open on purpose? Like Starbuck's and so forth?

There's no way Starbucks APs could be included in this survey, since he only found a little over 2000 APs in 75 minutes.

Assuming the plane is traveling about 60 mpH, that's 75 miles of distance covered. 2000 APs / 75 mi ~= 26 APs/mile. That is certainly less than the average Starbucks density. They don't like being more than about 50 feet apart.

Re:2013 access points...

[letxa2000]

In other news, they flew into the future -- 2013! (Must have used a Cessna and a Commodore 64.) What are things like ten years from now??

Just watch Back to the Future II and you'll know.

Re:2013 access points...

[WolfWithoutAClause]

Just because it doesn't have wep doesn't quite mean that they're unsecured.

Yes. I once set up a system using VPN- the wireless network was wide open; well, I did have WEP turned on, as if that matters :-)

But cracking wep didn't do you a lot of good, the wireless router plugged straight into a firewall- and it was set up with extremely paranoid filtering rules- nothing, not even DNS, nothing except VPN packets got through that.

The biggest weakness is the users machines- if somebody hacked one of those via the wireless network, and they installed a keystroke recorder, potentially they could record the users VPN password and get in to the protected network that way- however that's true of any VPN client on the internet too, which is generally not considered especially risky. Users were told to employ personal firewalls.

Re:2013 access points...

[Aardpig]

But spoofing a mac is at least as hard as wep cracking

I don't know whether this will work for a wireless interface, but for the wired ethernet interfaces I've come across (NE2000, 3Com, Via, RealTek), a simple

ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX

...is sufficient to spoof a MAC address.

Re:2013 access points...

[KjetilK]

Well, yes, I have been thinking about getting a Wi-Fi access point, and leaving it open on purpose.

But it won't give us a free-for-all access, because of the relatively short range. You would still have to get on the Internet somehow to talk to the guy in the next city, at least where it is relatively far between the cities. Not to speak of across oceans. For those of us living in small countries (I do), many things that are interesting are foreign...

Also, think about all the hops you would have to go through... Your traceroute reaches 30 before you even get out of the neighbourhood... ;-) Think about the awful latency!

So, thanks, I would prefer to pay something for a really good and reliable connection.

What it would provide us with, if everybody kept their access points open, is a very failure-resistant network. There will always be a route my packet can go, and it'll be very hard to control that network. A really good vehicle for free speech.

But then, the problem is the long-range transport networks. With the plans to build in "trusted computing" into routers, can we preserve freedom of expression through the rest of the Internet too, that's the question?

Re:2013 access points...

[gnuadam]

Two popular options:

1. Enable wireless encryption (wep) and enable a password.

2. Look around the access point config for something called MAC access or something like that, and enter the MAC addresses for the machines you want to be allowed onto your network.

Neither are particularly dependable methods for keeping people off, but both will keep casual people from using your network.

Re:2013 access points...

[rworne]

2013 APs under their flightpath not all the APs in the city. To get all the APs in the city, they'd have to drive or fly over nearly every damn street in it.

I'm conducting an AP survey of the West San Fernando Valley (just north of this WarFlying survey) covering all the primanry and secondary surface streets. So far I have 50-70% of it recorded and already have over 1000 APs recorded in KisMac. Network security on these has been abysmal.

This survey is a followup to one I did 18 months ago. Back then 28% of all the detected APs had WEP encryption. When I removed all the residential areas and left Warner Center (home to Fortune 500 firms, Insurance Companies, Banks and DoD contractors) I got... wait for it... 28% of APs with WEP encryption. It makes me all warm inside thinking about it.

All I can say for sure is that Linksys has the AP market pretty much locked up with Apple/Lucent a distant second and Netgear an even more distant third. Everything else is noise.

Re:2013 access points...

[gordyf]

Did it restrict the destination of the VPN packets? Otherwise I could set up my own VPN somewhere and tunnel it through your one open port.

Not a seriously big deal, but I'd do it.

Re:2013 access points...

[PW2]

I'm thinking (not reading the FA) that they didn't fly the same way a farmer turns soil, so they probably missed a few in there straight line flight

Re:2013 access points...

[WolfWithoutAClause]

It only allowed VPN packets to flow to one particular VPN server at one specific IP address. The firewall rules were very paranoid.

Re:2013 access points...

[Tom+Womack]

But presumably the "access denied" error message from an access point doesn't say "Access denied because your MAC isn't 00-20-E0-31-41-59", and there are enough MACs that picking ones at random to see if they happen to be allowed won't give you success at all quickly.

Wow...

[SaDan]

Now THAT is an efficient way to map out access points! Very cool.

Sweet

[Tebriel]

I'll just get a hot air balloon and get to the right spot and kiss those Internet access fees goodbye!

Re:Sweet

[silentbozo]

Actually, it'd be an interesting exercise to set up a relay in a balloon, and "bounce" signals from an AP over obstacles, etc. Of course, you'd have to deal with the UFO factor - any lighter than air device capable of sustaining the weight of a pair of APs (or a bridge) and the motor/battery needed to power the setup would probably be VERY noticable, and likely to attract notice of homeland security types...

Re:Sweet

[glassesmonkey]

can I get one of those car dealership balloons and just float a wire and an antenna up there?? I'm sure some neighbors would complain, but I believe FCC rules override community laws (ie. you have the right to put up DirecTV dish even if the neighborhood made it illegal)

Re:Sweet

[glassesmonkey]

My dad is a city planner for uppity snobby suburb.. They tried to make satellite dishes illegal for their unsightlyness.. But you can't do it.

Re:Sweet

[lab16]

The problem with doing that is the fact that you would probably end up spending far more on propane to keep the balloon up, than it would cost to be on the internet. Even the most costly internet service you can find would be cheaper than keeping a balloon up. A single 3hr ride costs about 200$, not to mention the fact that people might get suspicious about that balloon that is always hovering over their house. Good luck finding a way to make doing that profitable.

Bye bye..

heheh.. a page with some thumbnails linked to 175k-300K pictures. His site is so dead.

Re:Bye bye..

[Tackhead]

> heheh.. a page with some thumbnails linked to 175k-300K pictures. His site is so dead. P. Not as long as the site's being hosted out of the laptop in the Cessna. What better use for 1440 unsecured WAP points?

I live in LA!

[jedir0x]

Woah, nice to have a map of all the access points, for those times when I'm without internet connection ... or don't want to use my own :D Thank god for wireless!

Re:I live in LA!

[kevlar]

I wouldn't call it a map, since he was holding a hand-held antenna, and the GPS only reports the position of the plane. If someone maps out all the access points using the GPS coordinates, it'll more than likely look like a single line across the county. The AP's should fall generally along that line, but at 1400 ft, they could probably be a mile away (or more) in either direction.

Good news...

[DrEldarion]

... for people who want to do some file-sharing!

East LA

[blackmonday]

In East LA, a pilot is "warflying" when averting the numerous bullets flying into the air, shot by drunk cholos on July 4th. Talk about bombs bursting in air.

And I can hear it already - hey ese, you forgot to encrypt your airport station, homes!

Re:East LA

[__aafutm5472]

SA? Isn't that what Oracle uses as the default System Administrator login??

