This document functions as a starting guide to exploring wireless networks,
from a legal, ethical and security point of view. I hereby claim absolutely
no responsibility to which manner this information is used. Information is
neither inherently good nor evil, but how people choose to use that
information makes them good or evil.

Table of Contents

1. Introduction & Background.

1.1 Introduction
1.2 Copyright
1.3 Wardriving.com
1.4 Other Resources

2. What do I need to go Wardriving?

2.1 Computers
2.2 Wireless Cards
2.3 Antennas
2.4 Why should I have a GPS Unit?

3. Why are people wardriving?

3.1 Is it legal?
3.2 What can be done to stop it?

1. Introduction & Background

1.1 Introduction

The 802.11 networking standard, also known as, "Wireless Ethernet", WiFi, and
Wireless LAN has become very popular with Internet users and Corporations
looking for a cost-effective LAN extension that is easy to implement and
provides reliable service. The most popular implementation (as of April 2002)
is 802.11b. The 2.4Ghz range, 11Mb speed wireless LAN variety. 802.11b
encompasses all of the aforementioned characteristics, yet poorly implements
one of the most fundamental aspects of networking, the security. What is the
point of providing this type of service to your employees or even your
family if you cannot guarantee that their communications are secure. At least
with a wireless phone, someone cannot drive by your house and rack up your
phone bill. This is exactly the problem with Wireless Ethernet. People can
drive, walk or other wise approach the area that the wireless equipment can
transmit in, and share your internet access or connect to your computer.
This process is known as "wardriving", or "LAN jacking".

1.2 Copyright Wardriving.com 2002. All rights reserved.

Redistribution and use, with or without modification, are permitted provided
that the name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.

The author disclaims all warranties with regard to this document, including
all implied warranties of merchantability and fitness for a certain
purpose; in no event shall the author be liable for any special, indirect
or consequential damages or any damages whatsoever resulting from loss of
use, data or profits, whether in an action of contract, negligence or
other tortuous action, arising out of or in connection with the use of this
document.

Windows is a Trademark of Microsoft Corp.
Linux is a Trademark of Linus Torvalds
All other trademarks are the property of their respective owners.

1.3 Wardriving.com

Wardriving.com was started in April of 2001 following the news report of
wardriving by Pete Shipley, and it's rise in popularity. The site is a
one-man operation, it exists to further spread the knowledge about wireless
security and relay news articles from various sources. It consists mainly of
links and short writings on the subject. This HOWTO shall serve as an
introduction to the activity known as "wardriving". For the beginner this
will be a good source of starting information, but many links listed in
the next section will also be very helpful.

1.4 Other Resources

Here are links to other HOWTOs and relevant documents.

The Linux Wireless LAN HOWTO
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/

The Wireless HOWTO
http://www.ibiblio.org/pub/Linux/docs/HOWTO/Wireless-HOWTO

The Linux Laptop HOWTO
http://www.ibiblio.org/pub/Linux/docs/HOWTO/Laptop-HOWTO

The Linux PCMCIA HOWTO
http://www.ibiblio.org/pub/Linux/docs/HOWTO/PCMCIA-HOWTO

NetStumbler - Windows and Hermes based wireless cards
http://www.netstumbler.org/index.php

2 What do I need to go Wardriving?

2.1 Computers

The minimum requirement is an easily transported computer, 486 or faster
with a PCMCIA slot for the wireless card.

The recommended configuration is a Pentium 233 or better Laptop with one
free PCMCIA slot for the wireless card and a serial port for the GPS.

The super-stealth configuration is a laptop or sub-notebook concealed
within a backpack with antenna and GPS attached.

A laptop is not required, if you have the space and capacity to take a
full-sized computer with you, then as long as you have a wireless card it
will work.

2.2 Wireless Cards

Wireless cards let your computer talk to other computers, much like an
Ethernet card or a modem, just without the wires. Most 802.11b cards come in
the PCMCIA form factor. Some regular 802.11 gear consisted of SSA's (Single
Station Adapters) which acted as media translators between wireless and an
Ethernet card. However the PCMCIA form is most popular. There are adapters to
fit these cards into full-size computers through the PCI or ISA bus. Linux
does work the ISA variety, Windows with both ISA and PCI.

