Web Informant #268, 30 October 2001:
Stealing wireless bandwidth is easy

http://www.strom.com/awards/268.html

Wireless security is becoming one of those oxymorons, like military intelligence. Luckily the tools to keep track of unsecured wireless networks are getting better, thanks to some dedicated people like Marius Milner and the NetStumbler shareware.

Why is there a problem? Several reasons. First, the encryption tools that are used to secure wireless networks are easily broken. Papers published earlier this year point out ways that anyone can defeat them, and this article is just one of numerous places that go into the details.

Second, most wireless access points don't enable encryption anyway, and that coupled with a DHCP server that many access points have also built-in means trouble. Anyone driving by can easily grab an IP address and gain access to your network without anything more than a standard laptop. It is easy, and in fact my colleague Mark Gibbs goes into further details here in his column in Network World this week.

Gibbs turned me on to NetStumbler.com. Here is the scenario. You install this software on a laptop, along with an Orinoco WaveLAN wireless Ethernet PC Card. Then ask a friend to drive you around town. (The practice is called "war driving.") If you come into range of a wireless access point, NetStumbler will pick it up and let you know several things: whether the access point has encryption turned on or not, what its Media Access Control address is, the name of the network or vendor, and signal strength and other parameters. What it won't tell you is the packet stream coming from that access point -- but that is easily enough accomplished with other "sniffing" tools that you can load on your laptop.

What NetStumber is good for, especially for corporate networkers, is to search out unsecured wireless access points. The web site displays the locations of many of them, and not surprising these map well along the major high-tech corridors around the US. And on their web site are links to other drive-by networkers, who have discovered numerous unsecured wireless locations around the world: riding their bikes through London, floating down the canals of Amersterdam (now why can't I get a job like that?), and so forth.

One thing I quickly realized is that wireless networking may be a very big Pandora's box, particularly for residential networking users. Many people, who would otherwise double-lock their doors and use sophisticated alarm systems to secure their physical premises leave their homes wide open for someone to drive by and steal some of their bandwidth. Granted, this isn't quite the same thing as breaking and entering, but it is the moral equivalent and it could put some of your data files at risk if you haven't set up your network properly. Very few home networkers understand that the threat coming from a wireless war driver is more troubling than from an outsider trying to come through their cable modem, because the war driver can connect on the local network and see everything that you do with the right kind of tools.

NetStumbler is a great idea, and one that I recommend trying out. It is also useful to show the relative radio characteristics of various access points: I put up three different products around my office and as I moved them around my building, got to see very quickly which ones worked better at broadcasting their wireless network and which ones had better constructed radios. Of course, that may not always be an asset, particularly if you are worried about war drivers who can glom on to your bandwidth.

Self-promotions dep't

I will be exploring these and other topics on wireless security as the featured guest on SearchSecurity.com's next online chat, taking place tomorrow at noon Eastern time. Go to this link to register, or to view the archives if you can't tune in. As you may know, I write regular columns for both SearchSecurity and SearchWin2000.com, reviewing notable and worthy products that I have used over the years.

My next real-world speaking engagement is next Wednesday November 7th, where I'll be part of O'Reilly's Peer to Peer conference in Washington DC. I'll be talking about peer file sharing technologies, and you can download my slides here if you can't make it to the conference.

Finally, to tie up the security and home networking angle, I'll be giving a reading and signing copies of my latest book, the Home Networking Survival Guide, at the Manhasset NY Barnes and Noble next Thursday November 8th at 8pm. You are welcome to stop by if you are in the area, and meet some of my high school networking students who will be eagerly attending. If you haven't picked up a copy of my book yet, you can do so by going to this page below. I have begun to do a few radio station interviews and will post links to them here as well:

To subscribe, send a blank email to
informant-subscribe@pez.oreillynet.com

To be removed from this list, send a blank email to
informant-unsubscribe@pez.oreillynet.com

David Strom
david@strom.com
+1 (516) 944-3407
back issues
entire contents copyright 2001 by David Strom, Inc.
Web Informant is ® registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.