Re:East LA

[The+Spanish+Ninja]

"ese" is Spanish for the "that" So what they're saying is "hey, that, watchu think you doin?" which makes absolutely no sense.

I know Mexican Judo...

Re:East LA

[el-spectre]

many meanings... in this contact it is more like "man", as in:

Hey man, whatchu think you're doin'?

Re:East LA

[The+Spanish+Ninja]

Does it have multiple spellings? I don't actually speak a whole lot of Spanish, just the really offensive words mostly.

Re:East LA

[el-spectre]

I dunno... I grew up in LA, but I rarely see the slang written down, y'know?

Slashdotted

[halo8]

On December 10, 2003 we went out Warflying over Los Angeles and Orange counties. Not5150 was the pilot of the 4-seater beechcraft and Kallahar was the laptop/gps/antenna operator. In a 75 minute flight from Pomona to Los Angeles to Santa Monica to Long Beach to Orange and back to Pomona, 2013 access points were found.
The antenna was a mere Orinoco Omnidirectional Range Extender which was hand held. Unfortunately, the GPS didn't work for the first 20 minutes, and the wireless card crashed (had to reboot) while we were over long beach (took 7 minutes).

Equipment
Laptop Compaq Presario 2190US (2.4Ghz Celeron)
802.11b card Orinoco Silver
Antenna Orinoco 2-3dBi Omni
GPS Magellan Meridian
Software NetStumbler on Win2k
Flight Time: 1 hour 15 minutes @ 1400ft

(699x446 - 134k)

Statistics
Total APs 2013
No Encryption 1441 (71.6%)
WEP Encryption 572 (28.4%)
Default SSID 513 (24.5%)
Hackerish SSID
(h3lpm3) 15 (0.7%)
Informational SSID
(southcoastcircuits) 23 (1.1%)
Someone's Name 110 (5.5%)

NetStumbler Files
WarFlying (1.0MB)
The drive home (168k)
(for reference purposes)

Re:Slashdotted

[rupert2000]

Its still not half as dangerous as driving on the highway in LA.. Four seater airplanes don't experience regular spontaneous mechanical failures contrary to popular opinion and I'm sure any compentent pilot knows how to stay out of an airport's traffic pattern.

all fun and games...

[SuperBanana]

We went warflying over Los Angeles and Orange counties yesterday.

Yeah, it's all fun and games until someone gets caught flying upside down, no pants on, playing with the stick, lookin' at kiddie porn...

1400 feet?

[planckscale]

You would think at that alitude they wouldn't pick up anything, considering my buddie's WAP won't reach his backyard. I wonder if they're mostly business WAPs?

Re:1400 feet?

[ThogScully]

Well, he was using a more sensitive handheld antenna, but also consider there was almost no interference between him and those access points, no walls, trees, etc - just a roof and clear sunny skies in most cases.
-N

Re:1400 feet?

[Cthefuture]

Air to ground doesn't have anything to block the radio waves. You get really good range.

Same thing across open water. Although you get less range than in the air.

Re:1400 feet?

[glassesmonkey]

I use my neighbors AP from about 500ft down the street through trees. (Always at least 1Mbps solid connection)

Re:1400 feet?

[goosman]

> Air to ground doesn't have anything to block the radio waves. You get really good range.

Most people don't put APs on their roofs, so I'd say that there is a lot to block those waves. Wood, shingles, metal, clay, etc. The antenna and a card with good sensitivity helped this a great deal.

Re:1400 feet?

[GlassHeart]

just a roof and clear sunny skies in most cases.

More likely, they were picking up the signals diagonally through windows, rather than from directly below through roofs. One of the reasons satellite phones perform poorly indoors is because signals have difficulty passing through the roof. (Cellular towers are at much lower altitude, and their signals reach you mainly through windows.)

Re:1400 feet?

[mcelrath]

Over water...

Technically, you should get *better* range across water than straight vertical because the water acts a conductor and reflects the radio waves, doubling the number of waves that reach you compared to straight vertical. This is a common grad-level physics problem in electrodynamics.

Of course, how many people put their WAP on their deck facing the beach?

-- Bob

Re:1400 feet?

[Lumpy]

water is great. at my lakefront home I can get DSL, my friend across the lake (2000 feet appx at the narrow part) can't. for the heck of it I was over at his house on his dock and flipped open the laptop and I got a link (around 50%) and was surfing the net.

we set up a pringles can on his end only pointing at my sliding glass doors and he now has high speed internet and gives me 1/2 the DSL cost as a good-will gesture.

next year we are going to put up real helical antennas on our homes and get that link speed up to full and probably avoid signal dropouts diring rain.

Re:1400 feet?

[blair1q]

What a bunch of hoo-ha.

Multi-GHz signals (e.g., 802.11 and cellular phones) go right through masonry, wood, and sheetrock.

You get problems in and around buildings with steel framing and roofs or enormous amounts of wiring.

I have no problem believing you can get enough of these signals to identify them at 1400 feet. The question is getting reliable communications out of it. The SNR is probably very low, so the BER is probably very high.

Re:1400 feet?

[Idarubicin]

Technically, you should get *better* range across water than straight vertical because the water acts a conductor and reflects the radio waves, doubling the number of waves that reach you compared to straight vertical.

True over short distances, but unless you put your transmitter or retriever (or both) on a mast of some sort, then your range 'horizontally' over water gets cut off by the curvature of the earth. Of course, the ranges we're talking about (less than a mile) do certainly qualify as "short" in this context.

Re:1400 feet?

[sls1j]

Ahhh, now I know why my downloads have been so slow guess it's time to enable encryption.

blank or default admin password

[very]

Another shocking thing is that many has no password or the default admin password.

(obvious)Orange County and LA County is not Santa Clara County I guess (/obvious)

Re:blank or default admin password

[Shakrai]

Another shocking thing is that many has no password or the default admin password.

(obvious)Orange County and LA County is not Santa Clara County I guess (/obvious)

Hey, most of them probably had non default SSIDs and passwords but they were forced to change them after LA County outlawed the master/slave terminology ;)

Hell I've never seen an SSID that wasn't something like '729slave5810master'

Article - Full text

[nickroethemeier]

On December 10, 2003 we went out Warflying over Los Angeles and Orange counties. Not5150 was the pilot of the 4-seater beechcraft and Kallahar was the laptop/gps/antenna operator. In a 75 minute flight from Pomona to Los Angeles to Santa Monica to Long Beach to Orange and back to Pomona, 2013 access points were found.
The antenna was a mere Orinoco Omnidirectional Range Extender which was hand held. Unfortunately, the GPS didn't work for the first 20 minutes, and the wireless card crashed (had to reboot) while we were over long beach (took 7 minutes).

