Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested

War-driving lessons

Related linksToday's breaking news
Send to a friendFeedback

Schwartau archive

My 11-year-old son has developed an intense interest in war driving - the fine art of discovering wireless networks as you drive around in your car. In the Windows world, war driving merely requires a good wireless card, such as Orinoco, and a copy of NetStumbler, which can be downloaded for free.

As you drive up and down streets, NetStumbler will identify the hundreds of networks in businesses, government offices and homes. The screen will display the kind of wireless network access point, the manufacturer and the signal strength of the network you have detected. Most importantly, the network will broadcast its Service Set Identification (in Windows-speak, this is the name of the network's workgroup) and the unique network media access control (MAC) address.

As any accomplished war driver knows, a few keystrokes and a reboot would allow you to jump onto any open network that has not been secured with some combination of wired equivalent privacy (WEP) or MAC address filtering. People known as war chalkers even mark the streets and sides of buildings with war-driving symbols indicating the location of a wireless network and its security status.

When my son first wired up his war-driving computer, he was amazed - and frankly so was I. Sitting in the car in our driveway, we instantly found two home-based wireless networks; neither of them secure. We drove into town and found more than 70 networks, about one-third of them using WEP, the others hanging naked in the breeze.

The three fundamentals of information security are known as CIA - confidentiality, integrity and availability. War-driving attacks compromise the first two. If someone can access your private information, then your confidentiality has been breached. This person then can modify this information to your detriment, thus breaching your integrity.

Recently, a new suite of hacker tools have exposed even more potentially debilitating problems with the IEEE 802.1X wireless network standard, which defines Extensible Authentication Protocol (EAP) over LANs (EAPOL). These tools can be used to launch denial-of-service (DoS) attacks, compromising your network's availability.

First, the attacker spoofs the unauthenticated EAPOL logoff frames, logging the user off the access point. Then, the attacker renders the access point unavailable by flooding it with EAPOL start frames. The EAP identifier space becomes consumed, creating a DoS attack.

Premature EAP success packets can allow a rogue into a wireless session without proper mutual authentication. Broadcasting spoofed EAP failure packets can force a session to disconnect, resulting in still another DoS attack. Modifying EAP packets where neither integrity nor encryption is supported also can result in a successful DoS attack.

The tools for demonstrating wireless DoS capabilities are hitting the 'Net and should be part of anyone's wireless arsenal. What we have seen before is going to hit us again - except in the wireless world, identifying the perpetrator makes IP tracing seem like child's play. Imagine a few folks roaming around Wall Street with wireless disabling programs in their backpacks, invisible and virtually untrackable.

As with land-based LANs, one of the best ways to test the sanctity of your wireless networks is to use the latest attack tools against it before deployment. Gather a suite of attack tools, such as WEPCrack, NetStumbler and ApSniff. Make sure you have Orinoco and Prism wireless network cards. Test your own network for unknown access points and poor implementation of WEP and EAP. If you attempt to launch a DoS attack, make sure that nearby wireless networks will not be affected.

DoS attacks against the 802.1X environment are only the beginning. As new protocols and defenses are developed, new attacks will be commonplace. We are headed toward what the military calls electronic warfare where adversaries jam known frequency ranges to limit communications.

While wireless networks offer incredible convenience, we are not yet at the point where we can or should rely on them to provide mission-critical applications in an unshielded and potentially hostile environment. For more information, visit The Unofficial 802.11 Security Web Page.


Schwartau is president of Interpact, a security awareness consulting firm, and author of many books, including Cybershock and Computer and Internet Ethics. Reach him at

More Schwartau columns.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.