Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

WLAN Visualization Meets GIS Mapping 86

martin dodge writes "The Wireless Ntwork Visualization Project (Univ. of Kansas) has an interesting alternative to just dot maps of wlan base stations. These guys are mapping out the zone of availability using gis. nice maps using aerial photographs backdrops as well. If you are interested, check out other ways of mapping 802.11b network infrastructure. "
This discussion has been archived. No new comments can be posted.

WLAN Visualization Meets GIS Mapping

Comments Filter:
  • Would this mean crackers could more easily access weak networks (ie those w/o VPN)? And what about services designed for free web access through wireless LAN?
    • by Anonymous Coward
      Yes it does, as it is well known that crackers and script kiddiez are GIS master and professional surveyors, map and aieral photography experts, this will create a mass cracking.

      The implications are horrendus... toasters biting their users, dogs being shaved, and showers riunning only tiped water.

      It's is more horrible than giving Saddam 20-30 nuclear bombs and the corridnates to all key US targets.
      • The suggestion that 802.11b security issues may not pose a problem reflects a cavalier take on a nuanced problem.

        While the benefits to data mapping wireless far outweigh the risks to facilitating users of Snort/Crack (noun, not command) apps, this doesn't mean we should forget about security. The aforementioned "crackers and script kiddiez" impose costs on the system that must be noted. It's far wiser to look down the road than to burn the bridge when we get there.

        And don't think commercial ISPs wouldn't love to see Wi-Fi whacked in its infancy. There's interests lining up behind strangling the babe in its crib.

  • by wiredog ( 43288 ) on Tuesday February 12, 2002 @01:20PM (#2995265) Journal
    In effect, map data stored in a database. I've seen maps like those in the article before. The first I saw was in 1993, but it didn't have nice colors. It was from a company that determined FM signal coverage, when given the location of the transmitter and its signal strength.
    • ...depending on the crowd. Among plenty of academics (especially geographers) GIS = Geographic Information Science. Partly this is because there is quite a bit of ongoing research into the techniques and principles underpinning the technology.

      The other reason is that there actually is (in an ideal world) a bit of expertise required--and familiarity with geography, and no I'm not talking about "What's the capital of so-and-so"--to fully understand what you are doing with the data.

      I've found a great deal of folks in the public and non-profit sectors who are far too cavalier with their interpretations of data that they crunched on for a while...they think that because they used expensive software they must be getting some real value out of it.

      Anyway, the point is that it's not some black box technological marvel. There is plenty of Science (geographic, statistical, etc etc) behind the Systems.

      GRASS GIS is cool but sadly I work at a Winders shop, so it's ArcGIS for me (and plenty of contact with the abhorrent DBF file format). :(

  • Those are better than the coverage maps that the cell phone providers offer. Their, almost certainly, far more accurate too.

    Now, if we can just get them to do the project at a national level and post a searchable map, like Mapquest, on the web it would be awesome. Going on the road? Just grab a map before you go and stay connected the whole time, probably free of charge too! Since, so many of the WLANs aren't secured.

    • Re:I love it! (Score:3, Interesting)

      by Chairboy ( 88841 )
      I have a question about the specific mechanics of this: What is the behaviour of 802.11b cards passing multiple nodes at high speed?

      If you're driving down a highway with continuous 802.11b coverage and all the APs are set up to allow external access using some common agreed upon collection of settings (no WEP, a standard network name, etc), how well would a card support switching from AP to AP within seconds of each other?
      • A more difficult problem might be routing of reply packets... if you're constantly switching IPs, then the webpage you requested two seconds ago is being delivered to the AP you were connected to back then.
      • What is the behaviour of 802.11b cards passing multiple nodes at high speed?

        Your 2.4GHz card will overclock to 4.8GHz with twice the bandwidth if you travel at the speed of light down the highway.
      • Re:I love it! (Score:4, Informative)

        by BeBoxer ( 14448 ) on Tuesday February 12, 2002 @01:39PM (#2995389)
        For doing this type of war driving, you don't need to actually connect to each AP. The card is put into a low-level promiscuous mode, so it can receive all packets. Every AP sends out a continuous stream of 'beacon' packets which the software can use to determine what networks are available. Also, at least on Prism-based cards, you get both a signal and noise measure for every packet received. So you just drive around snarfing up packets, and every one you get you can check for the source MAC address (to determine the AP) and the S/N ratio. No need to talk to the AP's at all, it's totally passive.

