WarXing

WarXing (Pronounced "Work-sing"), NetStumbling or WILDing ^[1] is the activity of detecting publicly accessible computer systems or (wireless) networks. The 'X' may be replaced by a more specific activity to give the following terms:

• Wardialing — detecting computer systems linked to the telephone network by dialing every number in an area code
• Wardriving — detecting Wi-Fi wireless networks by driving around with a Wi-Fi-equipped device, such as a laptop or a PDA, in one's vehicle.
• Warcycling — detecting Wi-Fi wireless networks by cycling around with a Wi-Fi equipped device on a bicycle
• Warwalking — searching for Wi-Fi wireless networks by a person walking, using a Wi-Fi-equipped device, such as a laptop or a PDA.
• Warrunning; detecting Wi-Fi wireless networks by running with a Wi-Fi equipped device.
• Warchalking — the name for marking the location of an active Wi-Fi wireless network with a chalk mark on the sidewalk.
• Warspying — detecting and viewing wireless video. Usually done by driving around with an x10 receiver. Similar to "Wardriving" only with wireless video instead of wireless networks.
• Warflying — using an aircraft and a Wi-Fi-equipped device, such as a laptop or a PDA, to detect Wi-Fi wireless networks.
• Wartoothing — The same concept as warwalking, except using bluetooth devices.
• Warcarting — Wardriving, but instead of a car, a shopping cart ^[2]

These terms originated from wardialing, a technique popularized by a character played by Matthew Broderick in the film WarGames, and named after that film. Wardialing in this context refers to the practice of using a computer to dial many phone numbers in the hopes of finding an active modem.

While it doesn't conform the "WarXing" pattern, bluedriving (wardriving against Bluetooth networks) has also been seen as a related word.

In practice

WarXing is done through the use of specific computer programs and hardware. The software used is usually Network discovery software, yet may also include RF monitor software, and GPS-logging programs, to aid the hacker with finding the exact position of wireless networks, and mapping them with GPS-information. Before commencing on warXing-trips, the user must always make sure he unbinds his NIC. This needs to be done to disable all communication towards APs (reception of packets remains however unchanged). The best approach to do this is to disable all network protocols (TCP/IP, Netware, NetBEUI, etc.). By disabling communication towards APs, any possible legal problems are avoided and another practical problem is avoided as well. This practical problem is that autoconnection may automatically place the SSID in the wireless adapter operating profile, halting your ability of logging any additional stations encountered later-on. Unbinding the NIC can be done with the command:

• ipconfig /release_all (in windows; command prompt)
• ip link set dev interface-name down

or by disabling the TCP/IP protocol in "Network Connections" (for Windows XP) ^[3]

Popular software

For warXing, people may opt to install the software required separately or immediately install purpose-built OSs (Linux-variants) which have all warXing tools already installed and are even sometimes able to run as a Live CD. These Linux OSs are BackTrack,^[4] WarLinux and Auditor. The purpose-built OSs also feature other tools to crack protected wireless networks and analyze the system. These activities however are no longer considered part of wardriving (only the discovery of the systems is), and are often illegal if the owner of the network has not given his permission. The tools are however useful to determine the own systems' vulnerability to attack and thus to fortify the system. Installing the software separately is considered more useful if one only wishes to conduct warXing, and not test the networks for vulnerabilities or even penetrate them.

Separate software can be installed on regular operating systems such as Mac OS X, Linux or Windows. Often, a single network discovery software program as NetStumbler (windows, desktop), MiniStumbler (windows CE, handheld), KisMAC (desktop, Macintosh) or Kismet (Linux, desktop) is all which most people install. Network discovery software is used to discover and map out the open (as well as protected) WLANs in the area. WLANs which have the SSID broadcasting turned off require a passive scanner such as Kismet.

GPS-mapping software sometimes installed alongside includes Stumbverter and MapPoint. Netstumbler already records the GPS-information, yet does not place them on a map, which is why these programs are often added. However, MapPoint (a Microsoft product) is not free, and is thus often not an option for certain people. To suit this target group, a free alternative has been made called DiGLE. Also, WiFimaps offers some utilities.

Finally, some people also want to use the network information obtained through the network discovery software (and other tools such as packet analyzers) to also hack the network. This activity, which is no longer considered warXing, may allow the hacker significant advantages. Hacking protected networks may allow Piggybacking (Internet access) or using the network as a "zombie", meaning using the connection to hack other PCs/networks and letting someone else look like the bad guy. Also, instead of hacking it, hackers may also decide to jam the network. RF-jamming can be done through RF generators (e.g. from HP, Anritsu) or Power signal generators (e.g. from Terabeam Wireless, Global Gadget or Tektronix). Jamming (as well as Queensland and DoS-attacks) ofcourse does not usually provide any advantage for the hacker, and is often done for retribution purposes.

How-to documents

Practical how-to information is available from documents as "The Definitive Guide to Wireless WarXing" ^[5], "WarDriving HOWTO", "Wireless LAN resources for Linux", "Official Wireless Howto" ^[6], etc. More info may be gathered from books as "Hacking Wireless Networks for Dummies", which have sections about wardriving.

Hardware used

WarXing computers are usually only focused on portability. However, warXers will often prefer to do the more labour-intensive operations, such as analyzing the network, and looking for vulnerabilities at a later time; they often resort to a mix of portability and computing power. Portability is required as the device has to be physically moved from one place to another (to get in the range of the WLAN networks) and much computing power is required if one wishes to crack WEP or alternatively (EAP/WPA) protected networks. To detect wireless networks, ARM, MIPS or SH3-cpu powered PDAs such as the HP iPAQ, HP Jornada or Casio MIPS are often used due to their high portability. ^[3] Small laptops (13.3–15.4 inch) are used for both mapping out as well as cracking the WLANs; finally for wardriving purposes only, some individuals have reverted to building their mini-tower PCs into their cars.

To power the computer for wardriving, an AC power inverter is used to power or recharge the computer. Wireless network cards (with antennae jacks) are always present in the PC, either through inserting an external type or as an integrated one. An external antenna is often added to extend the range. This is usually done through a commercially obtained one or through a cantenna.

A GPS device is usually added to record the GPS coordinates of the wireless network. GPS-coordinates are usually automatically recorded along with other network information (IP, SSID, AP MAC-address or BSSID, ... ) in network discovery software as NetStumbler and Kismet.

External links

• Warchalking and wardriving
• Wardrive Map (uploadable database of kismet logs)
• WARspyLA.com
• WarXing in Poland - WarDriving and Warchalking

See also

• Legality of piggybacking

References