February 15th, 2019
About Us
Our Sponsors

Sirti Bestows Award of Honor
October 21, 2010. Billie Moreland, PhD, of Billie Moreland and Associates and Steve Simmons, PhD, E...

Triangle %u201CGraduates%u201D at Sweet Sixteen
The Idea (1994)
In June 1994, while on a layover in the San Francisco airport, Dr. Steve Simmons cam...

  More News


05/30/2003 - Triangle War-Drive Finds Security Flaws

There is a sense of excitement surrounding wireless local area networks (WLANs). With the proliferation of laptop computers and PDA’s, wireless connectivity is rapidly gaining popularity. Users can access the Internet, check their e-mail, and conduct business while enjoying their favorite beverage in their favorite watering hole --- from the Davenport Hotel Lobby, Tryst Juice Bar, or various other “hotspots” around the Terabyte Triangle. Today’s wireless standard is the 802.11b, sometimes called WiFi, that has at a bandwidth of 11 mbits and operates at 2.4 GHz Frequency. The problem with wireless is it poses major security risks.

In order to gather some raw data about Spokane wireless networks and their security, the EWU Network Security class taught by John Shovic, PhD, conducted a War-drive, and invited me along. Taken from the movie, “WarGames”, a war-drive means driving around and identifying various wireless network Access Points (AP). The AP, also known as a base station, is the wireless server that connects clients to the internal network and acts as a bridge for the clients.

The wireless user has a Server Set ID (SSID) that acts as a shared password between the AP and the client. The SSID is a configurable identification that allows clients to communicate with the base station.

Dr. Shovic divided the SIRTI-based class into four teams --- to cover the South Hill, Liberty Lake and the Valley, the North Side, and Downtown. Each team had a laptop computer loaded with the software, Network Stumbler, and an antenna. Network Stumbler (NetStumbler) scans for networks and logs all that it finds. The log includes the real SSID, the AP’s MAC address, the best signal-to-noise ratio encountered, and the time it crossed into the network’s space. Also logged was the availability of Wired Equivalent Privacy (WEP) --- a measure of encryption and some degree of security. NetStumbler does not record the same AP twice -- each logged encounter is unique. If the “sniffer” wanted, he could add a GPS receiver and log the exact latitude and longitude of the AP.

NetStumbler makes a lot of sounds, and our “war-driver” connected the computer to his car’s stereo for full effect. When an AP is found, the sound is a percussive clank. When the signal is close and strong, there is a high-pitched soprano ping. As the signal grows more distant and weak, the ping moves into the baritone. When several AP’s were operating in the same area, you heard a whole chord.

My team had the Downtown drive. In all of downtown and Browne’s Addition, we found 131 unique wireless AP’s. Only 38, or about 30%, of these AP’s had indication of WEP in place. The hottest area was along Riverside Avenue. As we waited for the light at Riverside and Howard, the pinging sound system played a near symphony. At another intersection, the laptop actually connected with an AP without any prompting from the “drivers”. SSID’s ran the gamut, but many were the default configuration like “tsunami” (Cisco), or “101” (3Com), or “linksys” (Linksys). Some were actual company names. The majority appeared to be wide open.

Teams from the other areas found very similar results. Only about 30% of wireless users had any kind of security. In residential neighborhoods, the SSDI’s were often things like “Mugglesfamily” or Boris&Natasha, or even the house number. Although it looked like 70% of all networks were wide open, some may have had hidden firewalls behind the access points. However, residential and small networks are very unlikely to have that protection and so are wide open for a malicious “sniffer.”

There are things a wireless user can do to make the channel more secure. When installing the base station, be sure to turn on the WEP. The default will probably be “off”. However, WEP only encrypts the data packets and not the SSID, which goes out as clear text. The SSID can be turned off, but this only makes it a little more difficult for a “sniffer.” There is Secure Access mode that requires the SSID of both client and base station to match. In default mode, this option is turned off and clients can connect to the base station using their configured SSID, a blank SSID, or the SSID configured as “any”. There is MAC address filtering. The MAC address is a 48-bit number unique to each local area network card. The trouble here is that it is tedious and difficult to implement. There is also the possibility of having a blocking mechanism between the wireless access and the Internet so that the “sniffer” may be able to get into the wireless, but can go no further. The class consensus was that the best option at this time seems to be to assume that the network is not secure, and act accordingly.

Students are required to sign a form stating that they understand the class exercises are for demonstration purposes only. They may be prosecuted and expelled if they use this information in any way outside the classroom.

Billie Moreland
» News Archive

Sirti Bestows Award of Honor
Triangle %u201CGraduates%u201D at Sweet Sixteen
Triangle Concludes Newsletter Operations
ISAGA 2010 Conference Slated at Riverpoint
Terabyte Tidbits
Education Robotics Expands in Region
Terabyte Tidbits
Triangle Welcomes Caelus Consulting
Area High Schools Join Robotics Competition
Terabyte Tidbits
Triangle Welcomes Apple Guy
Fine Solutions Offers Flexible ERP
Lewis and Clark Robotics Faces FIRST Showdown
Terabyte Tidbits
Interlink Debuts Surveillance System
Spokane Entrepreneurial Center
Terabyte Tidbits
EWU Computer Science Celebrates 25 Years
Terabyte Tidbits
Triangle Welcomes Spokane Web Communications