WarXing
Encyclopedia
WarXing NetStumbling or WILDing is the activity of detecting publicly accessible computer systems or (wireless) networks. The 'X' may be replaced by a more specific activity to give the following terms:
These terms originated from wardialing, a technique popularized by a character played by Matthew Broderick
in the film WarGames
, and named after that film. Wardialing in this context refers to the practice of using a computer
to dial many phone
numbers in the hopes of finding an active modem
.
While it doesn't conform to the "WarXing" pattern, bluedriving (wardriving against Bluetooth networks) has also been seen as a related word.
, and GPS-logging programs, to aid the hacker in finding the exact position of wireless networks, and mapping them with GPS-information. Before commencing on a warXing trip, the user must always make sure he unbinds his NIC. This needs to be done to disable all communication towards APs (reception of packets remains however unchanged). The best approach to do this is to disable all network protocols (TCP/IP, Netware, NetBEUI, etc.). By disabling communication towards APs, any possible legal problems are avoided and another practical problem is avoided as well. This practical problem is that autoconnection may automatically place the SSID in the wireless adapter operating profile, halting your ability to log any additional stations encountered later on. Unbinding the NIC can be done with the command:
or by disabling the TCP/IP protocol in "Network Connections" (for Windows XP)
. These Linux OSs are BackTrack
, WarLinux and Auditor. The purpose-built OSs also feature other tools to crack protected wireless networks and analyze the system. These activities however are no longer considered part of wardriving (only the discovery of the systems is), and are illegal if the owner of the network has not given his permission. The tools are however useful to determine one's own systems' vulnerability to attack and thus to fortify the system. Installing the software separately is considered more useful if one only wishes to conduct warXing, and not test the networks for vulnerabilities or even penetrate them.
Separate software can be installed on regular operating systems such as Mac OS X, Linux or Windows. Often, a single network discovery software program as NetStumbler
(windows, desktop), MiniStumbler (windows CE, handheld), KisMAC
(desktop, Macintosh) or Kismet (Linux, desktop) is all that most people install. Network discovery software is used to discover and map out the open (as well as protected) WLANs in the area. WLANs which have the SSID broadcasting turned off require a passive scanner such as Kismet.
GPS-mapping software sometimes installed alongside includes Stumbverter and MapPoint. Netstumbler records the GPS-information, but does not place it on a map, which is why these programs are often added. MapPoint (a Microsoft product) is not free, however, and is thus often not an option for certain people. To suit this target group, a free alternative has been made called DiGLE. Also, WiFimaps offers some utilities.
Finally, some people want to use the network information obtained through the network discovery software (and other tools such as packet analyzers) to also hack the network. This activity, which is no longer considered warXing, may allow the hacker significant advantages. Hacking protected networks may allow Piggybacking (Internet access)
or using the network as a "zombie
", meaning using the connection to hack other PCs/networks and letting someone else look like the bad guy. Also, instead of hacking it, hackers may also decide to jam the network. RF-jamming can be done through RF generators (e.g. from HP, Anritsu) or Power signal generators (e.g. from Terabeam Wireless, Global Gadget or Tektronix). Jamming (as well as Queensland and DoS-attacks) of course does not usually provide any advantage for the hacker, and is often done for retribution purposes.
or (EAP
/WPA
) protected networks. To detect wireless networks, ARM, MIPS or SH3-cpu powered PDA
s such as the HP iPAQ, HP Jornada or Casio MIPS are often used due to their high portability. Small laptops (13.3–15.4 inch) are used for both mapping out as well as cracking the WLANs.
Finally, for wardriving purposes only, some individuals have resorted to building mini-tower PCs into their cars. To power the computer for wardriving, an AC power inverter is used to power or recharge the computer. Wireless network cards (with antennae jacks) are always present in the PC, either by inserting an external type or using an integrated one. To extend the range, an external antenna is sometimes added, either a commercially obtained one or a cantenna
.
A GPS device is usually added to record the GPS coordinates of the wireless network. GPS coordinates are usually automatically recorded along with other network information (IP, SSID, AP MAC-address or BSSID, ... ) in network discovery software as NetStumbler and Kismet.
- Warcarting — Wardriving, but instead of a car, a shopping cart
- WarchalkingWarchalkingWarchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network.Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document...
— the name for marking the location of a Wi-Fi wireless network with a chalk mark on the sidewalk. - Warcycling — detecting Wi-Fi wireless networks by cycling around with a Wi-Fi equipped device on a bicycle
- War dialingWar dialingWar dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines...
