Slashdot Mirror
Warflying 2013 Access Points in Los Angeles
Kallahar writes "We went warflying over Los Angeles and Orange counties yesterday. Flying in a small plane at 1400 feet we detected 2013 802.11b APs in 75 minutes, 71% had no WEP encryption. A map and some pretty pictures are up at my writeup."
What I find pretty amazing is the 500+ people with the default SSID. It's like my apartment complex...if I'm not careful, I can get on one of three different networks and not know it!
[sig] 10 + 10 = 100 [/sig]
Wireless, schmireless -- I love the aerial photos!
"Believe me!" -- Donald Trump
"Hackerish SSID (h3lpm3) 15 (0.7%)"
/. readers' SSIDs are in that netstumbler log, and I wonder how many are afraid to reply and say so since their GPS coords are associatated to their SSID.
Hey thats my SSID!
All kidding aside, I wonder how many
...is nothing; it's really kinda cool that there are that many.
1430 of them being unsecured, that bothers the heck out of me.
-JDF
I'll just get a hot air balloon and get to the right spot and kiss those Internet access fees goodbye!
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
heheh.. a page with some thumbnails linked to 175k-300K pictures. His site is so dead.
Woah, nice to have a map of all the access points, for those times when I'm without internet connection ... or don't want to use my own :D Thank god for wireless!
I'm not drunk, I'm just in touch with pi.
... for people who want to do some file-sharing!
In East LA, a pilot is "warflying" when averting the numerous bullets flying into the air, shot by drunk cholos on July 4th. Talk about bombs bursting in air.
And I can hear it already - hey ese, you forgot to encrypt your airport station, homes!
On December 10, 2003 we went out Warflying over Los Angeles and Orange counties. Not5150 was the pilot of the 4-seater beechcraft and Kallahar was the laptop/gps/antenna operator. In a 75 minute flight from Pomona to Los Angeles to Santa Monica to Long Beach to Orange and back to Pomona, 2013 access points were found.
The antenna was a mere Orinoco Omnidirectional Range Extender which was hand held. Unfortunately, the GPS didn't work for the first 20 minutes, and the wireless card crashed (had to reboot) while we were over long beach (took 7 minutes).
Equipment
Laptop Compaq Presario 2190US (2.4Ghz Celeron)
802.11b card Orinoco Silver
Antenna Orinoco 2-3dBi Omni
GPS Magellan Meridian
Software NetStumbler on Win2k
Flight Time: 1 hour 15 minutes @ 1400ft
(699x446 - 134k)
Statistics
Total APs 2013
No Encryption 1441 (71.6%)
WEP Encryption 572 (28.4%)
Default SSID 513 (24.5%)
Hackerish SSID
(h3lpm3) 15 (0.7%)
Informational SSID
(southcoastcircuits) 23 (1.1%)
Someone's Name 110 (5.5%)
NetStumbler Files
WarFlying (1.0MB)
The drive home (168k)
(for reference purposes)
The More Knowledge you have the Luckier you Get- J.R. Ewing
Yeah, it's all fun and games until someone gets caught flying upside down, no pants on, playing with the stick, lookin' at kiddie porn...
Please help metamoderate.
Namaste
Another shocking thing is that many has no password or the default admin password.
(obvious)Orange County and LA County is not Santa Clara County I guess (/obvious)
I had a similar, but lower tech, experience just yesterday. On a bus ride through Seattle I flipped open a standard laptop with a Cisco wifi card, and found dozens of access points. Most of them where open. I wonder how long it will be until wireless companies start offering security out of the box? How hard would it be to have a wireless access point that shipped with a random password and instructions on how to use it? It's pretty obvious that the average person doesn't realize what the risks are. I know because as a desktop support tech I get asked about this all the time. As soon as I start talking about things like WEP and MAC addresses, I see eyes glazing over.
http://slushdot.org/mirror/warfly/warflying.php
Coming slowly but surely!
Mirror
So, how long will it be before warflying is illegal or requires a permit. Here's a funny/sad/true story about a guy who recently got into a lot of trouble for hunting from an airplane.
Thats all cool, checking for open networks in your little plane.
But WHY did you have to set up all those servers to syn SCO?
They are an honest company looking to make a profit from suing their potential customers, which doesnt follow the DOT COM era at all, so it should be profitable.
On a side note, you also violated homeland security.
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
I'm not an aviator, so I dunno how scary this really is, but doesn't 1400 feet seem kinda low? I mean, wardriving is fun (I'll readily admit that), but some of those pictures look awfully close to those buildings. :O
*Shrug.* Someone with actual light aircraft experience, please correct me..
This statement is false.