Equipment
Laptop Compaq Presario 2190US (2.4Ghz Celeron)
802.11b card Orinoco Silver
Antenna Orinoco 2-3dBi Omni
GPS Magellan Meridian
Software NetStumbler on Win2k
Flight Time: 1 hour 15 minutes @ 1400ft

(699x446 - 134k)

Statistics
Total APs 2013
No Encryption 1441 (71.6%)
WEP Encryption 572 (28.4%)
Default SSID 513 (24.5%)
Hackerish SSID
(h3lpm3) 15 (0.7%)
Informational SSID
(southcoastcircuits) 23 (1.1%)
Someone's Name 110 (5.5%)
NetStumbler Files
WarFlying (1.0MB)
The drive home (168k)
(for reference purposes)

Pictures (Click for fullsize)

1298x1027 - 263k
1032x1200 - 206k
1600x883 - 194k
1457x1151 - 280k

1600x993 - 205k
1433x998 - 186k
1541x949 - 201k
1600x1200 - 317k

1600x1049 - 175k
1600x1200 - 234k
1600x796 - 196k
1400x986 - 203k

1600x1062 - 281k
1600x1200 - 173k
1600x1200 - 136k
1600x1039 - 105k

1600x991 - 211k
1600x932 - 155k
1374x893 - 169k

Site by Kallahar - kallahar@quickwired.com

Re:Yes, but...

[penguinoid]

Kallahar is much smarter than that moron. You don't get cops stopping you because you're going the wrong way on a one way airplane, eh?

-1, Defamatory

Warbussing

[spooky_nerd]

I had a similar, but lower tech, experience just yesterday. On a bus ride through Seattle I flipped open a standard laptop with a Cisco wifi card, and found dozens of access points. Most of them where open. I wonder how long it will be until wireless companies start offering security out of the box? How hard would it be to have a wireless access point that shipped with a random password and instructions on how to use it? It's pretty obvious that the average person doesn't realize what the risks are. I know because as a desktop support tech I get asked about this all the time. As soon as I start talking about things like WEP and MAC addresses, I see eyes glazing over.

Re:Warbussing

[ReTay]

No the problem is that unless it inconveniences them they don't care. It is the same thing as applying patches to whatever the OS they are using. They just can't be bothered. My roommate runs his WAP wide open because he doesn't want to bother typing the MAC into his router to restrict it to approved MAC only. In my not so humble opinion they get what they are asking for. They get burned they learn. (Shrug)

Re:Warbussing

[jonfelder]

The question isn't how hard...the question is how much harder is it.

If the typical computer user has a choice between an access point that they just plugin and use, or one that they have to mess with, which do you think they'll most likely pick?

Does Anyone Know ...

[Col.+Panic]

a good site that maps the rest of the US? I had found one, but can no longer locate it. Florida is of particular interest ...

Re:Does Anyone Know ...

[karnal]

Offtopic, but your sig...

Stuck in my head...

A Perfect Circle, Thirteenth Step - The Package...

one of the 3-4 albums I've been stuck on of late...

Re:Does Anyone Know ...

[cujo_1111]

Try this...

NodeDB

Mirror

[markclong]

http://slushdot.org/mirror/warfly/warflying.php

Coming slowly but surely!

Re:Mirror

[Kallahar]

Heh, I swear my server could have handled a slashdotting. But in the last 50 minutes it's gotten 125,000 loads at 2.07 gigs.

The images are down to 50 wide now, and compressed better, but even with that the sheer volume of slashdotters is tough to handle :)

Better yet, a mirror :)

[tugrul]

Mirror

Re:Better yet, a mirror :)

[sootman]

here's another. ;-)

Just kidding. Thanks! Now I can see the pictures.

Semi-offtopic: Signal range

[FatAlb3rt]

Does anyone have experience getting a signal through brick houses? I've got both an SMC and Linksys .11g routers - neither do well beyond 30 feet when I'm outside.

I bought the Linksys last night as I plan to use it to expand the range. Ideas?

Re:Semi-offtopic: Signal range

[GabeK]

Pringles can? Kidding...(but it would be cool). Just get it as close to the outside wall as you can, by a window is even better.

Re:Semi-offtopic: Signal range

[captaink]

get a fat omni like this one: Borg 8+8 Slot Waveguide 360 Degree

Re:Semi-offtopic: Signal range

[Grant29]

You can boost the signal strength of the Linksys WRT54G with this "undocumented feature". Basically it's a back door will let you up the transmission strength to the maximum output. Find details at this thread: WRT54G Increased transmission strength. People's comments there indicate pretty good results.

Check out great deal on electronics and computer at Retail Retreat. Do your Christmas shopping online!

Re:Semi-offtopic: Signal range

[Chage]

Increasing the transmission strength will not necessarily increase range. Rx sensitivity is important too.
Sure, you might be able to broadcast your signal further, but if your rx sensitivity hasnt been altered, you will still only get as far away as the remote device can transmit at its normal power,

Re:Semi-offtopic: Signal range

[loraksus]

If you have the bucks, aim a parabolic antenna at the wall (from the inside) You should be able to get an old dish network / primestar dish and get it to be a nice antenna.
Also try switching down to 802.11b, see how that improves the signal. . .

Re:Semi-offtopic: Signal range

[loose+electron]

Take and run an ethernet cable upo into the attic of the house.

Get above the brick walls and plop your 802.11 box up there. That way it will cover inside (straight down below)and also outside.

More power hacks?

Sigh... Anybody rember people running 2KW on the CB band?

Re:Semi-offtopic: Signal range

[kcim]

good point ,I live in an aluminum sided house with signal problems to the outside. I may stil have problems though, the gable ends, are also aluminum an I need the north /south axis to the garage. so I guss I should give it a try, major nightmare to get in to my attic, I also have a small ups for my ap for up there. problem, I know I have no outlets up there. being an electrition, I never seem to get around installing one. you know the cobler has no shoes thing, adout the cb ya I still have a texas star dx 667v lyng around yup them where the days...

Re:Semi-offtopic: Signal range

[aXis100]

From what I read, it also significantly increased noise too.

I saw some pictures from a spectrum analyser, and at 100mW the output was terrible. Potentially illegally noisy.

Re:Semi-offtopic: Signal range

[cur3]

Or just use Power over ethernet, only a cat5 cable up to the access point in the atic

seems better if you don't have outlets

http://www.hyperlinktech.com/web/what_is_poe.php

Power-over-Ethernet (PoE) or "Active Ethernet" eliminates the need to run 110/220 VAC power to Wireless Access Points and other devices on a wired LAN. Using Power-over-Ethernet system installers need to run only a single CAT5 Ethernet cable that carries both power and data to each device. This allows greater flexibility in the locating of AP's and network devices and significantly decreasing installation costs in many cases.

Power-over-Ethernet begins with a CAT5 "Injector" that inserts a DC Voltage onto the CAT5 cable. The Injector is typically installed in the "wiring closet" near the Ethernet switch or hub.

Some Wireless Access Points and other network accept the injected DC power directly from the CAT5 cable through their RJ45 jack. These devices are considered to be "PoE-Compatible" or "Active Ethernet Compatible".

Devices that are not "PoE Compatible" can be converted to Power-over-Ethernet by way of a DC "Picker" or "Tap". These are sometimes called Active Ethernet "Splitters". This device picks-off the DC Voltage that has been injected into the CAT5 cable by the Injector and makes it available to the equipment through the regular DC power jack.

Therefore in order to use Power-over-Ethernet you need:

(Injector) + (PoE compatible device)
- or -
(Injector) + (non-PoE compatible device) + (Picker)

So how long before...

[FreeLinux]

So, how long will it be before warflying is illegal or requires a permit. Here's a funny/sad/true story about a guy who recently got into a lot of trouble for hunting from an airplane.

Re:So how long before...

