Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured

Posted by Soulskill on from the floating-point-operation dept.

avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

10 of 209 comments (clear)

  1. Networks on The Strip by superj711 · · Score: 5, Informative

    I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.

    1. Re:Networks on The Strip by Anonymous Coward · · Score: 1, Informative

      Even if you don't "broadcast the SSID", that just means you're broadcasting an empty SSID: the beacons are still there and contain all information which is necessary to uniquely identify your access point and tell if it's encrypted and how. So yes, of course those networks are going to show up in their stats.

    2. Re:Networks on The Strip by espiesp · · Score: 2, Informative

      As somebody that currently lives a block away from the Luxor and Mandalay Bay, I can accurately say that you don't have to drive far from the strip to find a very high density of wireless access points, with approximately this ratio of secured to unsecured points. Within reach of the confines of my condo I have a buffet of wide open AP.

      Take the strip out of the equasion and I think it's still valid.

    3. Re:Networks on The Strip by dfn_deux · · Score: 2, Informative

      Thanks for this, I have repeated this comment hundreds of times to various people setting up their networks and yet they still seem to think that setting the essid as "hidden" is providing some small extra security, when in fact it only obscures your network for legitimate users, since anyone sniffing for a networks will see it regardless of whether you have it set to broadcast or not.

      --
      -*The above statement is printed entirely on recycled electrons*-
    4. Re:Networks on The Strip by geekymachoman · · Score: 2, Informative

      Depends with what software they have been 'sniffing'.

      SSID is broadcasted in 802.11 beacon frame, along with some other stuff.

      So if you turn off the SSID broadcasting, you'r removing the SSID info from the body of beacon packet, so regardless you have traffic or no, your AP is gonna show up (without ssid so you will not know the name of ap) in something more advanced then netstubmler. Kismet for example.

      This has nothing to do with traffic amount.

  2. Only 1/3? by superid · · Score: 2, Informative

    Last weekend I made a quick 5 mile drive and found 105 systems in my average residential neighborhood. 46 were unsecured. About 25 were running WEP.

    1. Re:Only 1/3? by anagama · · Score: 4, Informative

      I'm not sure if you are making a joke, so just in case you aren't, I'll point out that MAC address filtering is no security at all. Your laptop is transmitting it's MAC as part of the regular wifi transmissions so sniffing it out of the air is trivial with Kismet or Kismac. Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.

      Here's an overview:

      http://www.irongeek.com/i.php?page=security/changemac

      For Linux, if you just want a random MAC to make yourself even more anonymous:
      http://www.alobbs.com/macchanger

      Similar software exists for windows (google "windows macchanger")

      --
      What changed under Obama? Nothing Good
    2. Re:Only 1/3? by zn0k · · Score: 3, Informative

      Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.


      bash-3.2$ uname -a
      Darwin Laptop.local 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun 9 19:36:17 PDT 2008; root:xnu-1228.5.20~1/RELEASE_PPC Power Macintosh
      bash-3.2$ ifconfig en0|grep ether
              ether 00:11:24:d5:57:9e
      bash-3.2$ sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff
      Password:
      bash-3.2$ ifconfig en0|grep ether
              ether aa:bb:cc:dd:ee:ff

      It's trivial on OS X (Leopard and Tiger), too.

  3. Re:i hate you all by icebike · · Score: 2, Informative

    It could just as well mean that the authors were delighted and found it commendable that the police did not make a fuss about an innocent site survey.

    If you read it that way, English must be a second language for you. It was CLEARLY disparaging of the police, tauntingly so.

    That you mistake it for gleeful respect suggests a very naive outlook.

    --
    Sig Battery depleted. Reverting to safe mode.
  4. Re:i hate you all by icebike · · Score: 2, Informative

    Easy. Don't allow traffic between any IPs behind the router, other than TO the router itself.

    This is trivial with Iptables.

    That would force users behind the router to connect via its external NIC to talk to each other, and that can be filtered easily as well.

    You can't really spoof a machine on your own subnet.

    --
    Sig Battery depleted. Reverting to safe mode.