MBH's Box‎ > ‎Wardriving Kuwait‎ > ‎


The images shown are generated from Google Spreadsheets and are automatically updated whenever the sheets are updated with new data.

Secure vs. Insecure WiFi Networks

Secure: WPA1 & WPA2, even though WPA1 is considered to be vulnerable to dictionary attacks but it can sustain that when using a good password.
Insecure: Open/Passwordless Networks, WEP & AdHoc.

WiFi Security/Type

Open means that the Access Point (AP) doesn't require any encryption/password to connect to it.
Some APs use this and then ask for a username/password. This is usually done by Coffee Shops with help from ISPs.
You're strongly advised to switch to WPA2 encryption immediately.

WEP is an old and weak encryption. It takes about 5-10 minutes to crack the encryption and find the password. You're strongly encouraged to change it to WPA2.

WPA1/2 is a strong encryption type for wireless networks. If you're using a common password, it's easy to crack, but if you're not, it takes months.
A strong password is at least 9 characters consisting of capital letters, small letters and numbers. You can add special characters like underscores too. You're advised to switch to WPA2.

IBSS is another name for AdHoc networks, used to create connections between devices without the need for a master device like an AP. In my scans, I found wireless printers and PSPs!

Understanding the data above: In the graph, you see that WPA2 is quite small. This is due to the fact that I have merged APs that function in Mixed Mode. In Mixed Mode, an AP provides both WPA1 & WPA2, so from a security point of view, we wish to see to the most vulnerable which is WPA1.
Thus, WPA2 in the graph is for APs providing WPA2 ONLY.

Channel Usage

Wireless devices operating on the 2.4GHz frequency range have the choice to operate on 14 channels. Some countries restrict the channels to 13.

This page on Wikipedia explains on which frequency each channels exists and illustrates why you should choose channels 1, 6 or 11 for best performance (since they don't overlap with other frequencies).

When you're deploying your own Access Point (AP), make sure to scan around you first and see which frequencies the surrounding people are using, and choose 1, 6 or 11 based on the least used one.

Top 10 Identified Vendors

I used the OUI information provided by the IEEE to map MAC addresses to vendors. Not all vendors have applied to be included, and those are accounted for as Unknown vendors.

In case you don't know, Linksys is owned by Cisco, so you won't see Linksys in the list, as I merged it under Cisco.

I may add some vendors later on manually, so not everything will be from the OUI file. If you happen to know that your vendor isn't listed, email me your MAC address and the vendor name to include it in the list.

This sheet contains a complete list of identified vendors.

Known vs. Unknown Vendors

Over 300 devices are from vendors that haven't been recognized. I'll post the unidentified MACs later in case anyone recognizes one, one would hopefully email me to include it in the vendor list.

Providers' Default Security

The graph above depicts the number of Access Points (APs) that were found using default vendor names, and also shows the count of APs per security type.

Top 15 Common Access Point Names

This sheet contains the full list of repeated names of Access Points.