2.3 Antennas

Antennas are optional, but if you want to remain at a relatively safe
distance or you simply cannot approach the effective area of the wireless
access point, then they are a must. Many companies that sell cards, will also
sell you an antenna, but many cards do not come equipped with a jack to plug
an antenna in. So many have resorted to modifying cards to add jacks or
soldering wires to the built in antennas of their cards. Those same people
are building antennas from everything from Pringles cans to PVC pipe. These
are mainly directional designs, more commonly know as "yagi" style antennas.
They focus the 2.4Ghz wave, usually through a condenser, to an element
specifically placed in the antenna. These designs can be quite complicated,
so prior experience with HAM radio or antenna building would be a good idea.

2.4 Software

While this HOWTO mainly focuses on Linux, there are wardriving tools
available for Macintosh, Linux, BSD and Windows. There are many programs,
these are just a few notable ones, check wardriving.com for others.

Netstumbler is the most popular program for Windows and Lucent/Orinoco and
other Hermes-based chipset wireless cards. (http://www.netstumbler.org)

Airsnort is Linux program that breaks WEP encryption with Prism2 based
chipset.
(http://airsnort.shmoo.com/)

Wellenreiter is a Linux sniffer that works with both Hermes and Prism2
cards.
(http://www.remote-exploit.org)

Ap Scanner is a Macintosh program
(http://homepage.mac.com/typexi/Personal1.html)

Mognet is Java based program, portable. (http://http://www.chocobospore.org/)

2.5 GPS:Why should I have a GPS unit?

A question that I hear often. The GPS unit is used to output GPS coordinates
to the computers' serial port. When you find a wireless LAN, many programs
will log the exact coordinates (down to a few feet) of the effective range
of that wireless LAN. The standard protocol is called NEMA, and will
continuously dump to a serial port, via a special cable at 9600,8,N,1. This
is an optional piece of equipment if you have a good memory or street signs
to look at, but if you want to cover a large area in a short amount of time,
or are doing this alone, they are essential. Most GPS units run from $100 on
up to the thousands. The Garmin eTrex is nice for it's size and the 12V +
Serial cable.

3. Why are people Wardriving?

3.1 Is it legal?

There is no cut and dry answer to this question, but simply driving around a
city searching for the existence of wireless networks, with no ulterior
motive cannot be deemed illegal. However, if you are searching for a place to
steal internet access, or commit computer crimes then the wardriving you
performed was done in a malicious manner and could be treated as such in
court. Don't forget in the US, simply receiving radio transmissions on the
Cellular telephone frequencies (895-925 MHZ) is illegal, a similar law could
be written to discourage this, but this isn't likely.
As with any questionable activity, there are always two sides. Whether you
agree or disagree with the whole practice makes no difference to me, but in
the future, legal proceedings and violations may be related to wardriving.
Technology is not bound to ethics. It is the application and use (or abuse)
of that technology that brings ethics into it. To get back to the question
this technology is not really new (802.11 IEEE Standard - 1997), but this is
the peak of it's popularity. And at this peak it's good to get the kinks
worked out, and the security of wireless Ethernet is a pretty huge kink.
WEP(Wired Equivalent Privacy) uses up to 128-bit RC4 encryption, but it was
implemented wrong, so now it makes no difference whether or not you use it,
it's vulnerable. There are few built-in mechanisms that provide security, not
broadcasting the ESSID is a start, but a sniffer can pick it up, anything
else is left to other 3rd-party devices.

3.2 What can be done to stop it?

This is also not an easy question, there are some answers, don't use it, wait
for 802.11a, use tunneling or another authentication mechanism. If you have
determined that the information that will be transferred between your computer
and an access point will not contain any personal or confidential data, then
there s no problem in using the technology. Although, being blind to the fact
that anyone can share your network is no excuse when someone pilfers your
credit card number or cracks their way into your computers and across the
Internet. I haven’t made that decision, but I will not set up an access point
on my internal network.

As far as third party devices go, there are new technologies that are
hardware-based and permit only certain authenticated hosts to use that
connection, and provide separate encryption. There are also software
solutions, from RADIUS, to PPPoE, PPTP, IPSec, and using a firewall in
connection with any of these technologies will help. Placing the Access
Point on a DMZ and using tunneling to encrypt and authenticate users is the
securest solution, next to waiting for something better.