— detecting computer systems linked to the telephone network by dialing every number in an area code - WardrivingWardrivingWardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or PDA....
— detecting Wi-Fi wireless networks by driving around with a Wi-Fi-equipped device, such as a laptop or a PDAPersonal digital assistantA personal digital assistant , also known as a palmtop computer, or personal data assistant, is a mobile device that functions as a personal information manager. Current PDAs often have the ability to connect to the Internet...
, in one's vehicle. - WarflyingWarflyingWarflying or warstorming is an activity consisting of using an airplane and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks...
— using an aircraft and a Wi-Fi-equipped device, such as a laptop or a PDA, to detect Wi-Fi wireless networks. - Warrunning; detecting Wi-Fi wireless networks by running with a Wi-Fi equipped device.
- WarspyingWARviewingWarViewing is the sport and hunt for unprotected 2.4 GHz video feeds. These are usually broadcast from X10 cameras in major cities from traffic cameras, lobbies, or locally owned shops...
— detecting and viewing wireless video. Usually done by driving around with an x10X10 (industry standard)X10 is an international and open industry standard for communication among electronic devices used for home automation, also known as domotics. It primarily uses power line wiring for signaling and control, where the signals involve brief radio frequency bursts representing digital information...
receiver. Similar to "Wardriving" only with wireless video instead of wireless networks. - Wartoothing — The same concept as warwalking, except using bluetooth devices.
- Wartransit — same as wardriving, except done aboard a local transit bus, subway, or commuter train.
- Wartrawling — detecting Wi-Fi wireless networks at sea with a Wi-Fi-equipped device in the vicinity of vessels receiving via satellite and broadcasting Wi-Fi for their onboard network. Coined by FTC/SS Donald A. Davis, USN, upon implementation of the first Wi-Fi networks on US Submarines.
- Warwalking — searching for Wi-Fi wireless networks by a person walking, using a Wi-Fi-equipped device, such as a laptop or a PDA.
These terms originated from wardialing, a technique popularized by a character played by Matthew Broderick
Matthew Broderick
Matthew Broderick is an American film and stage actor who, among other roles, played the title character in Ferris Bueller's Day Off, Adult Simba in The Lion King film series, and Leo Bloom in the film and Broadway productions of The Producers.He has won two Tony Awards, one in 1983 for his...
in the film WarGames
WarGames
WarGames is a 1983 American Cold War suspense/science-fiction film written by Lawrence Lasker and Walter F. Parkes and directed by John Badham. The film stars Matthew Broderick and Ally Sheedy....
, and named after that film. Wardialing in this context refers to the practice of using a computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
to dial many phone
Phone
Within phonetics, a phone is:* a speech sound or gesture considered a physical event without regard to its place in the phonology of a language* a speech segment that possesses distinct physical or perceptual properties...
numbers in the hopes of finding an active modem
Modem
A modem is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data...
.
While it doesn't conform to the "WarXing" pattern, bluedriving (wardriving against Bluetooth networks) has also been seen as a related word.
In practice
WarXing is done using specific computer programs and hardware. The software used is usually Network discovery software, but may also include RF monitor softwareRF monitor software
RF monitor software is a software which is able to detect signal strength and bit error rate of wireless networks. The software includes network discovery software programs as KIsmet and Network stumbler, yet these latter provide much more information about the network itself, and are not as...
, and GPS-logging programs, to aid the hacker in finding the exact position of wireless networks, and mapping them with GPS-information. Before commencing on a warXing trip, the user must always make sure he unbinds his NIC. This needs to be done to disable all communication towards APs (reception of packets remains however unchanged). The best approach to do this is to disable all network protocols (TCP/IP, Netware, NetBEUI, etc.). By disabling communication towards APs, any possible legal problems are avoided and another practical problem is avoided as well. This practical problem is that autoconnection may automatically place the SSID in the wireless adapter operating profile, halting your ability to log any additional stations encountered later on. Unbinding the NIC can be done with the command:
-
ipconfig /release_all(in windows; command prompt) -
ip link set dev interface-name down
or by disabling the TCP/IP protocol in "Network Connections" (for Windows XP)
Popular software
For warXing, people may opt to install the required software separately or immediately install purpose-built OSs (Linux-variants) which have all warXing tools already installed and are even sometimes able to run as a Live CDLive CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
. These Linux OSs are BackTrack
BackTrack
BackTrack is an operating system based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm...
