The WEM Discovery by Cybersk4nk Fielding help and support by H1D30US and Kankraka Sunday, December 7, 2003 Abstract Some of you may of heard of a small little mall in Edmonton called West Edmonton Mall (WEM). Well, you'd never belive me if I told you that there are stores that use Wifi in WEM. Not only that, but half of the APs that were war-walked in the mall used no WEP! Maybe they use MAC address blocking, but still. This is very interesting and definitely warrants another trip to our local world class mall. Details See below for the scan details. I used Kismet 2.8.1 with a standard Prism2/cs card and an old klunky laptop running Gentoo Linux which I highly recommend if you have patience and a slightly newish comp. The AP with an SSID of "TELUS" seems particularily interesting as it has no WEP encryption and we received a very nice 2700 dBm signal strength from it when we set up near the Ice Palace. WEM definitely has potential as we were buying shit there too and didn't scan even anywhere near the entire mall. It warrants another all-day trip. Please keep in mind my disclaimer: Breaking into these networks is illegal. Don't try it. If you get caught, you'll be in deep shit and could face many years of ass-rapage in prison at the hands of your cell mate named Bruno who killed his entire family with an axe and who hasn't seen a woman in 30 years. This includes trying to break WEP encryption because that is basically illegal inter- ception of a private network. IANAL, but it seems that in Canada, sniffing networks is perfectly legal just as it is legal to tune into a radio station or use a scanner. In the US it may be illegal even to Wardrive due to DMCA provisions. Check you local laws, and above all, fight them if they are unjust. Network 1: "151" BSSID: "00:A0:F8:46:6A:BB" Type : infrastructure Carrier : 802.11b Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Fri Dec 5 21:54:09 2003" Last : "Fri Dec 5 21:54:09 2003" Network 2: "default" BSSID: "00:04:23:63:65:C0" Type : probe Carrier : 802.11b Info : "None" Channel : 00 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Fri Dec 5 21:55:05 2003" Last : "Fri Dec 5 21:55:05 2003" Network 3: "TELUS" BSSID: "00:40:96:A0:9B:44" Type : infrastructure Carrier : 802.11b Info : "W-AB5037-AP-1" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 72 Data : 0 Crypt : 0 Weak : 0 Total : 72 First : "Fri Dec 5 21:55:13 2003" Last : "Fri Dec 5 21:56:10 2003" Network 4: "default" BSSID: "00:04:23:68:99:8B" Type : probe Carrier : 802.11b Info : "None" Channel : 00 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Fri Dec 5 21:55:15 2003" Last : "Fri Dec 5 21:55:15 2003" Network 5: "linksys" BSSID: "00:06:25:98:7A:0C" Type : infrastructure Carrier : 802.11b Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 49 Data : 0 Crypt : 0 Weak : 0 Total : 49 First : "Fri Dec 5 21:55:18 2003" Last : "Fri Dec 5 21:56:11 2003"