Presentation is loading. Please wait.

Presentation is loading. Please wait.

Flying the Front Range: Detecting Wireless Networks Dr. Stephen C. Hayne Professor Computer Information Systems Steve H., Sean I., Jesse C., Travis M.,

Published byArron Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "Flying the Front Range: Detecting Wireless Networks Dr. Stephen C. Hayne Professor Computer Information Systems Steve H., Sean I., Jesse C., Travis M.,"— Presentation transcript:

1 Flying the Front Range: Detecting Wireless Networks Dr. Stephen C. Hayne Professor Computer Information Systems Steve H., Sean I., Jesse C., Travis M., Travis R.

2 Why We Did It ► Gauge wireless network usage  Analyze packet captures  Attempt to ID wISPs, long-haul 802.11, A,B,G WAPs  Encryption, usage, demographic statistics ► Compare GPS recordings in car vs. plane ► Compare Kismac, Netstumbler and Kismet ► Compare antennae

3 WarDriving ► Tools  Windows XP, Netstumbler ► Areas Covered  Loveland, Windsor, Ft. Collins, Laporte ► Hypothesis & Goal  Driving would more accurately locate WAPs than flying  Provide baseline for comparing flight data

4 WarDriving Results ► Ft. Collins  3112 WAPs found

5 WarDriving Results ► Windsor  315 WAPs found

6 WarDriving Results ► Loveland  520 WAPs found

7 WarFlying ► Tools  Windows XP, Orinoco Gold PC Card, Netstumbler v 4.0, Lucent 5.5dBi omnidirectional antenna  Apple Powerbook, Compaq WL110 PC Card, Kismac v.11b, Cisco 12dBi omnidirectional antenna  Cessna Centurion

8 Flying

9 Flying

10 Flying

11 Flying

12 Antenna Comparison

13 WarFlying Results ► Kismac found 2251 802.11x networks  After crashing, losing 1280 WAP locations  Included computers in ad-hoc mode, computers probing (Netstumbler), WPA, WEP, A/B/G networks, hidden SSIDs ► Netstumbler found 1012 networks ► 1 hour of flying at +-1500 ft. produced similar amount of data as 24 hours of driving ► Kismac tends to find 1.5 to 2x more WAPs than Netstumbler

14 WarFlying Results ► Circled Rockwell  Attempted to use Rockwell WAPs to access a web page  Also used this data to compare GPS locations

15 WarFlying Circling Rockwell picking up 802.11 traffic at 1500’ Signals travel much further vertically than horizontally

16 WarFlying Circling my house trying to connect and load a web page

17 WarFlying Results ► GPS Location Data Comparison  Surprisingly similar between car and plane  Left map is from Kismac, Right is from Netstumbler  In the car alleycat-2 found on College Ave. between Plum and Laurel

18 WarFlying Results: Network Traffic ► Kismac was used to capture network data  Ran through ethereal for low level analysis  Ran through tcpdump & custom perl code for high level analysis* tcpdump -r newdump -nn -s 64 | grep -E \ "^[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6} ([0-9]{0,3}\.){4}[0-9]*" | \sed "s/^[^ ][^ ]* //" | sed "s/ >.*udp \([0-9][0-9]*\).*/,UDP,\1/" \ | sed "s/ > \([^:][^:]*\).*/,TCP,\1/" | sed "s/\.\([0-9]*\),/,\1,/" \ | sed 's/TCP,.*\.\([0-9][0-9]*\)$/TCP,\1/‘ * Thanks to Scott Kleihege at tummy.com

19 WarFlying Results: Network Traffic ► 363 unique source ports  Not 363 unique protocols due to high-number port usage  80 unique protocols identified ► Wide variety of traffic seen  No Sasser worm traffic but relatively high level of SSL traffic corresponds to recent (as of 5/5/04) spike in SSL exploit reports  http://www.dshield.org//port_report.php?port=443&rec ax=1&tarax=2&srcax=2&percent=N&days=40

20 WarFlying Results 2004 Network Traffic 1.18.0% 110 POP3 2.10.5% 5190 AOL 3.10.0% 80 HTTP 4.9.0% 8 unassigned 5.3.8% 443 HTTPS 6.3.8% 68 bootstrap protocol client 7.2.8%137 NetBIOS Name Service 8.2.5%25 SMTP 9.2.3%57586 unassigned 10.1.8%53 DNS Top 10 Protocol Captures as Percent of Total