        One thing you do need to do is change channels. 802.11b specifies 11 channels (in the US), so to be thourough you should check them all. To be efficient, you can only check 1,6,11 because that's what everybody uses. Depending on how many channels you are checking and how fast you scan puts a limit on how fast you can drive and expect to pick everything up.

        Of course, if you are just checking out coverage for a specific AP, you can stay on it's channel and wander around the immediate area to get lots of good data points about it's coverage. It all depends on what exactly you are trying to accomplish.
        • The parent posts in this thread weren't talking about just detecting networks, they were talking about using the network while roaming at high speed. I don't think that's possible, because your IP address would change every time you switched to a different access point.
      • Not sure of the generic solution, but Alverion, Formerly Breezecom [alvarion.com] sell a solution that allows roaming speeds up to 60MPH. Not sure if it is a technical limit, or one of the lawyers telling them not to advertise anything faster for fear of idiot suits like the ones facing cellphone manufacturers in the coming decade. Yes jurror's my client is an idiot, and yes it was his fault he was eating a big mac while talking on the cellphone in an ice storm, but you must find the cellphone industry responsible of contributory neglegince and award my client 22 million dollars in compensation.
        • Re:I love it! (Score:3, Interesting)

          by GoRK ( 10018 )
          I have actually done seamless roaming while streaming video at 75mph with the breezecom equipment. I believe that technically very high roaming speeds are possible with more dense configurations of AP's.

          The first problem is that the breezecom stuff is FHSS which is a little bit easier to "roam" than DSSS, simply because you can hear neighboring AP's without having to switch channels as you do with DSSS, thus you know more about neighboring AP's.

          The next problem is that the network has to be specially designed to support roaming clients. It has to have intelligence on the ethernet side of the AP's to teach the network about roaming client routing, so that packets always get to where they need. In large WLAN's, AP's are all rarely connected via a 100mbps backbone or the like. They are often connected with layer 3 switches, or worse -- routers, such that roaming is near impossible anyway without using special client software that implements MobileIP (or even ipv6)

          The final problem with the way that breezecom does it is that their roaming is proprietary. The AP's preauthenticate clients before they show up, saving time after switching. It's not compatible with 802.11, though "regualr" 802.11 FHSS cards can indeed roam on breezecom equipment.

          The fast roaming modes do not work on the breezecom direct sequence 802.11b equipment. You must be going 5mph or practically 10mph to roam seamlessly (ie without a data stream interruption) on this equipment.
      • hand-over and ipv6 (Score:2, Interesting)

        by dopolon ( 88100 )
        hand-over is what you want, i.e. the ability to have a permanent session when you switch from one transmitter to another.
        It is embedded in cellular networks (PCS, GSM, 3G, etc.) but is not (I think) a 802.11b feature, which was built for home, soho networks, not wireless internet coverage.
        Besides, even if you could negotiate a transaction fast enough to keep the overhead low, the lack of a persistent ip address and connection scheme (firewalls) would make it difficult to work.
        OTOH, a telecom-carrier operated wireless network is easy to standardize, and made for this type of thing (I remember having an half hour phone call on a 180mph train in France).

        The real issue here is cost :
        802.11b works because it's cheap and can be built by geeks, but hasn't got the features of a telecom network that's expensive to install, operate, and that nobody is really willing to pay for. (the market just isn't here yet : Metricom, anyone)
        Besides, most features were supposed to come with 3G networks, but with fear of bankruptcy in the telecom sector, there is little chance we see this working before two years.

        just my 0.02 euros
        • by kent_eh ( 543303 )
          hand-over is what you want, i.e. the ability to have a permanent session when you switch from one transmitter to another. It is embedded in cellular networks (PCS, GSM, 3G, etc.) but is not (I think) a 802.11b feature, which was built for home, soho networks, not wireless internet coverage.

          How the cellular network does this is to have a central computer (the cellular switch, or BSC in a GSM network) monitoring the RF connection to each subscriber's mobile. If tht S/N, BER, or overall recieve level reaches a threshold, the switch starts querying surrounding base stations to get a signal measurement on the mobile. If another base station has a better signal, then a handoff (handover in GSM) is begun.

