Wardriving is the practice of searching wireless networks while moving. Originally, it was explicitly referred to as people searching for wireless signals by driving in vans, but nowadays it generally identifies people searching for wireless accesses while moving. Despite the legal aspects, this “quest for connectivity” spawned a quite productive underground community, which developed powerful tools, relying on cheap and standard hardware. The knowledge of these tools and techniques has many useful aspects. Firstly, when designing the security framework of a wireless LAN (WLAN), the knowledge of the vulnerabilities exploited at the basis of wardriving is a mandatory step, both to avoid penetration issues and to detect whether attacks are ongoing. Secondly, hardware and software developers can design better devices by avoiding common mistakes and using an effective suite for conducting security tests. Lastly, people who are interested in gaining a deeper understanding of wireless standards can conduct experiments by simply downloading software running on cost effective hardware. With such preamble, in this chapter we will analyze the theory, the techniques, and the tools commonly used for wardriving IEEE 802.11-based wireless networks.
Key Terms in this Chapter
Wardriving: Wardriving is the activity of “driving around, looking for wireless networks.”
Packet Injection: Packet injection is the activity of inserting a packet in a network for some purpose. For instance, when attacking a WEP-protected network, to stimulate the traffic production to gain more data to be analyzed.
Active Mode: Active mode is an operative mode where scanning is done via probe packets. As a consequence, the scanner does not remain undetected.
MAC Address Filtering: MAC address filtering is a technique that allows/denies network accesses only for a predefined MAC address.
rfmon: rfmon is an operative mode of IEEE 802.11-based air interfaces, allowing to scan for access points while remaining undetectable, since the card does not send any probe packets.
MAC Spoofing: MAC spoofing is changing the MAC of the L2 interface. Typically it is employed to by-pass MAC address filtering.
Wired Equivalent Privacy (WEP): WEP is an encryption mechanism with many security flaws. Recognized as a real security issue, it has been replaced by wireless protected access (WPA).