Wireless network detection

[AMDPwred]

I saw a show on TLC a few days ago where a security expert was driving his Corvette around DC looking for wireless networks. We had his laptop sniffing for wireless access points. The laptop was running an application that would log the network and details of it (WEP enabled or not, MAC filtered or not). Does anyone know where I can find an application that does that? That would be an easy way of getting short contract jobs. Just drive around finding open networks, then contact the company and tell them you'll secure it for a small fee.

 

[scorpioLP]

NetStumbler

 

[n0cmonkey]

Originally posted by: AMDPwred
I saw a show on TLC a few days ago where a security expert was driving his Corvette around DC looking for wireless networks. We had his laptop sniffing for wireless access points. The laptop was running an application that would log the network and details of it (WEP enabled or not, MAC filtered or not). Does anyone know where I can find an application that does that? That would be an easy way of getting short contract jobs. Just drive around finding open networks, then contact the company and tell them you'll secure it for a small fee.

Was it Chris O'Ferrel? I caught him demoing a security tool where he wasnt supposed to once....

Mac Stumbler works for Macs, bsd airtools or something for BSDs, kismet or something for Linux, and I bet there are versions for PDAs.

 

[AMDPwred]

Perfect! Thanks.

 

[Soybomb]

Originally posted by: AMDPwred
I saw a show on TLC a few days ago where a security expert was driving his Corvette around DC looking for wireless networks. We had his laptop sniffing for wireless access points. The laptop was running an application that would log the network and details of it (WEP enabled or not, MAC filtered or not). Does anyone know where I can find an application that does that? That would be an easy way of getting short contract jobs. Just drive around finding open networks, then contact the company and tell them you'll secure it for a small fee.

I would strongly advise against your contract job plan. Its asking for trouble if you ask me.

 

[AMDPwred]

Originally posted by: Soybomb

I would strongly advise against your contract job plan. Its asking for trouble if you ask me.

How? You wouldn't be gaining access or anything. Just recognizing it is there and what security features are already in place. If they arn't up to par, you can contact them and let them know. Sounds like going a good deed to me. It should work with neighbors as well.

 

[n0cmonkey]

Originally posted by: AMDPwred

Originally posted by: Soybomb

I would strongly advise against your contract job plan. Its asking for trouble if you ask me.

How? You wouldn't be gaining access or anything. Just recognizing it is there and what security features are already in place. If they arn't up to par, you can contact them and let them know. Sounds like going a good deed to me. It should work with neighbors as well.

Sounds like a prelude to blackmail to me. No offence, I dont know you

How do they know you havent already exploited any vulnerabilities? Have you discussed this situation with a tech savvy lawyer (if you live in the US, other countries may not be as sue happy as the US)?

Did the guy have a shaved head and maybe mention something about jazz? *still curious to know if it was Chris

 

[AMDPwred]

I'll talk with our lawyer at work today. Ask him what he thinks. Maybe I'll just stick to people I know.

The guy did have a shaved head and drove a Red C5. I'm not sure about the Jazz though.

 

[n0cmonkey]

Originally posted by: AMDPwred
I'll talk with our lawyer at work today. Ask him what he thinks. Maybe I'll just stick to people I know.

The guy did have a shaved head and drove a Red C5. I'm not sure about the Jazz though.

Ok, sounds like Chris. That would have been atleast the second tv show (1 news broadcast, and this tlc show) one of the employees from my last job appeared on talking about wireless security... Getting ready to deploy the new product I guess...

 

[scorpioLP]

well... think about it though.... anyone with 1/2 a brain would have WEP. Granted it's not secure, but at the very least if it's available then you would use it.

Those that do not have WEP enabled and no MAC filtering are most likely very unskilled newbies. So if that is your target group, you just go up to them, ring the bell and say that you are a security consultant and you were running some tests in the area and see that they have an open LAN and that you would like to offer them solutions to secure it.


Your not going to be running into people with secure data, because they would not have a commercial level AP on the network. And most of the people smart enough to setup wireless will also have WEP enabled at the very least.

So I would say that it would be OK, but may not be worth the effort in some cases.

I work in downtown DC and you could probably detect 3 or 4 wireless LANs in the same building. I would think you would look pretty strange walking around with your laptop checking signal strengths to verify which office has the open LAN.

 

[AMDPwred]

Originally posted by: scorpioLP
I work in downtown DC and you could probably detect 3 or 4 wireless LANs in the same building. I would think you would look pretty strange walking around with your laptop checking signal strengths to verify which office has the open LAN.