          At the minimum, what would have to happen to make 802.11b do this is central co-ordination.
          • How the cellular network does this is to have a central computer (the cellular switch, or BSC in a GSM network) monitoring the RF connection to each subscriber's mobile. If tht S/N, BER, or overall recieve level reaches a threshold, the switch starts querying surrounding base stations to get a signal measurement on the mobile. If another base station has a better signal, then a handoff (handover in GSM) is begun.

            This is the method used by the old analog systems (NMT,AMPS,TACS) not by GSM. In GSM it is the mobile that does all the measurements and sends the result to the BSC. GSM allways tries to make sure you are on the best cell rather than above a certain signal/noise level. If the BSC determines that a better candidate is available it will initiate a handover.

    • Those are better than the coverage maps that the cell phone providers offer. Their, almost certainly, far more accurate too.

      The engineering dept. at the cell providers have maps that are at least this good, often better.
      The maps that the public gets to see, however, don't come from the engineers, but rather the marketing department.
      That said, if you had a 3 watt phone with a properly mounted 3Db gain antenna on the roof of your car, you probably could get the coverage that the marketeers claim.

      Of course, almost no real customers use a setup like that anymore.
    • in some ways the cell phone providers would do better to provide maps like this, as it would educate users as to the real (rather than advertised) capabilities of cell phones.

      i worked for a cell phone company a couple of years ago and the tech support was constantly tied up with calls, and the refurbishment warehouse with functioning returns, because people assumed that the coverage maps provided by the company were accurate binary state renditions of coverage (i.e. if you're within the area you can make a call, and if you're outside it you can't). for instance, if you use a road map to drive to the next state, when you cross the line, you're in that state, there's not a 74% probability that you're there (it's 100%). of course cell phone maps are only probability maps related to tower placement, signal strength, and topography, but most people choose from experience not to see it that way, as all their experience has been with road maps.

      so you'd get people calling in who tried to make calls downtown/in their basement/behind a hill, or whatever, convinced that their phones were broken cuz they could not get a signal when the map said they could ... often they'd just return a functioning phone and get a replacement mailed to them. it was a horrendous waste of money. ideally the customers need to be told that there's only a probability of making a call from any particular area. but i guess the marketing dept. would put a stop to that.

      • When I worked for Sprint PCS in the San Francisco market we had a printout of the south bay coverage. It was pretty cool looking at it, however using a smoothed out version of the chunkey map would not be good for marketing as it would cause heightened expectations. It also had pretty good holes in coverage along major freeways and so forth, also not good for trying to sell a phone. It was also funky to see how the program would show coverage in the middle of the Santa Cruz mountains due to reflections, ducting, scatter and height.
      • According to the Hiesenbergs uncertiantly priciple there when crossing a state line there is a probablity that you didn't cross it at all. It applies, even for very large things.
  • Combined with a database containing the address of cable modem subscribers, Comcast can now conveniently use this data to ferret out their subscribers "stealing" from them using 802.11b. Watch for the Comcast van in your neighborhood!
  • Wireless Mapping (Score:2, Interesting)

    by Ben1234 ( 558406 )
    Useful but check out the dynamically generated node map from http://www.pdxwireless.org It's updated as the nodes go on and off.
  • by Lumpy ( 12016 ) on Tuesday February 12, 2002 @01:35PM (#2995361) Homepage
    These were done years ago for FM radio coverage and many "more sophisticated" ham radio repeaters back in the late 80's. It's pretty cool and accurate enough. (although not very accurate inbetween distant points unless you add a topo data set to the GIS dataset.. Grass [baylor.edu] is an excellent GIS package for Linux that gives linux users the power of multi-million dollar GIS systems in their basement... and this is a great way do use that cool tool.
    • Yeah, the data requirements for this type of wireless network prediction are pretty steep. I work in a GIS lab producing data for wireless network planning (mostly cellular right now), and this data production and RF modelling are still pretty poorly implemented on a commercial level for the really high-resolution stuff. The biggest reason for this is that actual building-scale data is pretty expensive. We can use 30m Landsat imagery for creating data for cell phone planning, but for this type of thing you need either airphotos or Ikonos style 1m or better imagery, which drives the cost way up.

