Wireless networking has become standard in many business and government networks. This book is the first book that focuses on the methods used by professionals to perform WarDriving and wireless pentration testing. Unlike other wireless networking and security books that have been published in recent years, this book is geared primarily to those individuals that are tasked with performing penetration testing on wireless networks. This book continues in the successful vein of books for penetration testers such as Google Hacking for Penetration Testers and Penetration Tester’s Open Source Toolkit. Additionally, the methods discussed will prove invaluable for network administrators tasked with securing wireless networks. By understanding the methods used by penetration testers and attackers in general, these administrators can better define the strategies needed to secure their networks.

Key Features

* According to a study by the Strategis Group more than one third of the words population will own a wireless device by the end of 2008. * The authors have performed hundreds of wireless penetration tests, modeling their attack methods after those used by real world attackers. * Unlike other wireless books, this is geared specifically for those individuals that perform security assessments and penetration tests on wireless networks.


The target audience for this book is information security professionals who are required to perform WarDriving and wireless penetration testing as part of their duties as well as hobbyists that are interested in learning the tactics used by professional penetration testers when WarDriving and performing wireless penetration tests. Additionally, both business and home users that are concerned about the security of their wireless networks will find a wealth of knowledge in how to secure their networks.

Table of Contents


Technical Editor and Lead Author

Technical Editor and Contributing Author

Contributing Authors

Foreword Contributor


Foreword v 1.0

Chapter 1: Introduction to WarDriving and Penetration Testing



The Origins of WarDriving

Tools of the Trade or “What Do I Need?”

Putting It All Together

Penetration Testing

Tools for Penetration Testing

Conclusion and What to Expect From this Book

Solutions Fast Track

Chapter 2: Understanding Antennas and Antenna Theory


Terminology and Jargon

Differences Between Antenna Types

Other RF Devices


Solutions Fast Track

Chapter 3: WarDriving With Handheld Devices and Direction Finding


WarDriving with a Sharp Zaurus

WarDriving with MiniStumbler

Direction Finding with a Handheld Device


Solutions Fast Track

Chapter 4: WarDriving and Penetration Testing with Windows


WarDriving with NetStumbler

Running NetStumbler

Wireless Penetration Testing with Windows


Solutions Fast Track

Chapter 5: WarDriving and Penetration Testing with Linux


Preparing Your System to WarDrive

WarDriving with Linux and Kismet

Wireless Penetration Testing Using Linux


Solutions Fast Track

Chapter 6: WarDriving and Wireless Penetration Testing with OS X


WarDriving with KisMAC

Penetration Testing with OS X

Other OS X Tools for WarDriving and WLAN Testing


Solutions Fast Track

Chapter 7: Wireless Penetration Testing Using a Bootable Linux Distribution


Core Technologies

Open Source Tools


No. of pages:
© 2006
Electronic ISBN:
Print ISBN:

About the authors

Chris Hurley

Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.

Russ Rogers

Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, São Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2® (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (

Frank Thornton

Frank Thornton runs his own technology consulting firm, Blackthorn Systems, which specializes in information security and wireless networks. His specialties include wireless network architecture, design, and implementation, as well as network troubleshooting and optimization. An interest in amateur radio helped him bridge the gap between computers and wireless networks. Having learned at a young age which end of the soldering iron was hot, he has even been known to repair hardware on occasion. In addition to his computer and wireless interests, Frank was a law enforcement officer for many years. As a detective and forensics expert he has investigated approximately one hundred homicides and thousands of other crime scenes. Combining both professional interests, he was a member of the workgroup that established ANSI Standard "ANSI/NIST-CSL 1-1993 Data Format for the Interchange of Fingerprint Information."