WarXing

WarXing, NetStumbling or WILDing [ [http://www.bawug.org WILDing] ] is the activity of detecting publicly accessible computer systems or (wireless) networks. The 'X' may be replaced by a more specific activity to give the following terms:

*Wardriving — detecting Wi-Fi wireless networks by driving around with a Wi-Fi-equipped device, such as a laptop or a PDA, in one's vehicle.
*Warcycling; detecting Wi-Fi wireless networks by driving around with a Wi-Fi equipped device on a bicycle
*Warwalking — searching for Wi-Fi wireless networks by a person walking, using a Wi-Fi-equipped device, such as a laptop or a PDA.
*Warchalking — the name for marking the location of an active Wi-Fi wireless network with a chalk mark on the sidewalk.
*Warspying — detecting and viewing wireless video. Usually done by driving around with an x10 receiver. Similar to "Wardriving" only with wireless video instead of wireless networks.
*Warflying — using an aircraft and a Wi-Fi-equipped device, such as a laptop or a PDA, to detect Wi-Fi wireless networks.
*Warkayaking; detecting Wi-Fi wireless networks by kayaking with a Wi-Fi equipped device

These terms originated from wardialing, a technique popularized by a character played by Matthew Broderick in the film "WarGames", and named after that film. "Wardialing" in this context refers to the practice of using a computer to dial many phone numbers in the hopes of finding an active modem.

In practice

Warxing is done through the use of specific computer programs and hardware. The software used is usually Network discovery software, yet may also include RF monitor software, and GPS-logging programs, to aid the hacker with finding the exact position of wireless networks, and mapping them with GPS-information. Before commencing on warXing-trips, the user must always make sure he unbinds his NIC. This needs to be done to disable all communication towards APs (reception of packets remains however unchanged). The best approach to do this is to disable all network protocols (TCP/IP, Netware, NetBEUI, etc.). By disabling communication towards APs, any possible legal problems are avoided and another pracical problem is avoided as well. This practical problem is that autoconnection may automatically place the SSID in the wireless adapter operating profile, halting your ability of logging any additional stations encountered later-on. Unbinding the NIC can be done with the command:
ipconfig /release_all (in windows; command prompt)
ipconfig /release (in linux)
or by disabling the TCP/IP protocol in "Network Connections" (for Windows XP) [Hacking Wireless Networks for Dummies]

Popular software

For warxing, people may opt to install the software required separately or immediately install purpose-built OSs (Linux-variants) which have all warxing tools already installed and are even sometimes able to run as a Live CD. These Linux OSs are BackTrack, [ [http://www.smallnetbuilder.com/content/view/30114/98/ Description of BackTrack] ] WarLinux and Auditor. The purpose-built OSs also feature other tools to crack protected wireless networks and analyze the system. These activities however are no longer considered part of wardriving (only the discovery of the systems is), and are often illegal if the owner of the network has not given his permission. The tools are however useful to determine the own systems' vulnerability to attack and thus to fortify the system. Installing the software separately is considered more useful if one only wishes to conduct warxing, and not test the networks for vulnerabilities or even penetrate them.

Separate software can be installed on regular operating systems such as OS X, Linux or Windows. Often, a single network discovery software program as NetStumbler (windows, desktop), MiniStumbler (windows CE, handheld), KisMAC (desktop, Macintosh) or Kismet (Linux, desktop) is all which most people install. Network discovery software is used to discover and map out the open (as well as protected) WLANs in the area. WLANs which have the SSID broadcasting turned off require a passive scanner such as Kismet.

GPS-mapping software sometimes installed alongside includes Stumbverter and MapPoint. Netstumbler already records the GPS-information, yet does not place them on a map, which is why these programs are often added. However, MapPoint (a Microsoft product) is not free, and is thus often not an option for certain people. To suit this target group, a free alternative has been made called DiGLE. Also, [http://www.wifimaps.com/ WiFimaps] offers some utilities.

Finally, as mentioned before, some people also want to use the network information obtained trough the network discovery software (and other tools such as packet analyzers) to also hack the network. This activity, which is no longer considered warxing, may allow the hacker significant advantages. Hacking protected networks may allow Piggybacking (Internet access) or using the network as a "zombie", meaning using the connection to hack other PCs/networks and letting someone else look like the bad guy. Also, instead of hacking it, hackers may also decide to jam the network. RF-jamming can be done trough RF generators (e.g. from HP, Anritsu) or Power signal generators (e.g. from Terabeam Wireless, Global Gadget or Tektronix). Jamming (as well as Queensland and DoS-attacks) offcourse does not usually provide any advantage for the hacker, and is often done for retribution purposes.

How-to documents

Practical how-to information is available from documents as "The Definitive Guide to Wireless WarXing" [ [http://www.waraxe.us/ftopict-44.html The definitive guide to wireless warxing (full document online)] ] , "WarDriving HOWTO, "Wireless LAN resources for Linux", "Official Wireless Howto" [ [http://www.wardriving.com/doc.php Other Usable documents] ] , etc. More info may be gathered from books as "Hacking Wireless Networks for Dummies", which have sections about wardriving.

Hardware used

Warxing computers are usually only focused on portability. However, as most people beginning with warxing may also decide to do more labour-intensive operations as analyzing the network, looking for vulnerabilities later-on, they often resort to a mix of portability as well as computing power. Portability is required as the device has to be physically moved from one place to another (to get in the range of the WLAN-networks) and allot of computing power is required if one wishes to crack WEP or alternatively (EAP/WPA) protected networks trough mere computing power. To detect the networks, ARM, MIPS or SH3-cpu powered PDAs such as the HP iPAQ, HP Jornada or Casio MIPS are often used due to their high portability. [Hacking Wireless Networks for Dummies] Small laptops (13.3-15.4 inch) are used for both mapping out as cracking the WLANs, finally for wardriving purposes only, some individuals have reverted to building their mini-tower PC's into their car.

To power the computer, with wardriving, a AC power inverter is used to power/recharge the computer. Wireless network cards (with antenna jack) are always present in the PC, either trough inserting a external type or as an integrated one. An external antenna is often also added to extent the range. This is often done trough a commercially obtained one or trough a cantenna.

A gps-device is usually added to also record the GPS-coordinates of the wireless network. GPS-coodinates are usually automatically recorded along with other network information (IP, SSID, AP MAC-address or BSSID, ... ) in network discovery software as NetStumbler and Kismet.

Before buying the hardware, the person wishing to conduct warxing always first checks whether the antenna, gps-device and network card works with the OS he wishes to use. Generally, depending on the chipset (Hermes, Prism, Prism2, ...), not all cards/antennae work with any OS (which is often Linux). The Orinoco Gold Class is often picked, as it is supported the most. Also he must inspect on whether the OS can indeed use all integrated, necessary hardware present in the PC.

External links

* [http://www.caslon.com.au/warchalknote.htm Warchalking and wardriving]
* [http://map.airdump.net Wardrive Map]
* [http://www.warspyla.com WARspyLA.com]
* [http://www.warxing.pl WarXing in Poland - WarDriving and Warchalking]

References