      This project looks like a lot of fun, though.
  • It interferes with my driving when I need to be looking for a 802.11 signal while watching the road at the same time.

    Why don't they use some of their research funds to lobby the Highway Administration for road signs that would clearly mark places where there was donated bandwidth to be had?

  • by jbf ( 30261 )
    Their security tips [ku.edu]:
    • use wep (airsnort)
    • obscure your ssid (set client ssid to ANY)
    • change default passwords on APs (duh)
    • disable broadcast ssid, but you can't (haha)
    • upgrade firmware (what's that gonna do)
    • enable MAC filtering (Lucent WaveLAN cards have a tool to set their MAC address)
    • Turn off your access points when you are not using them (how mann people are going to do that)
    • Wave point placement and antenna selection (attacker can use a 12dBi yagi and point it straight at your house)


    I don't think I'll be using their Consulting Services [ku.edu] any time soon...
    • Wireless is dangerous - the only real defense right now is to make your network harder to get into than the guy down the street, so Joe Randomsniffer will hit them, not you.

      Much like network administration, really - there is no secure box, but if you're more secure than the average, you aren't a tempting target, and will be passed over in favor of the clueless hordes who are ripe for the picking.

      A really dedicated person who wants into you specifically? Very little you can do to keep them out, especially if you run wireless.
      • Tell that to the military, or to NASA, or to anyone else with a $100million hunk of metal in the sky.

        Put a firewall behind the AP, and use some kind of secure tunnel (such as SSH) to get to a functional part of the network.
    • If you want more information, then you'll probably need to contact them. The list is just a basic set of things that should be done, but rarely are. You wouldn't even imagine how many access points don't even have the default password changed.
      • None of them are particularly strong. That's like saying "Security Tips for your home:"
        • Close your door when you're out
        • Add a fake lock to your door
        • Paint your house black so burglers can't find it
        • Paint doors on your house so they might bang their heads against a wall


        They are so far off from the best current practices that it's quite pathetic. Anyone who gives a list of security tips like that is unlikely to get my business as an burgler alarm system vendor.
    • Re:Smoking Crack... (Score:2, Informative)

      by CaptCosmic ( 323617 )
      You're claim that their security tips are useless is silly.

      > use wep (airsnort)

      Using WEP is the same as remembering to lock the doors of your hose. People can still pick the locks, but they have to be determined to get in.

      > obscure your ssid (set client ssid to ANY)

      This should be combined with the suggestion below to turn of SSID broadcasts.

      > change default passwords on APs (duh)

      Just because its obvious to you, doesn't mean it isn't worth mentioning. People are stupid and need to be reminded of the obvious.

      > disable broadcast ssid, but you can't (haha)

      Funny, on all of the Access Points I've dealt with, there was either an option called Disable Broadcast SSID, or Closed Network. Checking these meant that you had to know the SSID in order to attach to the network.

      > upgrade firmware (what's that gonna do)

      Why should we apply patches to Apache or IIS? What's it gonna do?

      > enable MAC filtering (Lucent WaveLAN cards have a tool to set their MAC address)

      Yes, but there are 2^48 MAC addresses. Guess which ones are allowed to attach to my network.

      > Turn off your access points when you are not using them (how mann people are going to do that)

      I agree that this is unlikely to happen. But that doesn't mean that it isn't a legitimate way to keep people from using it.

      Wave point placement and antenna selection (attacker can use a 12dBi yagi and point it straight at your house)

      This point I don't know enough about. It is probably the least useful of any of the suggestions. Especially since most people tend to use the antennas that come with their Access Points

      • Using WEP is the same as remembering to lock the doors of your hose. People can still pick the locks, but they have to be determined to get in.

        Not really; it's like closing the door. I'd hardly call script kiddies "really determined," but any of them can run airsnort.


        Turn off SSID broadcast and obscure it

        But when I hear someone register, then I can get in. Kinda like plaintext password authentication.


        Why should we apply patches to Apache or IIS? What's it gonna do?

        While I agree it's a good idea, it's not going to keep the baddies out of the network. For example, the latest firmware for Lucent WaveLAN automatically generates a somewhat random IV, which prevents some of the IV collision attacks documented in the literature. It doesn't stop the fundamental insecurity of WEP, though, and giving people a false sense of security, rather than using a real solution like firewalling the wireless network and only allowing users in through tunneling (such as VPN or SSH tunneling), may be quite harmful.
        • I agree that the current security of Wireless networks leaves much to be desired. But that doesn't mean that we shouldn't at least use the little bit that we have.