, WarLinux and Auditor. The purpose-built OSs also feature other tools to crack protected wireless networks and analyze the system. These activities however are no longer considered part of wardriving (only the discovery of the systems is), and are illegal if the owner of the network has not given his permission. The tools are however useful to determine one's own systems' vulnerability to attack and thus to fortify the system. Installing the software separately is considered more useful if one only wishes to conduct warXing, and not test the networks for vulnerabilities or even penetrate them.
Separate software can be installed on regular operating systems such as Mac OS X, Linux or Windows. Often, a single network discovery software program as NetStumbler
NetStumbler
NetStumbler is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows operating systems from Windows 2000 to Windows XP...
(windows, desktop), MiniStumbler (windows CE, handheld), KisMAC
KisMAC
KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet...
(desktop, Macintosh) or Kismet (Linux, desktop) is all that most people install. Network discovery software is used to discover and map out the open (as well as protected) WLANs in the area. WLANs which have the SSID broadcasting turned off require a passive scanner such as Kismet.
GPS-mapping software sometimes installed alongside includes Stumbverter and MapPoint. Netstumbler records the GPS-information, but does not place it on a map, which is why these programs are often added. MapPoint (a Microsoft product) is not free, however, and is thus often not an option for certain people. To suit this target group, a free alternative has been made called DiGLE. Also, WiFimaps offers some utilities.
Finally, some people want to use the network information obtained through the network discovery software (and other tools such as packet analyzers) to also hack the network. This activity, which is no longer considered warXing, may allow the hacker significant advantages. Hacking protected networks may allow Piggybacking (Internet access)
Piggybacking (internet access)
Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary by...
or using the network as a "zombie
Zombie
Zombie is a term used to denote an animated corpse brought back to life by mystical means such as witchcraft. The term is often figuratively applied to describe a hypnotized person bereft of consciousness and self-awareness, yet ambulant and able to respond to surrounding stimuli...
", meaning using the connection to hack other PCs/networks and letting someone else look like the bad guy. Also, instead of hacking it, hackers may also decide to jam the network. RF-jamming can be done through RF generators (e.g. from HP, Anritsu) or Power signal generators (e.g. from Terabeam Wireless, Global Gadget or Tektronix). Jamming (as well as Queensland and DoS-attacks) of course does not usually provide any advantage for the hacker, and is often done for retribution purposes.
How-to documents
Practical how-to information is available from documents such as "The Definitive Guide to Wireless WarXing" , "WarDriving HOWTO", "Wireless LAN resources for Linux", "Official Wireless Howto" , etc. More info may be gathered from books such as "Hacking Wireless Networks for Dummies", which have sections about wardriving.Hardware used
WarXing computers are usually focused on portability. WarXers will often prefer to do the more labour-intensive operations, such as analyzing the network and looking for vulnerabilities, at a later time, so they resort to a mix of portability and computing power. Portability is required as the device has to be physically moved from one place to another (to get in the range of the WLAN networks), and computing power is required if one wishes to crack WEPWired Equivalent Privacy
Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network...
or (EAP
EAP
- Organizations :*EA Patras, a Greek sports club* The business school, which, after merging with ESCP, became ESCP Europe*European Workers Party *European Association for Psychotherapy...
/WPA
Wi-Fi Protected Access
Wi-Fi Protected Access and Wi-Fi Protected Access II are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks...
) protected networks. To detect wireless networks, ARM, MIPS or SH3-cpu powered PDA
PDA
A PDA is most commonly a Personal digital assistant, also known as a Personal data assistant, a mobile electronic device.PDA may also refer to:In science, medicine and technology:...
s such as the HP iPAQ, HP Jornada or Casio MIPS are often used due to their high portability. Small laptops (13.3–15.4 inch) are used for both mapping out as well as cracking the WLANs.
Finally, for wardriving purposes only, some individuals have resorted to building mini-tower PCs into their cars. To power the computer for wardriving, an AC power inverter is used to power or recharge the computer. Wireless network cards (with antennae jacks) are always present in the PC, either by inserting an external type or using an integrated one. To extend the range, an external antenna is sometimes added, either a commercially obtained one or a cantenna
Cantenna
A cantenna is a directional waveguide antenna for long-range Wi-Fi used to increase the range of a wireless network.- Origin of the name:...
.
A GPS device is usually added to record the GPS coordinates of the wireless network. GPS coordinates are usually automatically recorded along with other network information (IP, SSID, AP MAC-address or BSSID, ... ) in network discovery software as NetStumbler and Kismet.