Please create an account to participate in the Slashdot moderation system


Forgot your password?
The Internet

802.11b Network Scanning In London And Amsterdam 134

jbrw writes: "Beware of cat skulls in sombreros! Bicycle + laptop + gps unit + 80I.11 magic = WarPeddlaz, currently scanning London. Replacing the bike with a canal boat, and you have the WarFloataz in Amsterdam. Pics, info and raw scan data available at" Some amusingly altered photos in here, too. Now that I have an 802.11 card working, this is getting even more interesting.
This discussion has been archived. No new comments can be posted.

802.11b Network Scanning In London And Amsterdam

Comments Filter:
  • That was quick. Anyone able to post a mirror?
    • someone should really warn these smaller sites that they're about to be posted on Slashdot.. their max-users is probably set to 20.
      • Hey fellow /.'ers - thanks for all the interest,

        We caught the deluge pretty quickly & we're tuning the host as best we can. Please bear with us.


      • What Slashdot NEEDS to do is setup a cache for links to non-major and non-dynamic sites. Every time a link is posted to a smaller site, that site gets thrashed and nobody gets a view.

        Pseudo example:
        802.11b Network Scanning In London And Amsterdam
        Posted by timothy [] on Sat Sep 15, '01 11:21 AM
        from the brief-window-of-opportunity dept.
        jbrw [mailto] writes: "Beware of cat skulls in sombreros! Bicycle + laptop + gps unit + 80I.11 magic = WarPeddlaz, currently scanning London. Replacing the bike with a canal boat, and you have the WarFloataz in Amsterdam. Pics, info and raw scan data available at [] slashcached []." Some amusingly altered photos in here, too. Now that I have an 802.11 card working, this is getting even more interesting.

        • I've actually been working on a solution, to go with a library of website cache that's been collecting for the last few years.

          Unfortunately, it didn't work in this case. I've got a read-ahead public archived webcaching system, through junkbuster/squid, that I'm making public shortly.

          I put a cache injector for foreign URL's on slashdot. Every 5 minutes, a ruby script checks for un-cached websites, and tries to browse them. This throws it into my read-ahead caching system, which is archived at

          Unfortunately, this site was dead within 5 minutes, so it couldn't get injected. One solution is almost here, it's not just fully tweaked yet ;)

    • I guess the website wouldn't have been Slashdotted so quickly if only they hadn't used other people's 802.11b networks.
  • "free2air proudly hosts over wireless free2air public networks" Yeah, like that doesn't have mistake written all over it. SLASHDOTTING!
  • Free 802.11 Networks (Score:5, Interesting)

    by The Jake ( 233010 ) on Saturday September 15, 2001 @12:31PM (#2303081)
    I just recently set up a Linksys BEFW11S4 router with wireless access in my apartment.

    Shortly after I set it up, I found a guy using my network via the wireless access point. At first, I was fine with it, but I realized quickly that this wasn't some guy passing on a bike, but rather someone in the same apartment building.

    I tracked him down, and told him that I wasn't in the business of providing free internet to the entire building. Now he pays half the DSL cost. Not a bad deal.

    The point is this: I still leave my network open. Anyone wandering by is free to use my 802.11 network. In fact, the settings are such that anyone with a computer set up to connect to the local university's wiress network will get a connection here.

    The lesson learned: keep your network open. Smile when some wandering soul conencts for a while. Unless you've got your own T3, though, you better make sure someone isn't getting free, continued, high speed internet, at your expense.
    • Possible Misuse (Score:5, Interesting)

      by bstadil ( 7110 ) on Saturday September 15, 2001 @12:45PM (#2303129) Homepage
      What about misuse. Unless you keep excellent log files you might find yourselves in a lot of trouble if the next CodeRed get launched from your IP number. I am not saying this is a reason not to leave it open, just a reminder that it unfortunately has a flip side.
      • And even if he has logs, what is that going to tell him? There's no way to identify people using the network. This is one of the major flaws of this. People could use these type of networks as dropoff points for gaining access to other computers and/or launching viruses.
      • I don't see how that would help. AFAIK hardware routers don't make logs, and if they did how would that prove it wasn't you? All it would show is that some machine sent out a request for a DHCP lease and was assigned 192.168.x.x. Try telling the feds "no, no, that really wasn't me."

