War-dialing-driving-flying-shipping
Discover wireless networks.
War dialing
Large organisations usually have their phone numbers assigned in blocks from a local telephone company, and many have their own dialing prefix. This information was used in war dialing all the company phone numbers looking for a dial-up server. Once such a server was found, it was used for guessing account usernames.
War driving
War-driving, sitting in a parking lot or in a building across the street with a laptop and a wireless NIC, looking for unsecured or poorly secured access points. War-driving has been made easy by programs such as Network Stumbler and Wellenreiter, which use consumer WiFi cards to automatically scan the airwaves for networks. These wardriving programs and databases are often correlated with global positioning system (GPS) data so that physical maps of these networks can be made.
War strolling
War-strolling, simply walking around with wireless equipment looking for networks.
War flying
War-flying, mounting antennas on a drone and flying it around as a variation on war-driving.
War shipping
War-shipping, shipping someone a device that does wireless scans. It uses disposable, low-cost and low-power 3G-enabled single-board computers that are easy to build for under 100 euro, the proliferation of e-commerce deliveries and a command-and-control (C&C) server to remotely perform close-proximity attacks, regardless of the location of an adversary. It increases target accuracy dramatically. Hide a tiny device in a package and ship it off to the target to gain access to their network. Low build-cost means several can be shipped. The device can be tucked into the bottom of a packaging box or stuffed in a toy. While in transit, the device can do periodic basic wireless scans, similar to what a laptop does in war-driving when looking for Wi-Fi hotspots, and send its location coordinates via GPS back to the C&C server. Once having arrived it can be used for further attacks to gain a persistent foothold in the network.
These attacks have their limitations. These include the amount of time it takes to perform the attack and the suspicions that arise when a car is detected circling a block hundreds of times with an auspicious antenna up top and a laptop in view, a drone circling around, and someone that seemingly aimlessly keeps wandering about.
Resources
Stumbler is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows operating systems from Windows 2000 to Windows XP. A trimmed-down version called MiniStumbler is available for the handheld Windows CE operating system. The program is commonly used for wardriving, verifying network configurations, finding locations with poor coverage in a WLAN, detecting causes of wireless interference, detecting unauthorized (“rogue”) access points and aiming directional antennas for long-haul WLAN links.
Wellenreiter is a wireless network discovery and auditing tool that supports Prism2, Lucent, and Cisco based cards. It is an easy to use Linux scanning tool. No card configuration has to be done and it is quite self-explanatory. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automatically created. Using a supported GPS device and the gpsd the location of the discovered networks can be tracked.