Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
Arrow Left Previous Page
Page / 2
Posted: 3/4/2006 9:31:39 AM EDT
The New York Times

March 5, 2006
Hey Neighbor, Stop Piggybacking on My Wireless
By MICHEL MARRIOTT

For a while, the wireless Internet connection Christine and Randy Brodeur installed last year seemed perfect. They were able to sit in their sunny Los Angeles backyard working on their laptop computers.

But they soon began noticing that their high-speed Internet access had become as slow as rush-hour traffic on the 405 freeway.

"I didn't know whether to blame it on the Santa Ana winds or what," recalled Mrs. Brodeur, the chief executive of Socket Media, a marketing and public relations agency.

The "what" turned out to be neighbors who had tapped into their system. The additional online traffic nearly choked out the Brodeurs, who pay a $40 monthly fee for their Internet service, slowing down their access until it was practically unusable.

Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture.

"I don't think it's stealing," said Edwin Caroso, a 21-year-old student at Miami Dade College in Miami, echoing an often-heard sentiment.

"I always find people out there who aren't protecting their connection, so I just feel free to go ahead and use it," Mr. Caroso said. He added that he tapped into a stranger's network mainly for Web surfing, keeping up with e-mail, text chatting with friends in foreign countries and doing homework.

Many who piggyback say the practice does not feel like theft because it does not seem to actually take anything away from anyone. One occasional piggybacker user recently compared it to "reading the newspaper over someone's shoulder."

Piggybacking, makers of wireless routers say, is increasingly an issue for users who live in densely populated areas like New York City or Chicago, or for anyone clustered in apartment buildings in which Wi-Fi radio waves, with an average range of about 200 feet, can easily bleed through walls, floors and ceilings. Large hotels that offer the service have become bubbling brooks of free access that spill out into nearby homes and restaurants.

"Wi-Fi is in the air and it is a very low curb, if you will, to step up and use it," said Mike Wolf of ABI Research, a high-technology market research company in Oyster Bay, N.Y.

This is especially true, Mr. Wolf said, when so many users do not bother to secure their networks with passwords or encryption programs. The programs are usually shipped with customers' wireless routers, devices that plug into an Internet connection and makes access to it wireless. Many home network owners admit that they are oblivious to their piggybackers.

Some, like Marla Edwards, who believe they had locked intruders out of their networks, learn otherwise. Ms. Edwards, a junior at Baruch College in New York, said her husband recently discovered that their home network was not secure after a visiting friend with a laptop easily hopped on their network.

"There's no gauge, no measuring device that says 48 people are using your access," Ms. Edwards said.

When Mr. Wolf turns on his computer in his suburban Seattle home, he regularly sees on his screen a list of two or three wireless networks that do not belong to him but are nonetheless available for use. Mr. Wolf uses his own wired network at home, but he admits that he has piggybacked onto someone else's wireless network when traveling.

"On a family vacation this summer we needed to get access," Mr. Wolf recalled, explaining that his father, who brought along his laptop, needed to send an e-mail message to his boss from Ocean Shores, Wash., to the East Coast. "I said, 'O.K., let's drive around the beach with the window open.' We found a signal and the owner of the network was none the wiser," Mr. Wolf said. "It took about five minutes."

Jonathan Bettino, a senior product marketing manager for the Belkin Corporation, a major maker of wireless network routers based in Compton, Calif., said home-based wireless networks were becoming a way of life. Unless locking out unauthorized users becomes commonplace, piggybacking is likely to increase too.

Last year, Mr. Bettino said, there were more than 44 million broadband networks among the more than 100 million households in the United States. Of that number, 16.2 million are expected to be wireless by the end of this year. In 2003, only 3.9 million households had wireless access to the Internet, he said.

Humphrey Cheung, the editor of a technology Web site, tomshardware.com, measured how plentiful open wireless networks have become. In April 2004, he and some colleagues flew two single-engine airplanes and over metropolitan Los Angeles with two wireless laptops.

The project logged more than 4,500 wireless networks, with only about 30 percent of them encrypted to lock out outsiders, Mr. Cheung said.

"Most people just plug the thing in," he said of those who buy wireless routers. "Ninety percent of the time it works. You stop at that point and don't bother to turn on its security."

Martha Liliana Ramirez, who lives in Miami, said she had not thought much about securing her $100-a-month Internet connection until recently. Last August, Ms. Ramirez, 31, a real estate agent, discovered a man camped outside her condominium with a laptop pointed at her building.