          I hope that they are able to improve on the security. But remember, that nothing can keep out a determined hacker. You can have the best locks, the best security system, and the meanest guard dogs, but it is still possible for someone to rob your house. They'll just have more incentive to go find an easier target.
          • *sigh* Why is it that the one area we _can_ have near-military quality security, people insist on "make my installation marginally harder to crack than my neighbor's"? Can you imagine if the US government said "I agree that the current security of Los Alamos leaves much to be desired. But nothing can keep out a determined hacker."

            If you give heavy weapons to your "determined hacker," I agree. But if you're talking about some moron hiding in the bushes with a laptop and a yagi, then I think I can design a system to keep them out, using commercial off-the-shelf (and possibly free) software.

            The physical analogy breaks down, since clearly even the government has problems breaking the encryption easily accessable to civilians, while it has no such trouble breaking into civilian buildings (excluding Waco). If we all had access to tanks, antiaircraft missles, and nukes, I probably could keep you a good distance from my home =)
    • I'm amused by the moderation here. You spend 4 years of your life doing cutting edge research in an area, get published at the top conferences pretty much at will, you understand the protocols and problems in sufficient detail to respond to posts without a reference. You see a story posted referring to a website written by a few morons at a no-name state school who have security tips far below the best current practice, and you point out that such tips are bogus, but they're trying to sell consulting services.

      Point that out, get moderated as Troll and Flamebait. I've gotta start metamoderating.

      Not that it matters, since I've got karma to burn, but I'd obviously like my posts to get read...
  • by dr_labrat ( 15478 ) <spooner AT gmail DOT com> on Tuesday February 12, 2002 @01:43PM (#2995411) Homepage
    I know its not the same sort of thing, but Interrorem have knocked up a perl script that converts Netstumbler (Wlan mapping tool) logs into UK streetmap locations.

    You can see it in action here [interrorem.com]

    Its very handy to get a clearer idea of where exactly those pesky APs are when you blat past them in a batmobile with a pringles tin sticking out the roof...

  • by ghamerly ( 309371 ) on Tuesday February 12, 2002 @01:44PM (#2995422)
    Last year i took my laptop & gps & a few perl scripts and mapped out the wireless access at my campus (UCSD). I made some maps too. Pretty fun!

    http://www.cs.ucsd.edu/~ghamerly/wireless.html [ucsd.edu]
  • by Matey-O ( 518004 ) <michaeljohnmiller@mSPAMsSPAMnSPAM.com> on Tuesday February 12, 2002 @01:58PM (#2995494) Homepage Journal
    Can anybody comment on the following:

    Linksys (and other folks) have a flag that disables the SSID broadcast 'feature' of their basestations.

    According to netstumbler.com:
    "Linksys' latest firmware update for WAP11 includes closed network support. It disables the SSID beacon broadcast and as a result no longer shows up on either the Boingo or CyberPixie roaming clients, nor on Apsniff or NetStumbler network discovery tools. "

    Is this REALLY a security 'adder' or can folks discover the network in other ways?

    Our .11b network has 128wep, MAC list restriction, and SSID broadcast turned off. I realise that someone can sniff the traffic and decrypt the packets by cracking WEP, but this would otherwise prevent them from doing something ON the network, right?

    We're investigating adding our VPN to the mix, but it's a non-trivial network topology change for a group that really doesn't have sensitive data.
    • Good start, but if you can I would add fast key changing and per packet hashing. Cisco Aironet Ap's have both of these in recent firmware. You will also need client firmware upgrades. Not sure if other manufacturers are doing either of these yet. Also does anyone know if the problem where the IV got initialized to 0 on the reset of certain manufacturers AP's got fixed?
    • by dr_labrat ( 15478 ) <spooner AT gmail DOT com> on Tuesday February 12, 2002 @02:12PM (#2995570) Homepage
      It certainly raises the bar with regard to mapping.

      Many APs allow the user to turn off the SSID broadcast, however if someone nearby has popped their WLAN card into monitor mode, this will enable them to listen into the raw 802.11 frames that carry all your precious data.