This guy in the show was driving down the road and was picking up networks left and right. He said of about 20 WLANs only 6 used WEP. And we are talking about government WLANs here, not people on my block.

 

[spidey07]

MOST wireless networks use no form of encryption or filtering.

The problem comes from "Joe, I'm a cool business guy that knows all about technolgy. I even have a PDA to prove it!. I'll just setup this little wireless network in our office to show how cool it is".

POW! Entire global corporate network is now compromised. So far I've fired one tech support person for installing a wireless network. (and now the count is up to two little blue devices that have caused someone to loose their job) And I'm chomping at the bit for another.

AMDpwred - be very careful about what you're trying to do. I would assume breaking locks and windows just to tell people their security system isn't very good would get you into trouble. Same applies here.

 

[n0cmonkey]

Originally posted by: spidey07
MOST wireless networks use no form of encryption or filtering.

The problem comes from "Joe, I'm a cool business guy that knows all about technolgy. I even have a PDA to prove it!. I'll just setup this little wireless network in our office to show how cool it is".

POW! Entire global corporate network is now compromised. So far I've fired one tech support person for installing a wireless network. (and now the count is up to two little blue devices that have caused someone to loose their job) And I'm chomping at the bit for another.

AMDpwred - be very careful about what you're trying to do. I would assume breaking locks and windows just to tell people their security system isn't very good would get you into trouble. Same applies here.

If I didnt agree with you 100% Id think you are a grumpy old man.

 

[spidey07]

Old man!!???

I'm a scuba diving, golf playing, volleyball spiking, motorcycle riding, Jack Daniels drinking 31 year old MAN darnit!!!

Yes it is surprising just how many wireless networks are out there and just how unsecure they are. I'm not a security nazi but believe in using a little common sense. If you do wardrive in an industrial/business area you'll get hits all over the place.

Even worse is any idiot can run the netstumbler software. There's no skill in today's hacking...not like when I did it (circa late 1980s). And just think - all these wireless networks can be easily sniffed. And once I can sniff I 0wnz jews! Passwords in clear text, find IP addresses of servers, scan 'em exploit know vulnerabilities on unpatched servers, install root kit, cover up logs and traces.

jews be 0wnage.

 

[n0cmonkey]

Originally posted by: spidey07
Old man!!???

I'm a scuba diving, golf playing, volleyball spiking, motorcycle riding, Jack Daniels drinking 31 year old MAN darnit!!!

You forgot grumpy

If you are ever in the DC area or plan on going to a sec conference I might be attending, let me know. Ill buy you a drink

Yes it is surprising just how many wireless networks are out there and just how unsecure they are. I'm not a security nazi but believe in using a little common sense. If you do wardrive in an industrial/business area you'll get hits all over the place.

Im a security freak for the most part.

Even worse is any idiot can run the netstumbler software. There's no skill in today's hacking...not like when I did it (circa late 1980s).

Here we go... The "back in my day" stories...

And just think - all these wireless networks can be easily sniffed. And once I can sniff I 0wnz jews! Passwords in clear text, find IP addresses of servers, scan 'em exploit know vulnerabilities on unpatched servers, install root kit, cover up logs and traces.

jews be 0wnage.

What services that are in wide use still use plain text passwords? Microsoft has atleast some semblance of encryption in their authentication (although last time I checked, which was admittedly a while ago, it was subject to replay attacks)? Unfortunately, I now know from experience, telnet and other clear text protocols are still in use, even with great technologies like SSH (even if it is becoming the exploit of the week favorite). So much work to do...

 

[Soybomb]

Originally posted by: AMDPwred

Originally posted by: Soybomb

I would strongly advise against your contract job plan. Its asking for trouble if you ask me.

How? You wouldn't be gaining access or anything. Just recognizing it is there and what security features are already in place. If they arn't up to par, you can contact them and let them know. Sounds like going a good deed to me. It should work with neighbors as well.

It does sound like he demonstrated it via intrusion but.... still sounds like dangerous ground to tread in the land of the DMCA and USA Patriot act, etc. Fwiw: if you decide this is a good idea at least use a totally passive monitor for detection, it might be argued that netstumblers probes could be viewed as intrusion..

(I'm just scared of courts and the public who don't understand these issues and would just yell "HACKER!!!" and try to lock you up so you don't (insert insane idea here).

I would contact them and let them know what you do, ask if they have wireless access points, and then try to sell them on your service. If someone sent you a letter showing you a port scan of you box and different vulnerabilities you were open to you might not think of them as a saint...

fwiw, and no offense meant, but if you have to ask how to scan for them, are you qualified to know how to remedy the problem as well?