Anyone running a wireless card and using OpenBSD or FreeBSD should definitely check out bsd-airtools:

http://www.dachb0den.com/projects/bsd-airtools.html

I have to admit that I've been meddling rather heavily with airtools over the past month or two and it has provided hours of entertainment. Malicious activity has by no means been my entertainment therein... just to be clear.

Just wondering if others might share some views/thoughts/experiences on the whole wireless situation these days and any stories they might have in relation to "security audits" and WLAN "discoveries" :wink:

I've had a few simple and short wardrives with KrUsTy! recently in the Toronto area and we both have been shocked/appalled at the number of non secure WLAN's out there!!! Even the ones running WEP are troublesome but that's a different story entirely!!! On a short 15 minute drive to KrUsTy's place we discovered 48 WLAN's. On another 30 minute drive up near the airport we hit 86 or so. Unfuckingbelievable. T.O. must me the wireless capital of the world:

http://www.nakedwireless.ca/winudcol.htm

For those of you not familiar with T. the above is a very small area of downtown.

Heh, i believe it, wireless is a MAJOR problem, and no one seems to care...
At Ericsson i discovered an open Net that the VP was running, reported it to MIS, they made him fix it. I come back a week later, turn on wep on my card and get in again in seconds. Needless to say i didnt make any upper level management friends when they got chewed out a 2nd time by MIS =P

I have to admit I've done a little war-driving myself. In good 'ole ATL wireless is just as big of a problem. Driving no more than five miles from my house picks up about 40 or 50 wireless nets most setup without WEP and with nothing but the default configs on the WAP.

Dstumbler in the new monitor mode is also pretty sweet. Anyone checked out the new beta version which has traffic injection?

The sad thing about it is that most companies could careless or worse are oblivious to the problem. I've even found a couple of banks that are using WAPS inside unweped! doen't make you feel very safe about your money does it.

On another interesting note. Keep in mind I'd never advocate something like this. Much less would I ever do anything of the sort. There's a popular coffee chain running a wireless service for the public these days. Seems that they just redirect port 80 traffic through a proxy using the WCCP protocol. Hmmmm.... funny they allow all sorts of other traffic to be let out like ssh....... I do love free ssh services on the net that allow completely anon. access and port forwarding........

Again not that I'd ever do anything of the sort, or ever even attempted. ;)

Those drives with MiNi0n have been a real eye opener. We started into the wireless stuff about a year ago, and it seems the problem is MUCH worse now. Most of the things we find are d-link and linksys base stations just taken out of the box and plugged in. Not even taken off the default settings. We detect them all over the place! (the dstumbler in the bsd airtools is nice enough to mark a particular network when found as having the default settings...)

So this last Friday night I was out drinking with a bunch of friends of mine at a bar that I had never been to before. The place is a bit upscale and I quickly notice that all the cash registers are Macs using Mac OS X! Cool. Then I notice at the main register at the front of the bar has an Apple wireless base station set up. All of their registers through-out the place are connected via wireless!! YIKES, I hope they are at least doing WEP... Needless to say I settled my tab with cash..... :roll:

When MiNi0n and I started playing a year ago we found a place with a wide open wireless net. A fairly big company. We went back just recently to see if they had closed their network, hell at least WEP it, and its still open, nothing had changed. Even in a year they don't have a clue. We've thought about trying to tell them they have a problem, but fairly unsure how to do that without perhaps casuing ourselves some trouble. To be clear we just look for networks, not get inside them, but most people would not understand the difference... With so many unsecure wireless networks out there it would perhaps be a good business helping people get secure. Thats is if you could convince them its a problem.

From my office in downtown Toronto, I can detect up to 5 wireless networks just sitting at my desk!! :shock:

{K}

With so many unsecure wireless networks out there it would perhaps be a good business helping people get secure. Thats is if you could convince them its a problem.

Now THAT is a business opportunity if I was ever slapped in the face by one.
Holy cow I think I'm seeing dollar $ign$ :)

Anyone tried this on FreeBSD 5.2 yet? I'm curious to see if the support is any better.