According to his map he flew right over one of our offices (Inglewood). It does seem enticing to stick an antenna out on the terrace and see what comes up. Especially since VPN traffic seems to be eating up mos of our T-1 these days.
on a side note I recently enquired at a major computer store. one which right now is advertising free set up. And talkign to the tech he assured me that all I had to do to set up a wireless network was plug it in. Now with things like nimda, Cade Red and such with the advent of everyoen goign wireless at home and not either encryting there connections or passwording it off. hackers/script kiddies will have a field day with this. I jus tpull up to some pure schmucks house log in launch and attack then drive off and the feds would never find me.
You bastards! My AP is on that map!
I am a viral sig. Please help me spread.
Just because a system does not use WEP does not mean it is insecure.
I've been playing with a WAP - my intention is to firewall it to the point that the only things you can do are DNS, DHCP, VPN, and accessing a password-protected HTTP proxy with bandwidth throttling.
The only thing WEP would do in such a case is prevent somebody from sniffing the proxy's password from the air, and if I cared I would just move the proxy over to HTTPS.
Just as WEP != secure, !WEP != !secure.
So all the "OMFG! 73% of all the APs we sniffed weren't using WEP, therefore 73% of all APs aren't secured" is somewhat flawed reasoning.
Granted, it is likely pretty close to the truth. But it is not guaranteed to be the truth.
www.eFax.com are spammers
get a fat omni like this one: Borg 8+8 Slot Waveguide 360 Degree
--- If I were a fish, I'd be wet
You can boost the signal strength of the Linksys WRT54G with this "undocumented feature". Basically it's a back door will let you up the transmission strength to the maximum output. Find details at this thread: WRT54G Increased transmission strength. People's comments there indicate pretty good results.
Check out great deal on electronics and computer at Retail Retreat. Do your Christmas shopping online!
There has to be some way of ensuring that people sort out the security on their boxes. How about not allowing the box to connect unless they change the default settings?
In several offices we used to set the first password for the user accounts as their user login, and then not allow the same password to be used again. We knew the temptation was too great for people to use their login as the network password (and too easy for someone to crack).
WEP is fine, but if you live in an apartment building, you have unlimited time for your hacker neighbors to crack the WEP, even 128-bit. Please use MAC address filtering. Here's a
good how-to if you're interested.
And stop broadcasting your SSID! =)
"In theory, theory and practice are the same; in practice, they are not."
Sure those weren't just Starbuck's/TMobile hotspots?
Which do not support WEP anyway.
Contrary to popular belief, life is not a bitch. It is far far worse.
A WarSCUBA expedition has found forty-two 802.11b connections! ...none were using WEP, but Kerberos was there.
46. The Hobo smiles, his eyes glaze over, and he burps. "Beware the man who has lived longer than the Wasteland."
A combination of AAA, Autonomous Advanced Algorithms and SAM systems, Secure Authority Message, designed to bring down any hostile airborne WLAN sniffer. Available in both US and Russian flavours.
Hate me!
Fine, corporate "enterprises" (beginning to hate that word) should have secured their wireless networks. But lets face it, most of the APs discovered are probably Linksys routers sitting in some dude's office. Exactly why do all of these need to be secured?
I'm a normal, conscientious Internet user. Most of the day, my Internet usage consists of email and (I admit) wasting time on Slashdot. I'm not looking at porn, and I'm not wasting significant amounts of bandwidth. Honestly, who should care if I happen to use their unprotected wireless network?
Furthermore, I personally wouldn't care if anyone used mine. I would love to feel confident that I could leave my wireless access point unprotected. Several points nag me, however:
- Every now and then, I'm going to want to download some Linux ISOs. (OK, I mean labels' entire catalogs of songs on MP3.) When I want to do that, *I* should have the bandwidth to do it. I pay for it, I get dibs. So far, I don't know of anything available to your average consumer that will let you throttle bandwidth for your "guests" at will (or, ideally, automatically -- my own MAC addresses get top priority).
- The kiddie porn issue is an issue. As is, I guess, MP3 downloading. I don't want to have to firewall out P2P ports (and play the game of "what port are they using this week") just to protect myself from people using my AP who are too dumb to cover their tracks. No, I do not believe "but my port was unprotected, open to the world" is going to hold up in court.
- People are, by and large, bastards. If I leave my AP unprotected, it's not going to be used occasionally by passers-by etc. It's going to be my next-door neighbor, using it to download massive AVIs all night long, all the time thinking "hee hee hee, this dumbass left his wireless AP unprotected." If I were to open my AP, I'd want the first thing to pop up on your browser to be a notice letting you know that, yes, I see you, yes, I'm logging you, and yes, if you were a decent person and you wanted to use this thing all the time, you might drop by, ring my doorbell, and offer to kick me a couple bucks every month.
