Security's Everyman

Security's Everyman

Friday, April 25, 2008

Wireless Scanning

A couple of days ago I got on the bus to make the trip from Downtown Atlanta to the suburbs where I live. I pulled out my laptop to do some work and was just about to disable my wireless radio when up popped a "Wireless Network Found" message. I closed it and was about to go ahead and disable the radio when I thought it would be interesting to run NetStumbler and see what I could see as we drove through town. It was rather interesting and I decided to do a little categorizing and let y'all know what I found. I decided to do it again the next day and compare it to the first day. Here is a summary and some thoughts.

Disclaimer: Before I get into this I want to make it perfectly clear that I am NOT a wireless guru. I have lots to learn and some of what I have to say may have perfectly good exploitations or I may be WAY off base. Feel free to give me constructive feedback via comments or direct email. 

The first thing I noticed was that all 11 standard channels in 802.11a,b,g were used. Then I noticed that there were some other channels listed. They are 36, 40, 48, 56, 157. Honestly I wasn't even aware that you could use these other channels. What does that mean and how do you do it? I'd like to learn more about this. I looked to see if there were any common denominators about the devices that reported this but couldn't really find anything useful. The second day I picked up traffic on the same channels plus one that I didn't see on day one, channel 64.

Next I noticed that over the 2 days I saw 696 different devices, 388 on day 1 and 509 on day 2. So that means that 201 devices showed up on one day that didn't on the other day. That can be explained by several things. They may have been off that day. Maybe the bus was going too fast to pick them up one day and not the next. One day I may have had less interference in that area than the other.

280 had no encryption enabled on them. The rest were reported as having WEP enabled but I doubt that is correct. I don't know if it's the version of NetStumbler that I'm using or what but everything is reported as WEP. I checked it against my home system which is running WPA2 and it showed up as WEP.

42 showed up as being ad-hoc which means that they were more than likely other laptop users who were broadcasting their signals. In looking at the SSID's shown by these ad-hoc networks either there are lot's of "evil twins" set up or possibly NetStumbler just didn't get enough of a signal and read on what was really going on with them. In comparing ad-hoc to AP I only found 2 that looked like they were possibly "evil twins" based on SSID reported. Again if the others were then I was not able to pick up the "real" AP in my scan due to range or interference. 

Speed ranged between 11mbs to 54mbs with 22, 36, and 48 mbs also reporting. The vast majority of there were 54 mbs.

There were lots of vendors reported with the obvious ones present. Cisco, Aruba, Linksys, DLink, Netgear. There were several that I am not familiar with like Farallon, Eprigram, Sercom, Compex. Then some that I'm familiar with but only slightly like Gemtek, Z-Com, Airespace. I noticed several Symbol devices which I know is a popular handheld scanner manufacturer. I'm not sure if they make AP's also but these did show up as AP's. Again this goes back to me not being overly familiar with the world of wireless and who does what and especially not the specifics of how and why NetStumbler reports what it reports in the way it reports it. :)

Just a couple more thoughts and then I'm through. I noticed that a majority of the SSID's reported gave out too much information. Either company name, or some identifier that makes it easy to figure out who this AP belongs to such as a building number or something similar. All you had to do was look at the SSID and then at street numbers or business names and be able to put 2 and 2 together to find the owner. Not the wisest choice but in today's world of wireless hacking it doesn't take much for the bad guys to find out who you are pretty quickly anyway.

The last thing is I wanted to share with you a few of the funnier or more unique SSID's that I found. Sad to say this is as creative as people in this part of town seem to get. Oh, well.

Belkin Sucks
But Why ???
Your Mom

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.