[Nogami_Saeko]

If I were the author, I'd be a little wary of calling it "Warflying". US authorities are mighty uptight already, and would probably send out investigators to make his life miserable faster than cops arresting students for using PHP in the privacy of their dorms...

That said, I found some WAPs in my condo that I can connect to from my livingroom. I'm as-yet undecided if I want to siphon some bandwidth from them.

Regardless, when I go to visit my parent's place over the holidays, I'm making sure my dad's WAP router is secured.

N.

Re:So how long before...

[Faith_Healer]

Flying with a gun, now that is real "War" Flying.

WiFi Security

[dfn5]

71% had no WEP encryption

WEP is not secure, therefore, the fact that WEP is turned off doesn't make it insecure. The best thing to do with 802.11 is to turn off WEP and use secure application protocols, like Kerberos, OpenSSH, OpenAFS, SSL Imap, etc, etc... WEP only adds useless overhead.

And as far as the SSID goes, if you can snoop for the SSID what does it matter what the value is? Default or otherwise.

Re:WiFi Security

[LearnToSpell]

And as far as the SSID goes, if you can snoop for the SSID what does it matter what the value is? Default or otherwise.

I mostly agree with you, except that a default SSID may or may not be an indicator of some other default settings, like the router password, say.

Re:WiFi Security

[inteller]

Well WEP is a nuisance enough to keep the casual person from hacking into an AP. That's why people keep it up. At any rate if you don't broadcast SSIDs and use MAC filtering, you don't have to worry about it.

Warflying....ok....

[mrtroy]

Thats all cool, checking for open networks in your little plane.

But WHY did you have to set up all those servers to syn SCO?

They are an honest company looking to make a profit from suing their potential customers, which doesnt follow the DOT COM era at all, so it should be profitable.

On a side note, you also violated homeland security.

hey!

[corbettw]

I can see my house('s network) from here!

Wow..

[NegativeK]

I'm not an aviator, so I dunno how scary this really is, but doesn't 1400 feet seem kinda low? I mean, wardriving is fun (I'll readily admit that), but some of those pictures look awfully close to those buildings. :O

*Shrug.* Someone with actual light aircraft experience, please correct me..

Re:Wow..

[CmdrTostado]

FAR 91.119 - Minimum safe altitudes: General.
Except when necessary for takeoff or landing, no person may operate an aircraft below the following altitudes:
(a) Anywhere. An altitude allowing, if a power unit fails, an emergency landing without undue hazard to persons or property on the surface.
b) Over congested areas. Over any congested area of a city, town, or settlement, or over any open air assembly of persons, an altitude of 1,000 feet above the highest obstacle within a horizontal radius of 2,000 feet of the aircraft.

Re:Wow..

[transient]

It should be noted that 1000 feet above ground over a congested area rarely meets paragraph (a) of that section.

Flew over my office.

[Brigadier]

According to his map he flew right over one of our offices (Inglewood). It does seem enticing to stick an antenna out on the terrace and see what comes up. Especially since VPN traffic seems to be eating up mos of our T-1 these days.

on a side note I recently enquired at a major computer store. one which right now is advertising free set up. And talkign to the tech he assured me that all I had to do to set up a wireless network was plug it in. Now with things like nimda, Cade Red and such with the advent of everyoen goign wireless at home and not either encryting there connections or passwording it off. hackers/script kiddies will have a field day with this. I jus tpull up to some pure schmucks house log in launch and attack then drive off and the feds would never find me.

Re:Flew over my office.

1000 feet above ground level in populated areas is the FAA legal minimum.

500 feet in unpopulated areas such as over the ocean.

1400 is just fine.

AS
Private Instrument Rated Pilot

Re:Flew over my office.

jeez, you work in an office? that spelling/grammar check function must get a workout.

Re:Flew over my office.

[smackjer]

Heh, I'm still trying to figure out what a "pure schmuck" is. I guess it would be the opposite of an impure scmuck, but that doesn't really help.

Re:Flew over my office.

Geez, remind me to never fly with you.

LA is a congested area. As such, you're required to maintain a minimum of 1000 feet above the highest obstacle within 2000 feet horizontally of the aircraft. Not 1000 ft AGL.

Not to mention the little bit in the FARs requiring you to maintain an altitude such that you can make a safe landing in the event that a power unit fails. 1400ft is not a lot of altitude when your landing options are concrete jungle or ocean.

Not enough information here....

[barfarf]

So did you create the list of which access points have no WEP?? Information, dammit!! We need more information!!

Re:Not enough information here....

[LearnToSpell]

The green ones in the little picture.

How much aggregate bandwidth?

[192939495969798999]

If you were to start a download and use DA or some such program, how much aggregate bandwidth could you use from the airplane? several gigs per second, I imagine!

Re:How much aggregate bandwidth?

[asquared256]

Well, 1 gig per second / 54 megs per access point * 1 access point per 802.11 card equals about 19 cards, not exactly possible in one laptop. And that's if you're using 'g'. For 'b', you'd need almost 100 cards...

Re:How much aggregate bandwidth?

[Tackhead]

> Well, 1 gig per second / 54 megs per access point * 1 access point per 802.11 card equals about 19 cards, not exactly possible in one laptop. And that's if you're using 'g'. For 'b', you'd need almost 100 cards...

"Never underestimate the bandwidth of a 747 full of laptops?"

lack of wireless security as my defense

[LodCrappo]

I am wondering if having an AP without wep and using a default SSID would be of benefit should the RIAA come a'knockin... living in a densely populated area or a large apartment building, could they prove it was you that downloaded 20,000 mp3s? And do I become responsible even if it really wasn't me? I'm sure there are precedents in other areas, but it seems buying an AP at your local walmart and just plugging it in will create quite a liability or defense, depending. Anyone know?

You bastards!

[geeveees]

You bastards! My AP is on that map!

No WEP != No security

[wowbagger]

Just because a system does not use WEP does not mean it is insecure.

I've been playing with a WAP - my intention is to firewall it to the point that the only things you can do are DNS, DHCP, VPN, and accessing a password-protected HTTP proxy with bandwidth throttling.

The only thing WEP would do in such a case is prevent somebody from sniffing the proxy's password from the air, and if I cared I would just move the proxy over to HTTPS.

Just as WEP != secure, !WEP != !secure.

So all the "OMFG! 73% of all the APs we sniffed weren't using WEP, therefore 73% of all APs aren't secured" is somewhat flawed reasoning.

Granted, it is likely pretty close to the truth. But it is not guaranteed to be the truth.

Re:No WEP != No security

[linzeal]

My dream is a socket based firewall built into a wireless AP, mmmmmmmm.

Re:No WEP != No security

[asdfghjklqwertyuiop]

What is a socket based firewall?

Re:No WEP != No security

[aXis100]

I agree with what you are saying completely, and have done a similar thing with my (public freenet) AP. Better firewalling, no WEP.

That said, enabling WEP on a private network is a good way of saying "move along" to the casual wardriver/chalker. People are lazy, and will just find n easier target.

MAC restrictions?

[aliens]

How many do you think allow only certain MAC addresses to connect?

Re:MAC restrictions?

[Kenja]

Given that they cant figure out how to turn on encryption, set a password or even change the name of the device I'm willing to bet very few know how to limit connections by MAC address. Whats more several WAP systems given away by ISPs and the like dont even support MAC filtering.

