Warflying 2013 Access Points in Los Angeles 328
Kallahar writes "We went warflying over Los Angeles and Orange counties yesterday. Flying in a small plane at 1400 feet we detected 2013 802.11b APs in 75 minutes, 71% had no WEP encryption. A map and some pretty pictures are up at my writeup."
That's nuts (Score:5, Interesting)
Re:That's nuts (Score:2)
Re:That's nuts (Score:2, Interesting)
Semi-offtopic: Signal range (Score:2)
I bought the Linksys last night as I plan to use it to expand the range. Ideas?
Re:Semi-offtopic: Signal range (Score:2, Informative)
Re:Semi-offtopic: Signal range (Score:5, Informative)
Check out great deal on electronics and computer at Retail Retreat [retailretreat.com]. Do your Christmas shopping online!
Re:That's nuts (Score:2)
Maybe you should change the default SSID of your WAP.
Re:That's nuts (Score:3, Informative)
With MAC adress filtering and 128-bit WEP, the difficulty in hacking that wifi is somewhat prohibitive unless the hacker has unl
question for ya... (Score:3, Insightful)
Personally, I just use MAC filtering. Yeah, you can spoof a MAC address pretty easily on most hardware in windows. But I'm on 802.11b, and WEP definitely slows things down. And it was periodically resetting the connection on my Orinoco card.
Bottom line, consumer wireless gear can't keep out anyone who's determined to get in. I say make a stab at it to disclaim some liability, use decent security on your LAN, and call it a day
Re:That's nuts (Score:2)
Re:That's nuts (Score:3, Insightful)
New spam tech;
1. Roam around for open wireless networks, run spam off your laptop connected to that wireless lan until cut off.
2. Drive to next WLAN, rinse, repeat
3. Profit!!!
Re:That's nuts (Score:3, Insightful)
Download kiddie pr0n, send spam, launch a DoS attack...in short, the types of things that can get you in trouble.
Seriously, jokers like you ruin the internet for the rest of us. "So I'm running an open relay, what's the worst they can do?" Dipshit.
Photos (Score:2, Interesting)
Re:Photos (Score:2)
Yep. But the plane has to be a minimum 1000 feet above a congested area - 500 feet otherwise, unless it's taking off or landing and at an altiude "allowing, in the event a power unit fails, landing without undue harm to persons or property on the ground" The altitudes are less for helicopters.
Because driving around in a car looking for APs is called "wardriving."
Hey thats my SSID (Score:5, Interesting)
Hey thats my SSID!
All kidding aside, I wonder how many
Re:Hey thats my SSID (Score:2)
Somehow I don't think they can crack them that quickly, can they? Don't they need a decent sampling of packets?
Either way, mine would fall into the Hackerish category.
Re:Hey thats my SSID (Score:2)
Re:Hey thats my SSID (Score:2)
It's a pretty safe bet that our office AP is in that list, most likely as an Informational SSID.
Re:Hey thats my SSID (Score:2)
Airsnort used to need about 100meg worth of data (not just SSID broadcast packets) to crack 128bit WEP. Sometimes it needed less, sometimes more. Either way they'd have had to do a little bit of circling to get that much data
They'd have had a little more fun had they used Kismet. [kismetwireless.net] Then they've have picked up some of the AP's that weren't broadcasting SSID's (kismet works in promiscuous (sp) m
Re:Hey thats my SSID (Score:3, Interesting)
Speaking of funny SSIDs, what are your SSIDs like?
I use a scientific ant name on mine.
Re:Hey thats my SSID (Score:3, Informative)
2013 access points... (Score:5, Insightful)
1430 of them being unsecured, that bothers the heck out of me.
-JDF
Re:2013 access points... (Score:5, Insightful)
Re:2013 access points... (Score:2)
Re:2013 access points... (Score:2)
Re:2013 access points... (Score:4, Informative)
Re:2013 access points... (Score:2)
Re:2013 access points... (Score:2)
Re:2013 access points... (Score:2)
Re:2013 access points... (Score:2)
But spoofing a mac is at least as hard as wep cracking
I don't know whether this will work for a wireless interface, but for the wired ethernet interfaces I've come across (NE2000, 3Com, Via, RealTek), a simple
...is sufficient to spoof a MAC address.
Re:2013 access points... (Score:2, Interesting)
Re:2013 access points... (Score:2)
Yes. I once set up a system using VPN- the wireless network was wide open; well, I did have WEP turned on, as if that matters :-)
But cracking wep didn't do you a lot of good, the wireless router plugged straight into a firewall- and it was set up with extremely paranoid filtering rules- nothing, not even DNS, nothing except VPN packets got through that.