        The log would need to have the mac address. Even in that case would the feds believe you didn't change the hex values so it didn't look like your machine?
        • Actually, I haven't set up the logging function of the BEFW11S4, but it does have a logging function.

          The logging function logs all TCP/UDP traffic, the port, and the IP it was from, and to.

          The DHCP function can pair MAC's to the IP's assigned, so with these two tools, I could trace things back.

          So the Linksys BEFW11S4 has the functions necessary to trace things back. The only thing I wish it had was a "MAC address allow list", which is more useful than a "MAC address disallow list" thats in there now.
          • Trace it back to what? You forget that you can spoof MAC addresses. The only thing you would trace it back to is a local lan IP. That will tell you nothing. That could be any computer on the face of the planet. You can't pair it with a person or a name. It's impossible. It isnt like an ISP where you have to give them your name, address, etc. You have no info on the people connecting to your network.
            • I have the same AP as this guy. There's only like one 802.11b NIC on the planet that supports MAC spoofing, or more like custom MAC addresses. Any MAC starting over "4" is not a "spoof" per se, just taking advantage of a normal feature.
          • My / buffalo / melco Access point has a web page configure page, and it has the "MAC address allow list."

            I never considered how inconvenient a disallow list would be.
        • Of course, if he wanted to do some misusing himself, he's now got a fall-guy.

          I wonder how he tracked the guy down, by the way?
      • Re:Possible Misuse (Score:3, Informative)

        by ZoneGray ( 168419 )
        For that matter, be careful what you do if you connect to an open wireless network.

        It would be simple to set up an access point, leave it open, and sniff traffic of whoever connects. If nothing else, I'd think you could collect POP passwords pretty easily.
        • I'm on an open network. I've solved my paranoia with this line in fetchmail:
          preconnect 'ssh -C -f -L 20143:server:143 username@server sleep 5'
          If I change 143 to 110, I've got pop tunneled instead.
      • Just what I though. As much as I'd like to trust in human nature for everyone to use somthing like this responsibly, I'd be hesitant to leave it open for just the kind of reasons you mention.

        Even keeping log files might not be enough to resolve you of responsibility if someone were to use your connection for a malicious attack on someone else using your access point and IP. If it got traced back to you, would having log files be an adequate defense?

        "There was a ddos attack carried out yesterday that appears to have been controlled from your DSL IP"

        "Oh, I looked through my logs and it looks like someone connected through my wireless access gateway at the time this happened. Here is the info..."

        "That's nice, but _why_ are you leaving this open for anyone passing by to use? I'm afraid you had better come with us to answer more questions. Oh, by the way... we had better take any computers and networking equipment you have with us in case we need it later for evidence. Oh, don't worry... you'll get it all back when we are done with our investigation. *chuckle*"

        It is a shame, but the potential exposure would probably make this problematic for a lot of people, myself included.
    • You shouldn't allow him to use your network. If he abuses it, you will be held liable. If you try to prove that he did it, your DSL provider will then remind you that you're not supposed to share your access with outsiders. Either way, you're screwed.

      802.11 is bad idea in an apartment complex.

    • I have the same *exact* AP as you. If you had bought the version that has just the single internal port and the parallel printer support, you would have gotten the "MAC accept list" instead of the "MAC reject list" we got stuck with. I use Orinoco Silver cards with it under Linux and Win2k.

      Here's something important to look out for. Because I've been getting my network "broadband ready", I run my Linksys behind an autodialing Linux firewall with a 56k modem. I run extremely tight rules on the firewall, too, and just the other day I logged some packets from my network behind my Linksys hitting my oustide firewall with the **protected network** IP network address!