Enforcing Security

[mr_lithic]

This story is not only about people finding open wireless networks but also abysmal network security being practised by some folks who have installed wireless kit

There has to be some way of ensuring that people sort out the security on their boxes. How about not allowing the box to connect unless they change the default settings?

In several offices we used to set the first password for the user accounts as their user login, and then not allow the same password to be used again. We knew the temptation was too great for people to use their login as the network password (and too easy for someone to crack).

Just in time for the holidays

[cgenman]

Nothing says "I love you" like the gift of 1,430 unsecured networks.

hg

My bad

[tugrul]

Didn't think of that, and Safari ignored the Content-Type like another evil browser. Blah!

I can see my house!

[mikegross]

No, really! I can see my house! It's in one of the Santa Monica pictures. My AP was probably one of the detected ones, no WEP, but I use MAC filtering, so maybe not. I'm not sure if unregistered MACs can see the AP, actually. Hmm... BUT I CAN SEE MY HOUSE!

This is Evil. I like it.

[adamy]

Just like a securityu advisory, it would be nice if he could somehow let people know before he posted a map that lest other people steal their bandwidth...but I guess there really is no other way to let people know. Hell, most of those people probably don't read slashdot, so they won't figure out

Torrent with the whole site

[gomoX]

Here's a torrent with the site, take it easy d00dz.
The file is 3.9 Mb.

warfly.tar.gz

And in a related story

[ApolloCreed]

France, Germany, and Russia are upset that they were not invited to help secure the unencrypted access points.

Figures

[t_allardyce]

2013 *71% = 1429 people who will potentially sue you if you try and tell them their network is insecure.

Re:Warflying Request: +1, Insightful

[the+Man+in+Black]

I wonder how many access points you would find
by flying over the Pentagon

Good luck getting into D.C. airspace. In fact, good luck even filing a flight plan that takes you within 1 mile of D.C. airspace. Come up on the radar as headed in that direction, and it'll be 1) Warning 2) Command 3) Blowing you into tasty bite-sized flaming chunks.

Better I think to stick to warflying where there's no chance of actually being fired upon. :)

Additional Data point...

[angst_ridden_hipster]

He seems to have flown right over my house.

My network doesn't show up in the list, though.

For the record, it's called "ACCESS DENIED" and it's got WEP enabled...

If you are in the neighborhood, and need access, just gimme a holler. Pants-less one-handed wardrivers need not apply.

Re:Additional Data point...

[cujo_1111]

Shouldn't that have been...

You insensitive clod!? :)

Because

[geeveees]

WEP sucks. It does.

If you want to use 802.1x you need to setup a RADIUS server aswell. That may be holding them back. Ofcourse, WEP is better than nothing I suppose :)

Check out http://www.isaac.cs.berkeley.edu/isaac/wep-faq.htm l

WEP + MAC filtering

[gamlidek]

WEP is fine, but if you live in an apartment building, you have unlimited time for your hacker neighbors to crack the WEP, even 128-bit. Please use MAC address filtering. Here's a
good how-to if you're interested.

And stop broadcasting your SSID! =)

Re:WEP + MAC filtering

[pclminion]

Right, like a person capable of cracking WEP isn't going to know how to sniff a valid MAC and reset the MAC on his own card...

MAC locking is only secure against very casual intrusion. Most cards (all?) can be re-flashed with a new MAC.

Re:WEP + MAC filtering

[puzzled]

"re-flashed with a new MAC?"

I'll bet your computer is infested with the start button virus, isn't it?

Re:WEP + MAC filtering

[pclminion]

No, actually I use Linux, but since I've never changed the MAC on my card (what the hell reason would there be?) I just assumed it was done via flashing, like on Windows.

In any case that only strengthens my point -- somebody can drive around and change MAC addresses in real time. MAC locking is useless.

Re:WEP + MAC filtering

[gamlidek]

Of course. Very casual. =) I can't imagine anyone wanting to crack my home network beyond that, myself. It takes too long and I have very little of value on it. ;)

Heres a slashdot article and discussion on this issue. If anyone wants to sit outside my house for a few hours to try and snoop my setup with MAC address filtering+128-bit, weekly-changing WEP+non-broadcasted SSID, more power to 'em.

Re:WEP + MAC filtering

[nothing_23]

mac flashing? Just use macchanger, it is uber-easy

Re:WEP + MAC filtering

[rubberband]

MAC filtering? You're kidding, right? ifdown eth0 ifconfig eth0 hw ether de:ad:be:ef:00:00 ifup eth0 mooooOOo. MAC filtering as a security measure is not very useful imho. Good for tracking end-user computers on your own network, yes. Keeping someone from gaining access to said network? Not so much.

Re:WEP + MAC filtering

[E-Rock]

About as useless as turning WEP on, and WEP will degrade your performance. If you really want to be secure you need to unplug the WAP, the next best is to secure the network behind it. WEP won't stop anybody serious, nor will MAC address filters; both will stop the (l)user next door.

Re:WEP + MAC filtering

[festers]

Who cares whether or not you broadcast your SSID? Everytime you connect to your network your SSID is sent unencrypted. Anyone who wants it can sniff it. So feel free to stop broadcasting it, it doesn't really add to your security. WEP is good for most people, MAC filtering is better, but I don't know of any home-wireless setup that is 100% "hack proof."

Re:WEP + MAC filtering

[puzzled]

ifconfig eth0

At least it works that way on DyingBSD 4.9 ...

Re:WEP + MAC filtering

[sublimespot]

I always hear this argument about MAC filtering being weak, but... how would the cracker know WHICH MAC address you are allowing?

That's about the number of Starbucks in LA

[xenophrak]

Sure those weren't just Starbuck's/TMobile hotspots?

Which do not support WEP anyway.

What I find interesting...

[Lodragandraoidh]

What I find interesting is that the guy slashdotted himself...one way to work out your firewall and web server, I suppose.

In related news... live from the Sargasso Sea!

[Markvs]

A WarSCUBA expedition has found forty-two 802.11b connections! ...none were using WEP, but Kerberos was there.

Interesting results

[_LFTL_]

Looking at his map there are a couple odd things that maybe someone can explain to me:

1) It seems that all the access points he found are almost direcly on the interstate.
2) No access points in Compton? fo' shizzle

Re:Interesting results

[SoCalChris]

A lot of private pilots follow the freeway system to help them navigate.

Defense against warflying:

[Dark+Lord+Seth]

A combination of AAA, Autonomous Advanced Algorithms and SAM systems, Secure Authority Message, designed to bring down any hostile airborne WLAN sniffer. Available in both US and Russian flavours.

It begins...

[uvsc_wolverine]

It's been just over half an hour and we've allready launched the unintentional DDoS on the poor guy's server.

How on earth is this the same?

[OS24Ever]

On one hand, we have a few geeks with a laptop, a GPS, and an antennae.

On the other we got some redneck shooting at stuff from an airplane with real live bullets.

Re:How on earth is this the same?

[__aafutm5472]

On the other we got some redneck shooting at stuff from an airplane with real live bullets.

While probably drunk...

Easy.

[OS24Ever]

11MB/s. or 22MB/s if he had 802.11g working on a lot of them.