The biggest weakness is the users machines- if somebody hacked one of those v
Re:2013 access points... (Score:3, Insightful)
But if we had more open access points, on purpose, there'd be no need for a wireless internet company. You'd just use whatever nearby WAP was up. Free internet wherever you go.
In other news, they flew into the future -- 2013! (Must have used a Cessna and a Commodore 64.) What are things like ten years from now??
Re:2013 access points... (Score:2, Insightful)
2013 access points for 20 million people isn't all that impressive, to me at least.
(If they had flown a little further south, down to the Irvine/Laguna/Mission Viejo areas, they would have started to see a few more secure points, as they flew over eEye and Foundstone, and all the new tech that's growing down here).
Just in time for the holidays (Score:2)
hg
How to leave my access point *IN*secure? (Score:5, Interesting)
Fine, corporate "enterprises" (beginning to hate that word) should have secured their wireless networks. But lets face it, most of the APs discovered are probably Linksys routers sitting in some dude's office. Exactly why do all of these need to be secured?
I'm a normal, conscientious Internet user. Most of the day, my Internet usage consists of email and (I admit) wasting time on Slashdot. I'm not looking at porn, and I'm not wasting significant amounts of bandwidth. Honestly, who should care if I happen to use their unprotected wireless network?
Furthermore, I personally wouldn't care if anyone used mine. I would love to feel confident that I could leave my wireless access point unprotected. Several points nag me, however:
- Every now and then, I'm going to want to download some Linux ISOs. (OK, I mean labels' entire catalogs of songs on MP3.) When I want to do that, *I* should have the bandwidth to do it. I pay for it, I get dibs. So far, I don't know of anything available to your average consumer that will let you throttle bandwidth for your "guests" at will (or, ideally, automatically -- my own MAC addresses get top priority).
- The kiddie porn issue is an issue. As is, I guess, MP3 downloading. I don't want to have to firewall out P2P ports (and play the game of "what port are they using this week") just to protect myself from people using my AP who are too dumb to cover their tracks. No, I do not believe "but my port was unprotected, open to the world" is going to hold up in court.
- People are, by and large, bastards. If I leave my AP unprotected, it's not going to be used occasionally by passers-by etc. It's going to be my next-door neighbor, using it to download massive AVIs all night long, all the time thinking "hee hee hee, this dumbass left his wireless AP unprotected." If I were to open my AP, I'd want the first thing to pop up on your browser to be a notice letting you know that, yes, I see you, yes, I'm logging you, and yes, if you were a decent person and you wanted to use this thing all the time, you might drop by, ring my doorbell, and offer to kick me a couple bucks every month.
Furthermore, I'd like to publicly thank the various people around town whose unprotected access points I've used without permission. You never knew I did it, but it probably saved me some hassle.And finally, I'd like to publicly ask owners of coffee shops, delis, diners, bars, and other lounge-around spots: Have you ever considered not charging for that miraculous wireless network you just "installed"? Face it, Internet access is a flat fee for you. You want to bring in customers to buy that cup of half-and-half (I once heard that milk-based froofy coffee drinks have such an exorbitant profit margin that Starbuck's is essentially in the milk business). So why not do it by offering them a place to sit around, relax, and use their laptops? Seems to me it's no skin off your nose. Coffee shops have been providing shelves of books for years -- why not Internet access?
I bring it up because the coffee shop down the street from my house recently switched from offering free wireless access to charging for it -- something like $15/month, fully a third of the cost of a DSL line that will give me full high-speed access around the clock. Lots of other places are starting to do the same here (San Francisco) -- the "trial period" is over, now you have to pay.
I ask you: Where's the sense in that? I had just gotten into the habit of spending my mornings in that coffee shop, eating bagels and coffee while I got some work done, when they pulled the rug out from under me. Now the main thing that keeps me going down there is the fact that a couple of the shop's neighbors have their own wireless APs -- unprotected, of course. So now I'm not going to the shop as often, I'm buying less coffee and bagels, and worse, you went ahead and paid for all that (evidently quite expensive) Internet hardware and now I'm not going to be part of that new profit-center either.
Make it free, man! Wired magazine said as much, months ago.
Sweet (Score:5, Funny)
Re:Sweet (Score:3, Interesting)
Re:Sweet (Score:3, Interesting)
Bye bye.. (Score:2, Funny)
heheh.. a page with some thumbnails linked to 175k-300K pictures. His site is so dead.
Re:Bye bye.. (Score:2, Funny)
I live in LA! (Score:5, Funny)
Re:I live in LA! (Score:2)
Comment removed (Score:3, Funny)
Re:Warflying Request: +1, Insightful (Score:2)
by flying over the Pentagon
Good luck getting into D.C. airspace. In fact, good luck even filing a flight plan that takes you within 1 mile of D.C. airspace. Come up on the radar as headed in that direction, and it'll be 1) Warning 2) Command 3) Blowing you into tasty bite-sized flaming chunks.