      Plus anything else that happens to float by on channel 10 for instance.

      sniffer-pro and more importantly airopeek both do this.

      Mac list restrictions can be overcome in this manner as well: you can specify a MAC by using Ifconfig under linux :)

      kismet does this nicely as part of its "ip address space" discovery work, along with cisco infrastructure enumeration with CDP.

      Your plan *should* be pretty secure against casual "browsers". Unless your company has made some enemies recently or is worth something in "Commercial Intelligence" terms, you should be pretty clean.

      Of course, I would put a VPN in *as well*...
      • Iiiinteresting. Well, truth be known, we're state government (Dept of Labor). The content becomes public knowledge in short order _anyway_. While we CAN specify VPN, that means I won't be able to surf using my ipaq. ;)

        (Can PPC2002 connect to a CicsoVPN concentrator?)
        • As far as I know the only way you will be able to get your IPaQ surfing via the config you list is if you use PPTP (poptop for linux, or use an NT RAS terminator) and then use Linux on your Ipaq, and then a recent version of PPPD should do the trick nicely.

          *really* too much hassle though :)
      • Mac list restrictions can be overcome in this manner as well: you can specify a MAC by using Ifconfig under linux :)

        FYI, Windows lets you specify MACs, too...

  • For those interested in doing some GIS work of your own, there is the public domainGeographic Resources Analysis Support System [baylor.edu].

    Also, most GIS work is done using ESRI's GIS and Mapping software [esri.com].

    • I have been playing with Mapserver [umn.edu] and it really rocks for online stuff. It only recently went sort-of-production with 3.5, but with support for PostGIS and PHP, it is great. Having tried both, IMHO, it's far more accessible than ESRI's ArcIMS.

      Xix.
  • Netstumbler (Score:4, Informative)

    by Nerftoe ( 74385 ) on Tuesday February 12, 2002 @03:20PM (#2995951)
    With netstumbler [netstumbler.com], it's easy to map out your freshly discovered APs easily. After you have returned from some wardriving, simply export your netstumbler log, and upload it here [netstumbler.com]. It will output a Microsoft MapPoint 2002 file which will display a pushpin covered map which shows you all the APs that you just discovered.
    • Re:Netstumbler (Score:2, Informative)

      by BadlandZ ( 1725 )
      Funny to see Netstumbler being pimped on SlashDot... I would have thought you guys would only mod up something for Linux like WaveStumbler [cqure.net] or AirSnort [sourceforge.net].

      And no mandatory mention of clusters used for War Driving yet?

      Come on SlashDotters, I'm disappointed.....

  • Working in cellular (Score:2, Interesting)

    by Red Storm ( 4772 )
    When I worked for Sprint and other Clients we had mapping similar to this made using software such as Planet made by MSI. Planet was cool, it would help map out coverage for a given area. However it was still needed to go out and drive the network. I worked a project in Tijuana using some equipment made by DTI that had 8 scanners in it and would record about a thousand channels of data to be later displayed on a map. It was cool when you would look at the map and actualy see the coverage of each cell tower based on the driving that had been done.
  • They've essentially reinvented a commercial app that's been on the market for about 5 years - deciBel Planner [169.144.68.41].
  • The problem I'm having with their maps is that there is no distinction between 'no signal' and 'no data'. This can easily be seen by the oddly shaped coverage oozing down a street. Obviously the signal doesn't preferentially go down the street, there is just no data within the block to know what the signal is doing there. There should really be some sort of distinction for this to be truly useful.

    Its not as trivial as it seems because coverage can in fact ooze down the street due to tall buildings lining the block, for example. This can either be directly measured or maybe even modeled if one knows the the types of structures in the map.
  • These people http://i3.com/ have a business that cators to the cell-phone industry. They provide maps with builings, etc that can then be used by the providers when their engineers are trying to design their wireless networks (where to put antenna for best coverage).

    From what I can tell, they're just taking i-cubed's idea and applying it to 802.11...something providers will surely do if they ever want to blanket areas with coverage (as cell providers do this now).

    Pretty cool anyway, but I must point out prior established work in this area.

    They also have some really cool images of my town from above.

"The medium is the massage." -- Crazy Nigel

Working...