That's like saying 'Hey, I got 100 ethernet cables, since their all 100 MB i'm going super fast!'

Without etherchanneling or something aggergating said bandwidth with an equally large number of cards not much is going to happen.

High speed connectivity on planes

[fstanchina]

I saw articles about planned rollouts of high speed network connectivity on planes, but I din't think they meant this!

looks like they flew right over my apartment

[Dynedain]

good thing my router has been out for a while. granted, they probably picked up the neighbor's WAPs when i'm down at the pool...

How to leave my access point *IN*secure?

[PCM2]

1430 of them being unsecured, that bothers the heck out of me.

OK, my immediate reaction is ... why?

Fine, corporate "enterprises" (beginning to hate that word) should have secured their wireless networks. But lets face it, most of the APs discovered are probably Linksys routers sitting in some dude's office. Exactly why do all of these need to be secured?

I'm a normal, conscientious Internet user. Most of the day, my Internet usage consists of email and (I admit) wasting time on Slashdot. I'm not looking at porn, and I'm not wasting significant amounts of bandwidth. Honestly, who should care if I happen to use their unprotected wireless network?

Furthermore, I personally wouldn't care if anyone used mine. I would love to feel confident that I could leave my wireless access point unprotected. Several points nag me, however:

• Every now and then, I'm going to want to download some Linux ISOs. (OK, I mean labels' entire catalogs of songs on MP3.) When I want to do that, *I* should have the bandwidth to do it. I pay for it, I get dibs. So far, I don't know of anything available to your average consumer that will let you throttle bandwidth for your "guests" at will (or, ideally, automatically -- my own MAC addresses get top priority).
• The kiddie porn issue is an issue. As is, I guess, MP3 downloading. I don't want to have to firewall out P2P ports (and play the game of "what port are they using this week") just to protect myself from people using my AP who are too dumb to cover their tracks. No, I do not believe "but my port was unprotected, open to the world" is going to hold up in court.
• People are, by and large, bastards. If I leave my AP unprotected, it's not going to be used occasionally by passers-by etc. It's going to be my next-door neighbor, using it to download massive AVIs all night long, all the time thinking "hee hee hee, this dumbass left his wireless AP unprotected." If I were to open my AP, I'd want the first thing to pop up on your browser to be a notice letting you know that, yes, I see you, yes, I'm logging you, and yes, if you were a decent person and you wanted to use this thing all the time, you might drop by, ring my doorbell, and offer to kick me a couple bucks every month.

Furthermore, I'd like to publicly thank the various people around town whose unprotected access points I've used without permission. You never knew I did it, but it probably saved me some hassle.

And finally, I'd like to publicly ask owners of coffee shops, delis, diners, bars, and other lounge-around spots: Have you ever considered not charging for that miraculous wireless network you just "installed"? Face it, Internet access is a flat fee for you. You want to bring in customers to buy that cup of half-and-half (I once heard that milk-based froofy coffee drinks have such an exorbitant profit margin that Starbuck's is essentially in the milk business). So why not do it by offering them a place to sit around, relax, and use their laptops? Seems to me it's no skin off your nose. Coffee shops have been providing shelves of books for years -- why not Internet access?

I bring it up because the coffee shop down the street from my house recently switched from offering free wireless access to charging for it -- something like $15/month, fully a third of the cost of a DSL line that will give me full high-speed access around the clock. Lots of other places are starting to do the same here (San Francisco) -- the "trial period" is over, now you have to pay.

I ask you: Where's the sense in that? I had just gotten into the habit of spending my mornings in that coffee shop, eating bagels and coffee while I got some work done, when they pulled the rug out from under me. Now the main thing that keeps me going down there is the fact that a couple of the shop's neighbors have their own wireless APs -- unprotected, of course. So now I'm not going to the shop as often, I'm buying less coffee and bagels, and worse, you went ahead and paid for all that (evidently quite expensive) Internet hardware and now I'm not going to be part of that new profit-center either.

Make it free, man! Wired magazine said as much, months ago.

Re:How to leave my access point *IN*secure?

[C10H14N2]

My coffeehouse is still free and I make it abundantly clear to them that the -only- reason I drink their motor-oil excuse for coffee is that I value their internet service enough to kick them back a few bucks every day that would otherwise be spent on better coffee elsewhere. Their own computers are rented out all day long at a huge profit, so there's little reason to charge the constant crowd of laptop users. Really, at $6/hour for a machine that probably costs $25/month, how could they NOT be raking it in?

What I -would- like to see is more places putting in place is some sort of authenticated access to limit access to customers who actually buy something so that the @$$h013 across the street downloading Divx copies of LOTR is blocked out. I've seen a few projects out there for that purpose, but they're hardly at the stage of development that the average barrista could work with.

netstumbler files

[twistedcubic]

How do you read the netstumbler files, without installing netstumbler?

Re:netstumbler files

[twistedcubic]

never mind. asked and answered... just used "strings"

Here's the scoop on this:

[The_Pey]

1. He was flying in a plane over LA. -For simplicity's sake when flying under Class B Airspace, many pilots on VFR flights tend to stick to flying over interstates - its easy and keeps you out of trouble.

2. He had a laptop with only one 802.11 card and only one antenna for reception. The necessarily rules out any radio direction finding for accurate plotting of the access points. Instead what you see is what he picked up as he flew and the exact lat / long the plane was at at the time of the signal hit. If he could do some RDF by maybe having antennas in an array attached to the plane at say the wingtips he could with the right software plot out where each possible transmitter was. But he would need to know what altitude the plane was at, what the heading was and the different signal strengths received at each antenna as well as the distance between the antennas in his array. I don't know of any software out there that does this but the information to do this is readily available.

If he had that setup you would see a map with the projected location of each access point arrayed around the path of the aircraft.

Hmm.... makes ya wonder.......

[Preacher+X]

why 2100+ people can be seen from 1400 ft away but i can't get the signal to my laptop 20 ft away on the deck. :) oh well. Time for bigger antennas i guess.

Re:Hmm.... makes ya wonder.......

[linuxrunner]

THIS I would like to know the answer of also...

Anyone???

Warflying?

[John+Hansen]

And why is it called "warflying"?

As one AC already mentioned, the term really originates from "wardialing" -- which, in the good old days of 300 baud modems, was the act of dialing through a large list of phone numbers to find numbers that had answering computers on the other end. So now, warflying is related to wardriving (also mentioned above), which is driving or flying around to find open WAPs. Same principle as wardialing, different technology..

The Feds!

[irving47]

And after reading this sort of thing, do we wonder at all why there are people in Homeland Security starting to flap their gums about regulating IT at a Federal level?

What am I doing wrong?

[mariox19]

My signal can't even make it from downstairs in the living room to upstairs in the bedroom without a repeater, and yet you guys are picking up signal from 1400 feet in the air!

What the hell am I doing wrong?

Warflying-Wardriving-Wardialing

[DonnarsHmr]

Way back in the day there was a movie called War Games. In it the main character, the stereotypical teenage movie hacker, had a little script that would cause his modem to sequentially dial every number in an exchange (ie 555-0000, 555-0001, 555-0002, etc.) looking for another modem to connect to. The script then logged all the #'s where a modem was found so that the protagonist could hack the computers attached to the modems at his convenience. This process became known as Wardialing. With the advent of WiFi, people saw a parallel between wardialing and driving around town logging all the APs that were available. Thus, wardriving. Eventually, people also started making chalk markings at the location of the found APs to let others know there was a network there, hence warchalking. Finally, man discovered flight, and decided to look for APs that way, thus arriving at Warflying.