When Ms. Ramirez asked the man what he was doing, he said he was stealing a wireless Internet connection because he did not have one at home. She was amused but later had an unsettling thought: "Oh my God. He could be stealing my signal."

Yet some six months later, Ms. Ramirez still has not secured her network.

Beth Freeman, who lives in Chicago, has her own Internet access, but it is not wireless. Mostly for the convenience of using the Internet anywhere in her apartment, Ms. Freeman, 58, said that for the last six months she has been using a wireless network a friend showed her how to tap into.

"I feel sort of bad about it, but I do it anyway," Ms. Freeman said her of Internet indiscretions. "It just seems harmless."

And if she ever gets caught?

"I'm a grandmother," Ms. Freeman said. "They're not going to yell at an old lady. I'll just play the dumb card."

David Cole, director of product management for Symantec Security Response, a unit of Symantec, a maker of computer security software, said consumers should understand that an open wireless network invites greater vulnerabilities than a stampede of "freeloading neighbors."

He said savvy users could piggyback into unprotected computers to peer into files containing sensitive financial and personal information, release malicious viruses and worms that could do irreparable damage, or use an unprotected computer as a launching pad for identity theft or the uploading and downloading of child pornography.

"The best case is that you end up giving a neighbor a free ride," Mr. Cole said. "The worse case is that someone can destroy your computer, take your files and do some really nefarious things with your network that gets you dragged into court."

Mr. Cole said that Symantec and other companies had created software that could not only lock out most network intruders but also could protect computers and their content if an intruder managed to gain access.

Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access.

"I'm sticking it to the man," said Elaine Ball, an Internet subscriber who lives in Chicago. She complained that she paid $65 a month for Internet access until she recently switched to a $20-a-month promotion plan that would go up to $45 a month after the first three months.

"I open up my network, leave it wide open for anyone to jump on," Ms. Ball said.

For the Brodeurs in Los Angeles, a close reading of their network's manual helped them to finally encrypt their network. The Brodeurs told the piggybackers that the network belonged to them and not to the neighborhood. While apologetic, some neighbors still wanted access to it.

"Some of them asked me, 'Could we pay?' but we didn't want to go into the Internet service provider business," Mrs. Brodeur said. "We gave some weird story about the network imposing some sort of lockdown protocol."

Andrea Zarate contributed reporting from Miami for this article, and Gretchen Ruethling from Chicago.

* Copyright 2006The New York Times Company
Link Posted: 3/4/2006 9:33:10 AM EDT
OMG Noobs That can't setup WEP OMGBBQ!!111!11!!!!!!11!1
Link Posted: 3/4/2006 9:35:39 AM EDT
I live in a condo. I'm going to stay hard-wired.
Link Posted: 3/4/2006 9:35:47 AM EDT
[Last Edit: 3/4/2006 9:38:22 AM EDT by mr_camera_man]
bash.org/?202477



(Mootar) morons.
(Mootar) these people who live in my apartment complex are connected to my wireless
(Mootar) they must think they're super-cool hackers by breaking into my completely unsecure network
(Mootar) unfortunatly, the connection works both ways
(Mootar) long story short, they now have loads of horse porn on their computer



Edit: WEP or WPA is trivial to set up, for anyone who bothers to read the manual. The older WEP standard is easier to break, but still takes hours and is enough to keep honest neighbors honest. I live in a condo, and keep my wireless locked down with WEP.
Link Posted: 3/4/2006 9:36:20 AM EDT
Everyone running wireless routers just needs to set up some sniffers on their rigs. Once you find the passwords of a few people piggybacking on your connection, fuck 'em over by changing some accounts and maybe they'll learn their lesson.
Link Posted: 3/4/2006 9:37:07 AM EDT
I caught my neighbor doing this a while back. I let it go for a while ,as he was just checking email and so forth after the hurricanes. But then he started dragging down my whole network, downloading shit and so forth well after he was able to get internet back at his house.

Previously, I was leaving my network open to sort of return the favor, as I sometimes hop on a wireless network if I'm out traveling. But, with my neighbor constantly leeching my bandwidth, I've decided to finally close it off.
Link Posted: 3/4/2006 9:37:55 AM EDT
Just activate the WEP security
Link Posted: 3/4/2006 9:39:09 AM EDT

Originally Posted By Barrelburner:
Just activate the WEP security



WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested.
Link Posted: 3/4/2006 9:40:02 AM EDT

Originally Posted By Barrelburner:
Just activate the WEP security



Better yet, people should stop stealing. Amazing concept, huh?
Link Posted: 3/4/2006 9:45:10 AM EDT

Originally Posted By mr_camera_man:
bash.org/?202477



(Mootar) morons.
(Mootar) these people who live in my apartment complex are connected to my wireless
(Mootar) they must think they're super-cool hackers by breaking into my completely unsecure network
(Mootar) unfortunatly, the connection works both ways
(Mootar) long story short, they now have loads of horse porn on their computer



Edit: WEP or WPA is trivial to set up, for anyone who bothers to read the manual. The older WEP standard is easier to break, but still takes hours and is enough to keep honest neighbors honest. I live in a condo, and keep my wireless locked down with WEP.