21 WarFlying Results 2004 Network Traffic ► Plain POP3 instead of POP3 over SSL (port 995)  Bad end user education  Actually captured full email with.xls attachment for well-known national home furnishing store explaining contractual problems & revisions ► High proportion of AOL traffic  Bad end user education ;-)

22 Summary 2004 ► Out of 5,363 WAPs found (driving + flying), we predicted 33% WEP, 66% non-WEP  Found 1501 (28%) WEP, 3862 (72%) non-WEP  The ratios of 25-33% vs. 75-66% appear to be common in every WEP / non-WEP comparison ► Few WPA access points are in use but will increase

23 Summary 2004 ► Top 21 SSIDs in use  We wanted the 21 st because it shows the Poudre R-1 School District  The () represents “hidden” SSIDs SSID Number Seen linksys 1895 default 665 NETGEAR 369 Hiddenssid 206 wireless 175 csu 164 MSHOME 79 ACTIONTEC 70 () 60 WLA58 home 49 belkin54g 40 no ssid 34 SpeedStream 25 digis-000 25 Gateway 23 tmobile 16 123 15 101 13 homenet 12 SST-PR-1 11

24 Summary 2004 ► Identified some long haul connections  Larinet ► Larimer county? Covered from Laporte to Ft. Collins  High Plains Access ► Identified some Wireless ISPs  DIGIS ► Could see plaintext traffic behind their NAT gateway

25 All 5,363 WAPs Found in 2004

26 Summary 2005 ► One short flight (45m) found 2,256 WAPs  1062 (48%) encrypted  1164 (52%) still not encrypted ► Ratio has changed from 25% encrypted !

27 Summary 2005 ► Top 10 SSIDs linksys 474 NETGEAR 172 ActionTec 142 default 100 blank 26 csu 23 Belkin 22 Home 22 Channel Distribution 11018% 2171% 3182% 4182% 561% 660050% 7141% 8222% 9998% 10282% 1127723% Frequency Distribution 802.11b = 40% 802.11g = 60%

28 2005

29 2006 ► Different Antennas 5 dB omni 13 dB 30° directional

30 2006 Unencrypted Hidden/WEPWPA

31 Questions ?

Download ppt "Flying the Front Range: Detecting Wireless Networks Dr. Stephen C. Hayne Professor Computer Information Systems Steve H., Sean I., Jesse C., Travis M.,"

Similar presentations

ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.

ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Securing A Wireless Home Network. Wireless Facts Range about 50 - 200 feet from access point Security anyone can eavesdrop on an unsecured wireless network.

Securing A Wireless Home Network. Wireless Facts Range about feet from access point Security anyone can eavesdrop on an unsecured wireless network.
NetPoint Pro CPE – AP.

NetPoint Pro CPE – AP.
Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.

Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Introduction to Site Surveys Matt Larsen, CEO Skybeam.

Introduction to Site Surveys Matt Larsen, CEO Skybeam.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Remote Viewing Setup DVR & IP Video Devices

Remote Viewing Setup DVR & IP Video Devices
Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber

Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber
Mark-and-Sweep: Getting the “Inside” Scoop on Neighborhood Networks Dongsu Han *, Aditya Agarwala *, David Andersen *, Michael Kaminsky †, Dina Papagiannaki.

Mark-and-Sweep: Getting the “Inside” Scoop on Neighborhood Networks Dongsu Han *, Aditya Agarwala *, David Andersen *, Michael Kaminsky †, Dina Papagiannaki.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.

Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.
Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598.

Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Network Analyzer Example

Network Analyzer Example
Visualization of Wireless Computer Networks Dunbar, Matt D., Kansas Applied Remote Sensing Program and University of Kansas Geography Department, and Becker,

Visualization of Wireless Computer Networks Dunbar, Matt D., Kansas Applied Remote Sensing Program and University of Kansas Geography Department, and Becker,
Site Surveys: An Introduction PersonalTelco- Play Date VIII June 4th, 2005 Matthew West.

Site Surveys: An Introduction PersonalTelco- Play Date VIII June 4th, 2005 Matthew West.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Similar presentations

Ads by Google