      My setup is 56k ppp -> Linux (192.168.2) --xover--> Linksys WAN port --> hub port (192.168.1 w/DHCP) --> 24 port hub

      I should *NEVER* see 192.168.1 packets going OUT of the Linksys and hitting the eth0 on my outside firewall, but sure enough.. I logged a few the other day.. they were destined for junkbuster and squid. I'm glad I have the firewall logging anomalies like that or I would never have known.

      Luckily the outside firewall stopped the malformed packets from getting out to the net. And no I don't care that much about it on a ppp link, but the cable modem is coming and I don't want my internal network structure revealed on the Internet side.
  • Arr... Here be the ever fabulous GOOGLE cache: Here []

    For all the copy and pasters:

  • Frankfurt Airport has open 802.11b, all I saw was a bunch of novell and NT.

    I have the Sniffer 4.6 Wireless on my laptop, if anyone who lives in the Frankfurt area and whats to check it out, give me a shout at (English please :)
  • by shermozle ( 126249 ) on Saturday September 15, 2001 @01:01PM (#2303169) Homepage
    Since /. kills many many sites with interesting stuff on them every time it links to them but is unwilling to cache the pages because the lawyers run the show there, how about Google?

    Slashdot should organise with Google to cache the page as they approve a post. Google grabs the site before the hoards and next to the real link /. posts the google cache URL?
    • The problem with google is that it caches only the front page. Or at least it doesn't change the links. That's an annoyance. J.
    • Since /. kills many many sites with interesting stuff on them every time it links to them but is unwilling to cache the pages because the lawyers run the show there, how about Google?

      Slashdot likes to think it carries breaking news, and thus the versions in the google cache would be stale. Organizing it with google would just drag google into the lawyers' liability game.
    • Perhaphs Slashdot could hurl an e-mail to the site owner asking if they want to be cached 5 minutes before the story is posted. Then if at any point they get the PGP signed, or faxed ok they go ahead and turn on the cache.

      In a sane world caches be fair use... maybe they are, but lets let the NYT, Google & Yahoos of the world spend their lawyerly dollars on the eventual lawsuits.

      I'll go send a few $$ to the ACLU & EFF now, they'll need it for more important things though.
  • Can't check the link out - still .dot'd. Bummer.

    I recently did a wireless scan of Downtown Los Angeles. Found 47 access points in the core area - only about 8 were using any kind of encryption.

    I couldn't believe it. I keep wondering if these numbers are a result of 1) altruism 2) ignorance 3) laziness or some combination of the above.

    As an aside - what are the best wireless scanning apps for linux?

    • Or, it could be 4) other security measures. The wireless netrwork here does not use link-level (WEP) encryption becuase it has been shown to be fundamentally broken many, many times. Instead, in order to get out of the wireless network you have to establish a VPN tunnel. And that kind of setup wouldn't be apparent to someone just scanning for networks.

    • It's also possible that some of these access points have been setup without the knowledge of the admins in the building.

      I have seen instances where a "rouge" group of developers found it more productive to work in the board room (it has a great whiteboard) and there were not enough jacks for there puters, their manager put in a request for a new hub, got approved and sent a developer out, he came back with an some wap gear, the admin nearly shot the manager when he found out.
  • The free2air project sounds interesting, even though it got /.'ed and I couldn't find much information on it, but we have seen in the past the fall of the free dial up and similar plans to create a free internet.
    One question: Where does the revenue come from? I imagine that nobody is going to give away bandwidth, and that it would be difficult to force banner ads onto the public to pay for it.
    Perhaps if they cached the web and inserted their own banners in the pages, that would genereate some money. But would it be enough? Caching napster traffic to conserve bandwidth would not be a daunting task, and scalability of the networks would also create a problem. How many nodes will 802.11b support, and how much additional equipment would be needed to expand the network would have to be addressed all but immediately.
    I'm not saying it wouldn't work, I'm just saying it would be hard to make any money off of it.