ARP replay attacks can break WEP in minutes.
Link Posted: 3/4/2006 9:58:01 AM EDT

Originally Posted By Zack3g:

Originally Posted By Barrelburner:
Just activate the WEP security



WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested.



Harder? My stock Windows computer lets me set my internal WiFi card to any MAC I want. All I'd have to do is sniff the network and observe a good MAC, then use that one. Maybe not trivial, but easier then setting up a sniffer and traffic stimulator to crack WEP.
Link Posted: 3/4/2006 9:58:48 AM EDT
[Last Edit: 3/4/2006 3:06:56 PM EDT by mr_camera_man]

Originally Posted By mgw1181:
ARP replay attacks can break WEP in minutes.


I'm aware of that. My wife is using an older model iBook, and I don't believe a WPA capable card is available for it. For now, the best I can do is the combination of WEP and MAC filtering, until I can afford a nicer laptop for her.
Link Posted: 3/4/2006 10:00:02 AM EDT

Originally Posted By roboman:
Everyone running wireless routers just needs to set up some sniffers on their rigs. Once you find the passwords of a few people piggybacking on your connection, fuck 'em over by changing some accounts and maybe they'll learn their lesson.



Yea, you could run them crazy that way.
Not messing with their money/bank accounts (you could get jail for that) but just every once and a while, sending bogus emails to people they know, making posts to forums they get on, ect. Not to mention what you could do with business contacts. They could end up very embarassed.....
~
Link Posted: 3/4/2006 10:04:47 AM EDT
Personally, in my house we are using hardwired CAT5/6 cables. It is kind of messy, but the speed more than makes up for it. It is somewhat a waste to get 5Mbps cable internet access and to be restrained by a wireless router, even it is the new higher speed versions.
Link Posted: 3/4/2006 10:06:58 AM EDT
[Last Edit: 3/4/2006 10:13:37 AM EDT by warlord]

Originally Posted By Floppy_833:

Originally Posted By roboman:
Everyone running wireless routers just needs to set up some sniffers on their rigs. Once you find the passwords of a few people piggybacking on your connection, fuck 'em over by changing some accounts and maybe they'll learn their lesson.



Yea, you could run them crazy that way.
Not messing with their money/bank accounts (you could get jail for that) but just every once and a while, sending bogus emails to people they know, making posts to forums they get on, ect. Not to mention what you could do with business contacts. They could end up very embarassed.....
~


Actually a crazy way to screw with the leechers is just to turn the modem OFF whn you're not using it, that will surprise the $hit out of people who are downloading the 100MB porn movies, or the guy with BT that was running for 10 hours.
Link Posted: 3/4/2006 10:07:49 AM EDT
[Last Edit: 3/4/2006 10:08:17 AM EDT by Engineer]
For those that are too lazy to set up WEP/WPA/MAC address filtering - just turn off SSID broadcast and that will solve most of the freeloading problems...
Link Posted: 3/4/2006 10:11:52 AM EDT

Originally Posted By Zack3g:

Originally Posted By Barrelburner:
Just activate the WEP security



WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested.



A layer two spoof takes around ten seconds and every netstumblin bum in the world knows how to do it.

AES/PSK is a bare minimum. IPSEC Is better.
Link Posted: 3/4/2006 10:22:38 AM EDT
[Last Edit: 3/4/2006 10:31:29 AM EDT by PeteCO]
I recant my previous post.

I had no clue it was that easy to crack.

I was going to pick up some wireless stuff this weekend so my wife could get on the web with her laptop, and so I could communicate with my server which is now in the basement.

Fuck that. Looks like I'll be dropping in a cable plant in a few weeks, rather than wireless this weekend. I have some fairly confidential financial shit for work on my machines, as well as some potentially valuable source code.


I got out of the network side of IT before I got to mess with stuff like wireless and IPSec, and I have no desire to try to configure that stuff on my LAN.

