Subscribe to
NSLog(); Header Image

War Driving

A friend of mine, who lives near Baltimore, did some war driving:

We did this in two sessions of driving. The first was about fifteen minutes (driving to a restaurant and back), the second was about an hour and a half (we actually drove through apartment and housing complexes the second time instead of just sticking to the main roads).

54 unique wireless networks
6 ad-hoc networks, the rest were APs

34 of those networks had WEP turned off
12 had the default linksys SSID
5 just had an SSID of "default"
4 had an SSID of "wireless"
2 had an SSID of "MSHOME"
1 had the default 3com SSID
1 had an SSID of "cvsretail"
The rest of those 34 had various SSIDs.

Most of the wireless APs we found were near middle income apartment buildings. We drove only about twenty or thirty miles total.

One day I should get a friend together and do some war kayaking. 🙂

3 Responses to "War Driving"

  1. Why is it called war driving?

  2. I've read 1001 articles about people driving around and spotting APs, as if that is some big deal. Even if the WEP is off.

    I leave the WEP off because I don't want to take the performance hit that comes with it. But you can't get on my network unless you're on my MAC list. Of course, some are clever enough to fake their MAC, but those same people could probably crack your WEP anyway.

    I'd like to know how you can get on to a strange network if you don't know their IP. Netstumbler (and others) only give you the SSID and the MAC and that's not enough if their DHCP is off.

  3. MAC addressing isnt hard to spoof, their are numerous programs that will do it in seconds. I've done it a couple times when the wireless at my university disconnects me but wont let me back on cuz it says i'm still on.

    As for not knowing the ip of a strange network u wanna connect to, everyone who knows a bit about computers knows that the 10.0.*.* range and 192.168.*.* range are reserved for private networks, meaning if a router sees that address or your computer sees an address like that it knows to look internally before looking on the net.

    and most people are too lazy to change the ip address of the AP (ie. *.*.*.1).

    As for WEP, it requires a lot more time then one would imagine, in order for someone to crack a WEP they need to have several thousand if not millions of packets coming from that AP to compare and contrast and figure out what the WEP is.