Sunday, October 12, 2003

Lazy Sunday Wardriving

It was a really nice day outside. Sunshine, cool breeze. Rotary and the kids went with aunt Tanya to go see a kids movie. Something called Good Dog? It was supposed to rain, and Rotary didn't really want to drive. So I offered to be the driver. This also gave me a chance to have about an hour and a half in an end of town with endless access points to explore.



Going up and down a few blocks within the theater, I had a lot of bells going off for access points. Maybe a little more than half of them were secured. Which is good, since I was looking at mostly businesses. Some had a hidden SSID (that won't stop me!) and MAC address filtering (not worth fucking with).

Perched behind a Dairy Queen I ran into an open access point, and a computer with open shares. I love it when people actually use that "Shared Docs" folder that comes with XP. That tells me two things. First, that anything in that folder is up for grabs to a username of guest and a password of guest. Secondly, those files were shared for a reason. There is at least one other computer or laptop in the household to explore. The first picture I came across was a little asian man standing in front of the chemistry department at OSU. It was dated from this past summer. And digging a little deeper I found several different folders stuffed with un-marked digital photos. Nothing too exciting, just a lot of asians having a good time. I know what you are thinking. "Is this Jacobs Ladder? What the hell is up with their faces?". I am respecting the privacy of these nameless people. That is all.



Then I came across this photo which was seperate from the others. I am leaving this one un-touched because I doubt she would ever be recognized here in the states. Maybe a girlfriend back home? Maybe just some chick he met on the Internet and thought was cute. Who knows. But she kind of looks like an asian version of Phoebbe Cates. Don't you think? Asian chick on the left, Phoebbe on the right.


Okay, enough asians. I messaged a few people, "Hi! I'm wardriving", and moved on. The next thing I hit really made me curious. It was an easy network to hop onto, and I got an address ending in 36. That tells me that there is at least 5 other people (or has been recently) on this network. What a random number?


So I start looking for other signs of life by browsing for network shares and come up with nothing. Seems odd. The name of the access point indicates that this may be associated with the local University. Although, looking around my location all I see is an old neighborhood, an apartment complex, and an abandoned gas station. So I start randomly pinging IP addresses and find three or four. Then I attach via a web browser to two of them. One demands that I enter a username and a password. I can't guess it trying the usual stuff, so I have to give up on that. But the second one I connect to fires right up. Looks like statistical stuff for this network. Neat, neat, neat. I am in some kind of wireless network, that is part of a much larger wireless network. All of the IP's are Internet routable too. not the usual "reserved address" that most routers hide you behind.


I now have anywhere from 20 to 30 minutes left before the movie lets out, so I hop onto an open Linksys AP without even having to move my car. Seeing that I was granted an address ending in .1 I all ready know I am alone in this universe. Which means, no open shares to browse. Bummer. So I connected to the router, putting in "admin" as both username and password (duh) and started re-arranging things. First of all, I HATE Linksys products. So I renamed the access point for them. I think "rape me" is pretty appropriate, completed with the )( symbol (it marks an open access point).



Then just to amuse myself, I run MacStumbler and check it out. Yup! It's now broadcasting under a new name. Very fitting.

No calls yet, and I still had about 15 minutes left, so I decided to try something else. Wouldn't it be nice to connect to this access point later when there were files to browse and someone else connected to it? Of course! So for my next trick, I changed around a few settings which allowed a connection to the access point from the WAN side of things. I also took note of the WAN address. This address was taken from a DHCP server. So it could change later in the day. But most likely, it will be the same for weeks.


Content with what I had done, I decided to take one more crack on an un-named Access Point located somewhere in a mini-mall by the movie theater. That's about the time the phone rang to go get everyone from the theater. "Good Dog" was a good movie I guess. Although it was said that my daughter slept through the entire thing, and my son laughed insanely at all the "sad" parts. That's my boy.

Later back at home, I brought up the snapshot I had taken of the access point admin screen, and fired it open in a browser. Worked nicely. I think from here on out, when I come across an access point as open as this one, I will do this same trick. Then I can connect to these anytime I want, forwarding ports on them, and making them into my digital bitches. HAR!

Isn't wardriving FUN?

No comments:

Post a Comment