Stay alert for a new Connections with James Burke on this topic.

Re:Warflying-Wardriving-Wardialing

[venicebeach]

Thanks for the explanation..

It's just that the term "warflying" seems to have significance nowadays that "wardialing" would not...I don't know if it's really a good idea to say you are warflying over los angeles.

Flew right over me in La Mirada...

[gsfprez]

went RIGHT over my house.. according to the map (I live right above the "B" in Buena Park on that map right where the base station markers are) The city covered up by the markers on the map is called La Mirada.. my home.

He didn't see my open base station. So i'm not nuts.. my base station really DOES have bad RF performance.. maybe i should get it checked out.

(yeah (as a matter of fact) - i don't care if people use my base station, as a matter of fact. Mine is open. In fact, if you request an IP, the DHCP server on my Airport EXTREME (tm) base station will GIVE you an IP. You can't steal from me - i'm giving it to you.)

I live in LA and I use no WEP

[zaad]

It's been mentioned already by many posters that WEP is insecure. Take a look at AirSnort for details, but basically, depending on the traffic of your network, you can be cracked in as little time as under a day.

Talk about a false sense of security.

WEP is completely disabled to reduce needless overhead on my AP. But I do run a certificate based relaying (See http://vpn.ebootis.de/ & http://www.freeswan.ca/ for details. So if you don't have the right certificate, you can't route any packets in or out of my wireless network.

Have fun cracking a 1024-bit RSA key.

Looking to Relocate?

[cupofjoe]

Speaking of warflying/driving/walking, it looks like this is an accident waiting to happen.

A city of 50,000 people jumping on the WiFi bandwagon is going to leave a lot of personal information out in the open. Not to mention the free surfing opportunities.

Cerritos. The Web-Jacker's Paradise.

Tourism's gonna soar, I'll tell you what. I noticed that the article doesn't mention how much this will actually cost, either. Hmm.

Two words

[TheSync]

UAV spamming.

Coming soon, no doubt!

Dude, just pay for broadband.

[karmaflux]

Or you could pay maintenance and operation on a helicopter to hover over your free access point.

When will it become old news that most users leave their equipment set to the factory defaults?

forget the APs, look at the ad hocs!!

[action789]

I can understand a fixed, antenna-extended AP reaching 1400' in altitude, but laptops/desktops set to peer mode? you'd think even the ceilings/roofs of the buildings would filter that signal right out since the strength just wouldn't be there.

Wow! surprising.

Orinoco range extender is not 2-3 dbi

[eyeareque]

the antenna is actually 5dbi.. its such a shame they used such a weak antenna for the test... and it was inside the cabin.. you'd think they would have realized the planes shell would effect how many APs they found.

Re:Orinoco range extender is not 2-3 dbi

[not5150]

Bzzt!!! Yes we did realize the shell would affect the number of APs found. But we flew anyways and got a "mere" 2013 points. not5150 www.not5150.com

Alternatively

[lakeland]

Follow my example and just leave it wide open. All you lose is that your neighbours share your internet connection sometimes. So what?

Re:Alternatively

[RockClimbingFool]

When your neighbor downloads kiddie porn through your connection from a sting operation site, who goes to jail? they don't need the physical evidence on your computer, because its a garbage file anyway. they have a record of someone expressing interest in downloading kiddie porn. they serve out garbage supposed to be said kiddie porn. they have your ip as the downloader. they knock on your door and arrest you, as the "owner" of that ip address.

Re:Alternatively

[lakeland]

Hmmm, maybe. Though if someone phreaks your telephone line then they're liable for any expenses incurred rather than you.

Of course, all sorts of legal things like 'reasonable care' come into play.

But then, the police around here aren't likely to do anything about a burglary, let alone set up a sting on kiddie porn.

Re:Alternatively

[cujo_1111]

Kiddie porn is a big media item and the Police PR departments love the mileage they can get out of it. Don't underestimate the power of a PR stunt...

Re:Alternatively

[oliverk]

I'm with you on this one. I stayed in temporary housing in SF for a month and didn't want to drop the $150 on a phone line. Mobile phones were great for voice, but not internet. But my new laptop came with 802.11b and three of my neighbors broadcasted for me. I didn't abuse it...just checked email now and then and surfed for plane tickets. Total bandwidth consumed was obviously negligible. Of course, this begs the question of why, then, all of us need to have the fattest pipe available when none of us will ever use more than 30% of our capacity.

Sorry, I digress...

As for the legal details...it's an internet connection, and it WON'T hold up in court if someone connects through your WAP to do something illegal. Disagree? Run traceroute and figure out the distribution of liability.

Re:Alternatively

[RockClimbingFool]

Though if someone phreaks your telephone line then they're liable for any expenses incurred rather than you.

that is the problem right now. there is no laws that say someone using your internet connection is liable for their own actions. according to the RIAA, the owner of the IP address is responsible for any copyright infringement. I most definitely don't agree with them, but without laws to say otherwise, precedent will prevail. and the RIAA is just one of many groups trying to set it. local jackass authorities are another.

But...

[Adam9]

do your neighbors know about it? ;)

Another warflying example here...

[gearmonger]

Tracy Reed did this last year (I think) -- Check this out. [ultraviolet.org] Definitely makes you wonder how soon it will be before someone comes up with a way of intelligently integrating all these isolated WLANs to form a really nice mesh of urban connectivity.

How about War Sailing?

[CaptNorm-sd]

Check out my web page on War Sailing & War Dinghying,

http://www.catalina42.org/war-sail/

Norm

My network is unencrypted...

[Rotten168]

... and I don't really care. I live off in the suburbs with a relatively large lot, so someone would either have to be trespassing to break in or they'd have to be hovering overhead to use my internet. Plus I log into the router and make sure noone is using it who shouldn't be using it.

Re:weekly-changing WEP?

[gamlidek]

yes, I do... but I should have stated "rotating" WEP keys and SSIDs, rather than "changing". I have 4 keys that I rotate through and all 4 keys are in my client machine's profiles so I only need to change my AP, each WEP is associated with one SSID. Granted, it's not gonna stop anyone that wants access, but it will stop the casual snooper. Especially since I have a few neighbors with open APs -- they're the first targets, IMO.

Like I said, tho, I can't imagine anyone wanting access to my stuff that badly, but I also like to believe I'm doing *something* to keep the casual hacker at bay. =)

Sensible (and User-Friendly) Router Defaults

[tabdelgawad]

This is all about default settings for consumer wireless routers. If the average user buys a router, hooks it up, and his laptop gets a wireless internet connection (maybe not even his!), is he really going to look into WEP and resricted MAC access lists? I don't think so.

Having set up a wireless router a couple of months ago for the first time (for a friend), I can attest to the fact that default settings *need* to be user-friendly. Call me a dummy, but I didn't quite get how WEP is implemented at the time: IIRC, the interface on the router and the wireless card driver were a little different, and it wasn't clear to me what to input where (SSID, channel, passphrase, generated key, options to retrieve key automatically, etc.) It's nothing that I can't figure out, but it wasn't obvious even to semi-computer-literate person like me.