    Angry White Guy
    • The very point of a free network is that it is free! Yes, people do give away bandwidth. I do myself.

      My setup is my DSL modem is connected a linux firewall/router. I then connect my hub for my wired LAN to the router, and the access point. That way, I maintain security on my LAN, and provide free 'net acess to neighbors and people driving down the street. If I need to, I can even limit the bandwidth to the access point.

      Right now, I'm working on setting up a free, unified wireless network in the Chicago area []. Let me know if you want to help out!
  • I recently purchased the SMC Starter bundle for my laptop. It works great. As far as the security, I could be wrong, but I use 128bit encryption and MAC filtering. The encryption makes the data almost unreadable. The MAC filtering only allows specific MAC addresses to access the access point. Am I missing something?
  • I drove around Copenhagen the other night and found ~20 networks, and only 2 had WEP, the rest where wide open.
  • by nsayer ( 86181 ) < minus language> on Saturday September 15, 2001 @01:58PM (#2303346) Homepage
    For what it's worth, my page at FreeBSD [] has some instructions on how to set up PPPoE and/or PPTP on a FreeBSD server to use as a way to secure a wireless LAN.

    People may find my wireless LAN -- they may even DHCP an IP address from it, but they won't be able to actually do anything once they do. :-)

  • People keep wondering why there are so many open wireless networks around. Sure, many of them are probably explained by laziness. But I'll bet a lot of them are due to good old-fashioned cheapness.

    When I bought my access point, I got the absolute cheapest one I could find; of course it only has useless 40-bit WEP and the configuration utility only runs on Windows (which I don't have). But I'm not worried about people freeloading; I just turn it off when I'm not using it. :-)
    • WEP buys you very little. It's the equivilent of putting a tiny padlock on a bike - it may deter somebody who's just looking for an easy target, but it's not going to stop anyone who wants access. Depending on the traffic levels on your network, WEP can be broken within a few hours. Even worse, the time taken to crack the encryption scales linearly with the number of bits - 128 will only take 3 times as long to break, not 2^88.
  • This may be OT, but I'd like to see bicycle + gps unit + digital camera == cartography (somehow). Maps are expensive and non-free in many countries (seems the US is lucky here to have govt. information in the public domain), but it seems that somehow you could gather free street map information just by walking around with a GPS-enabled PDA and occasionally typing in information like 'I am crossing over the junction of Fred Street with Jim Road'. Taking pictures and having them automatically associated with your current GPS location and compass direction would also be cool.

    (Just an idea, maybe one day I'll get a PDA with GPS and a digital camera and try it out. But the kit seems a bit expensive at the moment.)
    • Maps cost money because the finer details of them change constantly. Who would keep your 'open source' map up to date? I for one, wouldn't spend the time. I'd rather pay someone else to do it, by buying a map.
      • Streetmap details don't change that frequently (not where I live: an area might be completely redeveloped, but incremental changes to existing street layouts are rare). Of course actually buying a map maintained by professionals will be the best option for a long time to come. I was thinking of applications like route finders: if these are to be free software or usable over the web, they need to have a set of free maps. The quality doesn't have to be perfect, just good enough to navigate from A to B.
    • I've been looking at 2d height maps in openGLfor my Open Racer project. During that time, I came across some people on mailing lists archives who are actually working on that kind of thing. I saw the info when reading the forums for
  • Terms & Conditions (Score:2, Insightful)

    by Peter Clary ( 34038 )
    Well, I have a cablemodem and my ISP's Terms and Conditions clearly state that I'm not allowed to share my connection. This was probably because some neighbours string network cable between adjoining houses, but it's just as applicable for wireless.

    You are responsible for what happens on your connection. If somebody uses your connection for something nasty (accessing illegal material, etc) then you could be in trouble.