Better I think to stick to warflying where there's no chance of actually being fired upon.
East LA (Score:5, Funny)
And I can hear it already - hey ese, you forgot to encrypt your airport station, homes!
Slashdotted (Score:5, Informative)
The antenna was a mere Orinoco Omnidirectional Range Extender which was hand held. Unfortunately, the GPS didn't work for the first 20 minutes, and the wireless card crashed (had to reboot) while we were over long beach (took 7 minutes).
Equipment
Laptop Compaq Presario 2190US (2.4Ghz Celeron)
802.11b card Orinoco Silver
Antenna Orinoco 2-3dBi Omni
GPS Magellan Meridian
Software NetStumbler on Win2k
Flight Time: 1 hour 15 minutes @ 1400ft
(699x446 - 134k)
Statistics
Total APs 2013
No Encryption 1441 (71.6%)
WEP Encryption 572 (28.4%)
Default SSID 513 (24.5%)
Hackerish SSID
(h3lpm3) 15 (0.7%)
Informational SSID
(southcoastcircuits) 23 (1.1%)
Someone's Name 110 (5.5%)
NetStumbler Files
WarFlying (1.0MB)
The drive home (168k)
(for reference purposes)
Better yet, a mirror :) (Score:5, Informative)
My bad (Score:2)
all fun and games... (Score:5, Funny)
Yeah, it's all fun and games until someone gets caught flying upside down, no pants on, playing with the stick, lookin' at kiddie porn...
1400 feet? (Score:5, Interesting)
Re:1400 feet? (Score:5, Informative)
-N
Re:1400 feet? (Score:3, Informative)
More likely, they were picking up the signals diagonally through windows, rather than from directly below through roofs. One of the reasons satellite phones perform poorly indoors is because signals have difficulty passing through the roof. (Cellular towers are at much lower altitude, and their signals reach you mainly through windows.)
Re:1400 feet? (Score:5, Informative)
Same thing across open water. Although you get less range than in the air.
Re:1400 feet? (Score:2, Informative)
Most people don't put APs on their roofs, so I'd say that there is a lot to block those waves. Wood, shingles, metal, clay, etc. The antenna and a card with good sensitivity helped this a great deal.
Re:1400 feet? (Score:3, Interesting)
blank or default admin password (Score:2, Interesting)
(obvious)Orange County and LA County is not Santa Clara County I guess (/obvious)
Re: (Score:2)
Warbussing (Score:5, Interesting)
Re:Warbussing (Score:3, Insightful)
Re:Warbussing (Score:2, Insightful)
If the typical computer user has a choice between an access point that they just plugin and use, or one that they have to mess with, which do you think they'll most likely pick?
Does Anyone Know ... (Score:2)
Mirror (Score:5, Informative)
Coming slowly but surely!
Re:Mirror (Score:5, Funny)
The images are down to 50 wide now, and compressed better, but even with that the sheer volume of slashdotters is tough to handle
So how long before... (Score:3, Interesting)
Re:So how long before... (Score:2)
That said, I found some WAPs in my condo that I can connect to from my livingroom. I'm as-yet undecided if I want to siphon some bandwidth from them.
Regardless, when I go to visit my parent's place over the holidays, I'm making sure my dad's WA
How on earth is this the same? (Score:2)
On the other we got some redneck shooting at stuff from an airplane with real live bullets.
WiFi Security (Score:2, Interesting)
WEP is not secure, therefore, the fact that WEP is turned off doesn't make it insecure. The best thing to do with 802.11 is to turn off WEP and use secure application protocols, like Kerberos, OpenSSH, OpenAFS, SSL Imap, etc, etc... WEP only adds useless overhead.
And as far as the SSID goes, if you can snoop for the SSID what does it matter what the value is? Default or otherwise.
Warflying....ok.... (Score:5, Funny)
But WHY did you have to set up all those servers to syn SCO?
They are an honest company looking to make a profit from suing their potential customers, which doesnt follow the DOT COM era at all, so it should be profitable.
On a side note, you also violated homeland security.
hey! (Score:2)
Wow.. (Score:3, Interesting)
*Shrug.* Someone with actual light aircraft experience, please correct me..
