Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi in the Sky

Posted by michael on from the new-heights dept.

mindless4210 writes "In an attempt to have the greatest warflying run to date, members from Daily Wireless, Tom's Hardware, SoCalWUG, and Highlands Highspeed teamed up for an amazing two-plane mission around Southern California. They picked up over 3000 access points and 900 clients, established a point to point link between the two planes, and successfully video conferenced in real time over the connection. This is also the first time that the wireless network detection tool Kismet has been taken up in the air, reporting over twice as many APs as NetStumbler. There is some footage of the flight in divx format available here."

19 of 148 comments (clear)

  1. How much info? by GaussianInteger · · Score: 5, Interesting

    How much information can they REALLY gather from flying overhead? I assume that those planes travel as speeds > 85mph. Given the range of most APs, and the altitude of the plane, wouldn't they only be in range for a couple of seconds?

    1. Re:How much info? by transient · · Score: 4, Informative

      True airspeed most certainly does not take wind into account. You're thinking of ground speed. True airspeed is calibrated airspeed corrected for altitude and non-standard temperature.

      --

      irb(main):001:0>
  2. Wi-Fi in the Sky... by UniverseIsADoughnut · · Score: 5, Funny

    ... With Dimonds?

  3. Warning...! by Anonymous Coward · · Score: 5, Funny

    Our access point is protected with the Patriot Missle Defense System. Offenders are liable to be shot down.

    Your Friend,

    D. McBride.

  4. Don't bother with the video dl... by tvh2k · · Score: 4, Informative

    ...it's just of some cherokee flying around, nothing special.

  5. Kismet Superiority by WwWonka · · Score: 5, Interesting

    This is also the first time that the wireless network detection tool Kismet has been taken up in the air, reporting over twice as many APs as NetStumbler.

    This week I realized how much better (like we needed proof) Kismet is over Netstumbler, even the newly released version

    Had to fly to our San Francisco office and do some "networking stuff". Stayed in the Hyatt on Embarcadaro, where ironically they were hosting SecureIT 2004...make sure you use ' or ''=' to login to the Hyatts wi-fi service as admin for free. ;-)

    Anywho, did some wireless sniffing with my "Cantenna" and on average picked up two to three times as many APs/Peers with Kismet than Netstumbler. Same equip on a dual booting laptop.

    1. Re:Kismet Superiority by necro2607 · · Score: 5, Informative

      Netstumbler won't report APs which aren't broadcasting their SSID in the beacon frame, whereas Kismet will. This makes a huge difference as many users are going to choose the option to make their AP "stealth" since they think it'll keep their AP hidden from "hackers" and war-drivers and the likes.

  6. Re:Roadtrip soon, which GPS? by PatJensen · · Score: 4, Interesting

    Jon, Units just need to support the open GPS NMEA protocol. USB is preferred because it can be powered by your laptop without a bulky adapter or take a lighter port. I'd recommend some of the GPS "mouse" devices that are imported from Japanese manufacturers and are on eBay for $60-$80. No display but they are great for navigating with Streets and Trips or Netstumbler, etc. They will probe as a standard serial device at 9600 baud which you can feed to your navigation software. I'm in the East Bay about every 2 weeks and I frequently run kismet there quite successfully. Using an external antenna helps a lot too! Pat

  7. Re:How much info? - Plenty by necro2607 · · Score: 5, Informative
    To quote the book "Maximum Wireless Security" from Sams Publishing:

    Many Access Points have the ability to be configured in a stealth mode, thus "disabling the beacon" as one of their options. In reality, the beacon frame is still sent every 100 milliseconds--only the SSID has been removed.

    Information made available by a single beacon frame, one of which is sent 10 times a second:

    • Basic Service Set ID (BSSID)
    • WEP-enabled or not
    • Type of device: AP or peer
    • MAC address of wireless device
    • Channel device was heard on
    • Signal strength of device
    • Longitude and latitude (if using a GPS)

  8. Video?! by theparanoidcynic · · Score: 5, Funny

    Will they ever learn? Anything but plain text fed to ./ will turn your server into a heap of molten destruction. . . . .

    --
    Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
  9. WEP (in)security assumptions by David+Jao · · Score: 5, Interesting
    The article incorrectly assumes that WEP enabled networks are more secure than non-WEP enabled networks. You can tell by the red/green color choices and the choice imprecations that the authors think poorly of un-WEPd networks. Unfortunately, in reality the best way to secure a wireless network is one that does not involve WEP. It is well known that WEP is insecure and thus one must resort to other means in order to secure a wireless network against known attacks.

    As a starting point, the WaveSEC homepage describes a way to secure a wireless network entirely using IPsec, without relying on WEP. In addition, for a small home network you can get away with static IP addressing instead of using DHCP, and in this way you can gain all the benefits of WaveSEC security without needing any software patches (since if you look closely all the software patches are DHCP related).

    IPsec is supported in Windows 2000 and up, Linux 2.6 (natively) or 2.0 and up (with Free S/WAN patches), and FreeBSD; unfortunately I have no firsthand knowledge of MacOS support. The main drawback of IPsec is that it is a very complicated protocol and takes a lot of effort to set up. Making different systems interoperate with each other is especially challenging -- for this task, I recommend the Free S/WAN interop page which links to an eclectic pile of guides covering most of the possible combinations.

