WarXing (Pronounced "Work-sing"), NetStumbling or WILDing [1] is the activity of detecting publicly accessible computer systems or (wireless) networks. The 'X' may be replaced by a more specific activity to give the following terms:
These terms originated from wardialing, a technique popularized by a character played by Matthew Broderick in the film WarGames, and named after that film. Wardialing in this context refers to the practice of using a computer to dial many phone numbers in the hopes of finding an active modem.
While it doesn't conform to the "WarXing" pattern, bluedriving (wardriving against Bluetooth networks) has also been seen as a related word.
Contents |
WarXing is done using specific computer programs and hardware. The software used is usually Network discovery software, but may also include RF monitor software, and GPS-logging programs, to aid the hacker in finding the exact position of wireless networks, and mapping them with GPS-information. Before commencing on a warXing trip, the user must always make sure he unbinds his NIC. This needs to be done to disable all communication towards APs (reception of packets remains however unchanged). The best approach to do this is to disable all network protocols (TCP/IP, Netware, NetBEUI, etc.). By disabling communication towards APs, any possible legal problems are avoided and another practical problem is avoided as well. This practical problem is that autoconnection may automatically place the SSID in the wireless adapter operating profile, halting your ability to log any additional stations encountered later on. Unbinding the NIC can be done with the command:
ipconfig /release_all
(in windows; command prompt)ip link set dev interface-name down
or by disabling the TCP/IP protocol in "Network Connections" (for Windows XP) [3]
For warXing, people may opt to install the required software separately or immediately install purpose-built OSs (Linux-variants) which have all warXing tools already installed and are even sometimes able to run as a Live CD. These Linux OSs are BackTrack,[4] WarLinux and Auditor. The purpose-built OSs also feature other tools to crack protected wireless networks and analyze the system. These activities however are no longer considered part of wardriving (only the discovery of the systems is), and are illegal if the owner of the network has not given his permission. The tools are however useful to determine one's own systems' vulnerability to attack and thus to fortify the system. Installing the software separately is considered more useful if one only wishes to conduct warXing, and not test the networks for vulnerabilities or even penetrate them.
Separate software can be installed on regular operating systems such as Mac OS X, Linux or Windows. Often, a single network discovery software program as NetStumbler (windows, desktop), MiniStumbler (windows CE, handheld), KisMAC (desktop, Macintosh) or Kismet (Linux, desktop) is all that most people install. Network discovery software is used to discover and map out the open (as well as protected) WLANs in the area. WLANs which have the SSID broadcasting turned off require a passive scanner such as Kismet.
GPS-mapping software sometimes installed alongside includes Stumbverter and MapPoint. Netstumbler records the GPS-information, but does not place it on a map, which is why these programs are often added. MapPoint (a Microsoft product) is not free, however, and is thus often not an option for certain people. To suit this target group, a free alternative has been made called DiGLE. Also, WiFimaps offers some utilities.
Finally, some people want to use the network information obtained through the network discovery software (and other tools such as packet analyzers) to also hack the network. This activity, which is no longer considered warXing, may allow the hacker significant advantages. Hacking protected networks may allow Piggybacking (Internet access) or using the network as a "zombie", meaning using the connection to hack other PCs/networks and letting someone else look like the bad guy. Also, instead of hacking it, hackers may also decide to jam the network. RF-jamming can be done through RF generators (e.g. from HP, Anritsu) or Power signal generators (e.g. from Terabeam Wireless, Global Gadget or Tektronix). Jamming (as well as Queensland and DoS-attacks) of course does not usually provide any advantage for the hacker, and is often done for retribution purposes.
Practical how-to information is available from documents such as "The Definitive Guide to Wireless WarXing" [5], "WarDriving HOWTO", "Wireless LAN resources for Linux", "Official Wireless Howto" [6], etc. More info may be gathered from books such as "Hacking Wireless Networks for Dummies", which have sections about wardriving.
WarXing computers are usually focused on portability. WarXers will often prefer to do the more labour-intensive operations, such as analyzing the network and looking for vulnerabilities, at a later time, so they resort to a mix of portability and computing power. Portability is required as the device has to be physically moved from one place to another (to get in the range of the WLAN networks), and computing power is required if one wishes to crack WEP or (EAP/WPA) protected networks. To detect wireless networks, ARM, MIPS or SH3-cpu powered PDAs such as the HP iPAQ, HP Jornada or Casio MIPS are often used due to their high portability.[3] Small laptops (13.3–15.4 inch) are used for both mapping out as well as cracking the WLANs.
Finally, for wardriving purposes only, some individuals have resorted to building mini-tower PCs into their cars. To power the computer for wardriving, an AC power inverter is used to power or recharge the computer. Wireless network cards (with antennae jacks) are always present in the PC, either by inserting an external type or using an integrated one. To extend the range, an external antenna is sometimes added, either a commercially obtained one or a cantenna.
A GPS device is usually added to record the GPS coordinates of the wireless network. GPS coordinates are usually automatically recorded along with other network information (IP, SSID, AP MAC-address or BSSID, ... ) in network discovery software as NetStumbler and Kismet.