Re:Wow.. (Score:3, Informative)
Except when necessary for takeoff or landing, no person may operate an aircraft below the following altitudes:
(a) Anywhere. An altitude allowing, if a power unit fails, an emergency landing without undue hazard to persons or property on the surface.
b) Over congested areas. Over any congested area of a city, town, or settlement, or over any open air assembly of persons, an altitude of 1,000 feet above the highest obstacle within a horizontal radius
Flew over my office. (Score:4, Insightful)
According to his map he flew right over one of our offices (Inglewood). It does seem enticing to stick an antenna out on the terrace and see what comes up. Especially since VPN traffic seems to be eating up mos of our T-1 these days.
on a side note I recently enquired at a major computer store. one which right now is advertising free set up. And talkign to the tech he assured me that all I had to do to set up a wireless network was plug it in. Now with things like nimda, Cade Red and such with the advent of everyoen goign wireless at home and not either encryting there connections or passwording it off. hackers/script kiddies will have a field day with this. I jus tpull up to some pure schmucks house log in launch and attack then drive off and the feds would never find me.
How much aggregate bandwidth? (Score:2)
Easy. (Score:2)
That's like saying 'Hey, I got 100 ethernet cables, since their all 100 MB i'm going super fast!'
Without etherchanneling or something aggergating said bandwidth with an equally large number of cards not much is going to happen.
Re:How much aggregate bandwidth? (Score:2)
"Never underestimate the bandwidth of a 747 full of laptops?"
You bastards! (Score:2, Funny)
You bastards! My AP is on that map!
No WEP != No security (Score:5, Insightful)
I've been playing with a WAP - my intention is to firewall it to the point that the only things you can do are DNS, DHCP, VPN, and accessing a password-protected HTTP proxy with bandwidth throttling.
The only thing WEP would do in such a case is prevent somebody from sniffing the proxy's password from the air, and if I cared I would just move the proxy over to HTTPS.
Just as WEP != secure, !WEP != !secure.
So all the "OMFG! 73% of all the APs we sniffed weren't using WEP, therefore 73% of all APs aren't secured" is somewhat flawed reasoning.
Granted, it is likely pretty close to the truth. But it is not guaranteed to be the truth.
MAC restrictions? (Score:2)
Re:MAC restrictions? (Score:2)
Enforcing Security (Score:3, Interesting)
There has to be some way of ensuring that people sort out the security on their boxes. How about not allowing the box to connect unless they change the default settings?
In several offices we used to set the first password for the user accounts as their user login, and then not allow the same password to be used again. We knew the temptation was too great for people to use their login as the network password (and too easy for someone to crack).
This is Evil. I like it. (Score:2)
Additional Data point... (Score:2)
My network doesn't show up in the list, though.
For the record, it's called "ACCESS DENIED" and it's got WEP enabled...
If you are in the neighborhood, and need access, just gimme a holler. Pants-less one-handed wardrivers need not apply.
WEP + MAC filtering (Score:2, Informative)
good how-to [arstechnica.com] if you're interested.
And stop broadcasting your SSID! =)
Re:WEP + MAC filtering (Score:5, Insightful)
MAC locking is only secure against very casual intrusion. Most cards (all?) can be re-flashed with a new MAC.
Re:WEP + MAC filtering (Score:2)
"re-flashed with a new MAC?"
I'll bet your computer is infested with the start button virus, isn't it?
Re:WEP + MAC filtering (Score:2)
In any case that only strengthens my point -- somebody can drive around and change MAC addresses in real time. MAC locking is useless.
That's about the number of Starbucks in LA (Score:3, Funny)
Which do not support WEP anyway.
What I find interesting... (Score:2)
In related news... live from the Sargasso Sea! (Score:3, Funny)
Defense against warflying: (Score:3, Funny)
A combination of AAA, Autonomous Advanced Algorithms and SAM systems, Secure Authority Message, designed to bring down any hostile airborne WLAN sniffer. Available in both US [fas.org] and Russian [fas.org] flavours.
High speed connectivity on planes (Score:2)
looks like they flew right over my apartment (Score:2)
netstumbler files (Score:2)
Re:netstumbler files (Score:2)
The Feds! (Score:2)
FAA called yet? (Score:3, Funny)
Re:Yes, but... (Score:2)
-1, Defamatory
Re:Interesting results (Score:2)
Here's the scoop on this: (Score:5, Informative)
1. He was flying in a plane over LA. -For simplicity's sake when flying under Class B Airspace, many pilots on VFR flights tend to stick to flying over interstates - its easy and keeps you out of trouble.
2. He had a laptop with only one 802.11 card and only one antenna for reception. The necessarily rules out any radio direction finding for accurate plotting of the access points. Instead what you see is what he picked up as he flew and the exact lat / long the plane was at at the time of the signal hit. If he could do some RDF by maybe having antennas in an array attached to the plane at say the wingtips he could with the right software plot out where each possible transmitter was. But he would need to know what altitude the plane was at, what the heading was and the different signal strengths received at each antenna as well as the distance between the antennas in his array. I don't know of any software out there that does this but the information to do this is readily available.
If he had that setup you would see a map with the projected location of each access point arrayed around the path of the aircraft.