    I've been dying to go wireless, but I need to be sure that I *can* keep it secure.

    Freely shared wireless networks are a lovely ideal, but be careful you don't get burned. Check your ISPs Terms and Conditions.

    Paranoid Pete.
  • Anyone know if Apple airport cards are good for leeching bandwidth?
  • Okay, my wishlist for the next spring:

    - a handheld or a wearable
    - retinal display for it
    - a compact 802.11b receiver

    And... Time to clean up my rollerblades!

  • the link wont work but mabey thats because im on a 28.8
  • While we're waiting for the site to become available again, I have a serious question that I hope someone can answer..

    has anyone seen a device that will convert a single PC to wireless that absolutely cannot otherwise be converted? I have a small mainframe at home that's really an S/390 chip on a Microchannel card (IBM all the way, baby :) and its in my downstairs office. It will soon have a microchannel ethernet card, but obviously there's no way in hell I could convert that puppy to wireless.

    I'm looking for an access point-sized device that will just be a client side relay for one or more PCs connected to it. Has anyone heard of such a thing? Thanks..
    • Why not the apple airport? []

      Alternately, any of the firewall/NAT/router/wireless home access boxes would do as well.
      • I appreciate your post, but I may not have been clear in my request. I already have an access point. I cannot run ethernet to where a computer is located, and that PC does not have ISA or PCI slots so it cannot have a PCI to PCMCIA adapter installed. My only choice is to run an ethernet cable from the computer into some kind of device that will make the machine act as a **client** to my **existing** access point, not wire it to another access point that will compete with my existing access point.

        Unless I didn't catch something on the airport page stating that the airport can be converted to a client device instead of an access point. I don't need another access point, though. Thanks again for trying to help.
    • Actually, there is such a thing. I believe Lucent made an ethernet to PCMCIA card adaptor specificaly for their Orinocco cards for adapting otherwise non-adaptable systems. Cisco also sells their Workgroup Bridge for such systems (it can actually support up to 8 devices off of a hub/switch).

      • You're awesome! You were exactly correct. Lucent makes the Orinoco/EC (ethernet converter). Its about the size of an external modem with an ethernet port and a pcmcia slot and brings 802.11 to any hardwire ethernet device. $220 at CDW, without a PCMCIA card. A little pricey but exactly what I need.

        I haven't looked for the Cisco, with their history of "corporate pricing". I don't even wanna know :)

  • I've seen lots of ways to crack WEP to sniff out someone elses packets but what about just preventing people from sucking up your bandwidth? I've got an Apple Airport with the Mac address restriction ability. Have there been any issues with someone cracking the base station itself?
  • Indeed, there is quite some 'leeching' activity
    here in Amsterdam. I was going to set up a system,
    but realised when my reccomendation to 'spread' in
    a cryptographic way was not taken, interest was

    Understandably, governments are scared of losing
    their ability to 'license' the airwaves. However,
    in the USA, there is an effort to get the FCC to
    go along. Too bad for those that paid $Billions
    to get their third generation phones some
    spectrum. It is because of this, it will flop.

    As far as WEP goes, it was an obvious joke from
    its inception. We call it "Weak Encryption
    Protocol" here in A'dam. The bandwidth of 802.11b
    is only 11Mbit/s half duplex max, so it wouldn't
    be all that bad to set up something. I am mostly
    concerned with the privacy of those that use the
    systems I maintain.

    As far as people using parts of the Internet, I
    feel that "surfing the web" and getting mail and
    all "Internet" cafe functions should be free. Here
    you just need to go to the public library if you
    need access. You get a Windoze box, but you can
    download "Putty" or a similar SSH program and have
    use of your own box. Bandwidth is fair and better
    than ADSL or cable at the library.

    Furthermore, if i travel anywhere and school is in
    session, no university has ever denied me use of
    their Internet, and often, I get a Unix terminal!

Kill Ugly Processor Architectures - Karl Lehenbauer