I think 'restrict access by MAC address' should be enabled by default *after* a first configuration-wizard run (obviously it can't be enabled *before* initial configuration by the user, and needs to be disabled every time the router is physically reset). The first-run wizard should tell the user, IN BIG LETTERS, that if they want to use a second PC/Laptop with the router, they need to allow access from the first PC by editing the MAC list. The user should also be *prompted* for an SSID and told to enter it into his laptop wireless driver configuration. As for WEP, it should be as easy to set up as picking a passphrase (to be prompted for when a laptop attempts to make a connection) or telling the consumer to copy a generated key to their wireless driver settings.

On the other hand, pervasive and insecure wireless access is something all civil libertarians should appreciate, so I'm not sure I'd want things tightened up too much :)

Wireless Geographic Logging Engine (WiGLE.net)

[BooTy6]

It's unfortunate they had such problems with their GPS, non-located network info isn't as useful. Still a fun story, much like Schmoo group at DEFCON 0xa.

The WiGLE database currently sports 595,496 GPS located wireless networks worldwide. We have java, windows native, mac osx native, and web-based clients to plot points on maps and interact with the data. We accept the data formats from the major stumbling packages (NetStumbler, Kismet, MacStumbler, MiniStumbler, anything that outputs wi-scan, etc), so upload away!

FAA called yet?

[jemenake]

1,400 feet? Your images show that you flew right over LAX. I hope your pilot ascended up to the altitude of the southbound transition corridor... or, by my calculations, he's gonna have his license for about another 2.1 hours. :)

Re:FAA called yet?

[Skyfire]

Also, unless I'm not mistaken, they went right through the TFR around Disneyland. That might cause a bit of trouble as well.

Re:FAA called yet?

[not5150]

No... we did not violate Disneyland's TFR. We flew well east of Angel Stadium. not5150 www.not5150.com

Re:FAA called yet?

[not5150]

Yes, we used the VFR corridor... read me writeup at www.not5150.com not5150 www.not5150.com

OH. MY. FUCKING. GOD!!!

[Thud457]

That was a thing of insanely terrible beauty, man. Come on, mods, even your piggy little souls must have been touched by that! MOD THAT GUY UP!!!! Sweet gibbering Jesus, that was fuckin' awsome!

you may be liable

[sbma44]

for actions performed with your connection. I suspect a case on this will be decided in the next five years. As it stands now, I suspect you would probably be help responsible for illegal activity performed with your connection. IANAL of course, but it seems doubtful the courts or a jury would understand the finer points of wireless security.

question for ya...

[sbma44]

does wep encrypt mac addresses too? or can those be sniffed easily w/ wep on?

Personally, I just use MAC filtering. Yeah, you can spoof a MAC address pretty easily on most hardware in windows. But I'm on 802.11b, and WEP definitely slows things down. And it was periodically resetting the connection on my Orinoco card.

Bottom line, consumer wireless gear can't keep out anyone who's determined to get in. I say make a stab at it to disclaim some liability, use decent security on your LAN, and call it a day.

Re:question for ya...

[gamlidek]

Your MAC address is easily sniffed and spoofed, but it takes time and determination from the attacker and your NIC needs to be disconnected from the wifi in order for the attacker to gain entry via that MAC. If a neighbor has a completely unsecured open wifi (most likely) chances are very good that they will be targeted first. The attacker would have to *want* to hack your wifi and it takes about an hour or two (depending on your wifi traffic) to get a "weak IV" WEP key. If you're downloading stuff from the net, an attacker can use the packets to construct the WEP, but it does take time. Less traffic takes a lot longer. WEP-plus, however, takes a a prohibitively long time -- WEP-plus is the result of manufacturers removing the presence of "weak IVs" in their algorithms.

Here's a good article that describes how easily "weak IV" WEP can be cracked.

And, yes, the bottom line is, the wire is still a *lot* more secure than wifi. The most secure wifi can be cracked with enough time and the right tools/know-how. Knowing that means you have to decide if the convenience of wifi is worth the risk. I, personally, have nothing of any value on my LAN, so the risk is small.

Basically, make sure you keep backups of your most important files, and don't keep important data (bank accounts, etc) on your wifi accessible LAN and you should be Ok.

Next time...

[Gantic]

You should take a pringles can with you

Rules must be different in LA then

[Tim+Ward]

Over here if you did that at 1400 feet you'd be in serious trouble. (Rule 5: 1500 feet over congested areas.)

Re:Rules must be different in LA then

[not5150]

Yes rules are different... 1000 agl above.

Microsoft's Wireless Routers are Secure...

[sk3tch]

...out of the box...no shit...surprising, eh?

A More Affordable Option...

[cjsnell]

Here's the antenna I bought a few months ago:

Aerialix 12dBi omni

From the pilot

[not5150]

My writeup is at www.not5150.com It will answer many questions that people have about the flight. What I find upsetting are the assumptions that some people have made about certain regulations.

Re:From the pilot

[not5150]

Ugh.... I really shouldn't have posted my website address. not5150

This doesn't surprise me.

[Newer+Guy]

I live in Santa Monica, and have no trouble finding Internet wherever I go in L.A. I have a Belkin USB wireless adaptor for my IBM Thinkpad and use WinC. All I have to do is put the Belkin up on the dash and slowly drive down most any street. Within a minute there's a usable open 'net. connection. It comes in real handy when you're out shopping/looking for houses. Go onto Mapquest and get driving directions to the next one you want to find. I even bought a power inverter to run the laptop off the car. I leave my DSL open too, though it's run through a separate router so any visitor doesn't have access to my network.

Re:This doesn't surprise me.

[www.LaWirelessWeb.co]

i have an external antenna,1 watt amp, with orinoco card in my truck.

i can go just about anywhere in los angeles and get broadband access it is great....

i also use a service in marina del rey where (www.5gwireless.com) i do most of my work its like being at my desk in my truck.

Re:The three major problems with security nowadays

[cujo_1111]

Problem: Microsoft
Solution: Use Macinux or Lintosh (Mac/Linux combo)

The increase in cost would be more than what you pay for a Windows licence, so no one would switch over

Problem: Security "experts"
Solution: Threaten their jobs until they shape up

But when you hire the next guy/girl, he/she is exactly the same. You keep going through this cycle until the company realises that if you offer more money you might just get the cream of the crop, not the scum from the bottom of the pond...

Problem: Ignorant users
Solution: Educate them

Hahahahahaha, you funny man... I suppose you believe 'Childproof' lids are really childproof and Saddam had WMDs capable of reaching the US and was willing to give them to Osama :)

Re:Warflying Request: +1, Insightful

[milamber.net]

Or, more likely...

1) Warning

2) Command

3) Your wings will disappear... then you slam into the pentagon and blow up leaving a ridiculously small hole in the side of the building and a very specific and also quite small amount of debris. minus the wings of course.. coz they disappeared... you don't believe me??

been done.

[teddlesruss]

been done...

By a buncha west australians...

Re:HOBBIT-MAN: THE KING RETURNS

[grub]

Absolutely beautiful. Thanks for the laughs.