Furthermore, I'd like to publicly thank the various people around town whose unprotected access points I've used without permission. You never knew I did it, but it probably saved me some hassle.And finally, I'd like to publicly ask owners of coffee shops, delis, diners, bars, and other lounge-around spots: Have you ever considered not charging for that miraculous wireless network you just "installed"? Face it, Internet access is a flat fee for you. You want to bring in customers to buy that cup of half-and-half (I once heard that milk-based froofy coffee drinks have such an exorbitant profit margin that Starbuck's is essentially in the milk business). So why not do it by offering them a place to sit around, relax, and use their laptops? Seems to me it's no skin off your nose. Coffee shops have been providing shelves of books for years -- why not Internet access?
I bring it up because the coffee shop down the street from my house recently switched from offering free wireless access to charging for it -- something like $15/month, fully a third of the cost of a DSL line that will give me full high-speed access around the clock. Lots of other places are starting to do the same here (San Francisco) -- the "trial period" is over, now you have to pay.
I ask you: Where's the sense in that? I had just gotten into the habit of spending my mornings in that coffee shop, eating bagels and coffee while I got some work done, when they pulled the rug out from under me. Now the main thing that keeps me going down there is the fact that a couple of the shop's neighbors have their own wireless APs -- unprotected, of course. So now I'm not going to the shop as often, I'm buying less coffee and bagels, and worse, you went ahead and paid for all that (evidently quite expensive) Internet hardware and now I'm not going to be part of that new profit-center either.
Make it free, man! Wired magazine said as much, months ago.
Breakfast served all day!
1. He was flying in a plane over LA. -For simplicity's sake when flying under Class B Airspace, many pilots on VFR flights tend to stick to flying over interstates - its easy and keeps you out of trouble.
2. He had a laptop with only one 802.11 card and only one antenna for reception. The necessarily rules out any radio direction finding for accurate plotting of the access points. Instead what you see is what he picked up as he flew and the exact lat / long the plane was at at the time of the signal hit. If he could do some RDF by maybe having antennas in an array attached to the plane at say the wingtips he could with the right software plot out where each possible transmitter was. But he would need to know what altitude the plane was at, what the heading was and the different signal strengths received at each antenna as well as the distance between the antennas in his array. I don't know of any software out there that does this but the information to do this is readily available.
If he had that setup you would see a map with the projected location of each access point arrayed around the path of the aircraft.
Hmmm...
My signal can't even make it from downstairs in the living room to upstairs in the bedroom without a repeater, and yet you guys are picking up signal from 1400 feet in the air!
What the hell am I doing wrong?
quiquid id est, timeo puellas et oscula dantes.
Way back in the day there was a movie called War Games. In it the main character, the stereotypical teenage movie hacker, had a little script that would cause his modem to sequentially dial every number in an exchange (ie 555-0000, 555-0001, 555-0002, etc.) looking for another modem to connect to. The script then logged all the #'s where a modem was found so that the protagonist could hack the computers attached to the modems at his convenience. This process became known as Wardialing. With the advent of WiFi, people saw a parallel between wardialing and driving around town logging all the APs that were available. Thus, wardriving. Eventually, people also started making chalk markings at the location of the found APs to let others know there was a network there, hence warchalking. Finally, man discovered flight, and decided to look for APs that way, thus arriving at Warflying.
Stay alert for a new Connections with James Burke on this topic.
It's been mentioned already by many posters that WEP is insecure. Take a look at AirSnort for details, but basically, depending on the traffic of your network, you can be cracked in as little time as under a day.
Talk about a false sense of security.
WEP is completely disabled to reduce needless overhead on my AP. But I do run a certificate based relaying (See http://vpn.ebootis.de/ & http://www.freeswan.ca/ for details. So if you don't have the right certificate, you can't route any packets in or out of my wireless network.
Have fun cracking a 1024-bit RSA key.
the antenna is actually 5dbi.. its such a shame they used such a weak antenna for the test... and it was inside the cabin.. you'd think they would have realized the planes shell would effect how many APs they found.
1,400 feet? Your images show that you flew right over LAX. I hope your pilot ascended up to the altitude of the southbound transition corridor... or, by my calculations, he's gonna have his license for about another 2.1 hours. :)
Personally, I just use MAC filtering. Yeah, you can spoof a MAC address pretty easily on most hardware in windows. But I'm on 802.11b, and WEP definitely slows things down. And it was periodically resetting the connection on my Orinoco card.
Bottom line, consumer wireless gear can't keep out anyone who's determined to get in. I say make a stab at it to disclaim some liability, use decent security on your LAN, and call it a day.