    My own home wireless network is a mix of Linux and Windows XP clients all connected via IPsec, and I have much more confidence in its security than I would otherwise have with WEP.

    1. Re:WEP (in)security assumptions by necro2607 · · Score: 4, Interesting

      I was waiting for someone to mention this...

      The ONLY security WEP provides is merely delaying any would-be 'hacker'.

      Simply sit within the range of a wireless network with your laptop, collect enough packets with Ethereal or a similar tool, and you'll have the AP's WEP key.

      Proof of concept: WEPCrack, open source program for cracking WEP keys from tcpdump, prismdump or ethereal captures.

      For detailed info on why WEP is insecure, go here. Plenty of info on various types of Wifi attacks and vulnerabilities.

    2. Re:WEP (in)security assumptions by David+Jao · · Score: 4, Insightful
      WEP is known to be insecure. However, for the average joe, it is good enough ... would you as a hacker, spend a night in your car outside some dudes house in the hopes that they might compplete an online transaction with a CC?

      I agree that for most people (and maybe even for me), WEP is good enough. However I should point out that I did actually spend a night cracking my own access point's WEP encryption and my success in that effort is what motivated me to seek a better solution.

      My bigger objection is with the article's premise that the unWEP'd networks are automatically insecure. WEP is neither necessary nor (fully) sufficient for really good security. People who really know what they're doing don't actually use WEP. The writers of this article (and many other writers) present a very simple "TURN ON WEP" message that does not adequately convey the subtleties of what is in fact a very complicated security situation.

      I don't necessarily expect a sermon in every article, but I would appreciate a more moderated message and at least some kind of acknowledgement that there is more going on behind the scenes.

  10. I'm still amazed... by LqqkOut · · Score: 5, Interesting
    I'm still amazed at the number of unsecured WAP's! Who are these people!?

    Wait, nevermind! All of the unsecured AP's must just be Mom & Pop coffee shops offering free nodes. Right, must be it.

    While sitting at my coffee table, Kismet shows 4 wireless networks available (without an external antenna) and each of these networks has WEP enabled, the message must be getting through to some people!

    I know absolutely nothing about Microsoft's WI/FI API, but imagine a virus that spreads throughout the mess (er, mesh) created by the unsecured wireless networks. Hmm... and if the virus is smart enough to determine the WAP's manufacturer, it could even use the default admin password to blow massive holes in the router's firewall as well. While it's not very likely in my geographic location, it could definately be feasible in more densely populated areas.

    Oh, and kudos to Kismet for blowing NetStumbler out of the water!

    --

    -- In Soviet Russia, radio listens to YOU!

  11. Mirror of movie by paulproteus · · Score: 4, Informative

    I have made a mirror of the movie so you can spare Tom's the bandwidth.

    --
    |/usr/games/fortune
  12. Re:why bother with the video? by John+Hering · · Score: 4, Informative

    Sorry about the bum video clip, we had our hands full operating all the equipment! Check out the piece on CNN next sat at 12:00PM PST/ 3:00PM EST for some great footage and complete video coverage of the flight.

  13. A few months ago I did this over San Francisco by ConsumedByTV · · Score: 4, Interesting

    It was a single plane flying over the San Francisco bay area. I used Kismet as well... I think I wasn't the first but I did beat these guys by a long shot.

    Two photos here:

    kismet photo, San Francisco.

    We had an ibook scanning as well, it picked up about 1/10th of the networks. All in all without very good equipment (knoppix, old kismet, nothing special) we got about 190 networks.

    It's possible with a good antenna to circle and get online, it's also possible to make cell phone calls if you should feel like it (not that we did that). We were flying at about 2000 feet for most of the time.

    It wasn't the last time we did it either. War flying can be fun with a GPS that records the altitude as well as the lat+long.

    --


    "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
  14. Nevermind that... by uberdave · · Score: 4, Funny

    Nevermind how much info they can gather, but rather, how are they going to mark the sidewalk?

    --
    "I'm not impatient. I just hate waiting." - My Dad
  15. Re:Dumb idea by not5150 · · Score: 5, Interesting

    "Overall, a stunt like this does little to advance any sort of "science", and probably wasn't worth the risk to the 4 lives involved"

    Hmmm.... Wasn't this said to the Wright Brothers?? Of course, we all know what failures they turned into /sarcasm off.

    Doors pop open all the time. During flight training, flight instructors tell students what to do in the case that a door pops open. It's actually not a big deal, if you have the proper training. The air pressure keeps the door almost closed.

    Inexperienced pilots flying formation?? Do you know what kind of formation we were flying? Did you know that both pilots have hundreds of hours? The pilot of the Cherokee has a private airstrip with 5 planes and a helicopter.

    The closest we ever got to each other was about 100 feet. Most of the time we were at least 300 feet away.

    As far as the wifi messing with the avionics. Yeah there is a chance... but I did a previous warfly in December, 2003. We didn't experience any problems. Also, it doesn't really matter if the wifi messes with avionics, as we flew VFR. We followed visual landmarks, and used a moving map GPS.

    Accidents happen... you can't stop that. People get hurt/killed in the name of science every day. Some people take the risks, other people just talk about them.

    not5150