I had always figured WEP with encryption would be nice and secure.
Link Posted: 3/4/2006 10:28:18 AM EDT

Originally Posted By roboman:
Everyone running wireless routers just needs to set up some sniffers on their rigs. Once you find the passwords of a few people piggybacking on your connection, fuck 'em over by changing some accounts and maybe they'll learn their lesson.



How difficult is it to "set up sniffers"? I have a Netgear wireless router that I don't use much and could just hook it up on the odd occasion that I use my laptop. It WOULD be kinda cool to mess with the mind of folks who piggyback on it though. Even if I just cut them off randomly when they go online..... Prolly would drive 'em batty. I really don't want to be TOO good of a neighbor!!
Link Posted: 3/4/2006 10:44:05 AM EDT
[Last Edit: 3/4/2006 10:48:14 AM EDT by ProfGAB101]
I broke down on I40 (in AZ) in an area with no cell service signal. (middle of desert...)

I fired up my laptop - and behold - 3 wireless networks are found - 1 @ 40% sig strength was open.

I used Skype to call a tow...

I don't use wireless @ home - I have it for when working onsite jobs.

If I ever do add wireless I will run it thru a spare W2003Server sys. I will leave it open to unknown users, but there connections will be capped to alittle better than dialup speed and it will be fully logged.

System like in use at some airports.... We're watching what your watching....

Edit: After I got home I called up a sat image of where I was. Just on the other side of a little hill was a group of about 20 houses. - Still I figure it was about 300yrds... I guess I was just real lucky.
Link Posted: 3/4/2006 11:30:12 AM EDT
THis stuff is so far beyond me....

I did set up the wireless in my dad's house, and set up the WEP, non key provided, so I had to enter the WEP address on the laptops.

What else should I do? He surfs wirelessly, and my laptop upstairs is wireless. My other 2 computers are in the basement. running hardlines through my lynksys router, into his wireless router...
Link Posted: 3/4/2006 11:39:49 AM EDT

Originally Posted By PeteCO:
I recant my previous post.

I had no clue it was that easy to crack.

I was going to pick up some wireless stuff this weekend so my wife could get on the web with her laptop, and so I could communicate with my server which is now in the basement.

Fuck that. Looks like I'll be dropping in a cable plant in a few weeks, rather than wireless this weekend. I have some fairly confidential financial shit for work on my machines, as well as some potentially valuable source code.


I got out of the network side of IT before I got to mess with stuff like wireless and IPSec, and I have no desire to try to configure that stuff on my LAN.

I had always figured WEP with encryption would be nice and secure.



While WEP is easy to crack, I wouldn't really worry about it. Why should a hacker take the time to break the security when he can just drive down the road and find more networks that are unsecured?
Link Posted: 3/4/2006 11:40:40 AM EDT

Originally Posted By Hydguy:
THis stuff is so far beyond me....

I did set up the wireless in my dad's house, and set up the WEP, non key provided, so I had to enter the WEP address on the laptops.

What else should I do? He surfs wirelessly, and my laptop upstairs is wireless. My other 2 computers are in the basement. running hardlines through my lynksys router, into his wireless router...



Turn off the SSID broadcast and turn on MAC filtering. It isn't 100% foolproof, but I doubt anyone would take the time and effort to break in.
Link Posted: 3/4/2006 12:24:24 PM EDT
Link Posted: 3/4/2006 12:26:20 PM EDT

Originally Posted By guardian855:

Originally Posted By Hydguy:
THis stuff is so far beyond me....

I did set up the wireless in my dad's house, and set up the WEP, non key provided, so I had to enter the WEP address on the laptops.

What else should I do? He surfs wirelessly, and my laptop upstairs is wireless. My other 2 computers are in the basement. running hardlines through my lynksys router, into his wireless router...



Turn off the SSID broadcast and turn on MAC filtering. It isn't 100% foolproof, but I doubt anyone would take the time and effort to break in.

\

And how does one go about doing that?
Link Posted: 3/4/2006 12:31:41 PM EDT
I'm still trying to convince my parents that Dad's social security number is not a good password to use for the wireless router. Mom wants something secure and picked it, Dad didnt realize at the time that anyone could sniff it but now Mom is too set in her ways to let Dad change it.

Kharn
Link Posted: 3/4/2006 12:34:12 PM EDT

Originally Posted By Hydguy:

Originally Posted By guardian855:

Originally Posted By Hydguy:
THis stuff is so far beyond me....

I did set up the wireless in my dad's house, and set up the WEP, non key provided, so I had to enter the WEP address on the laptops.

What else should I do? He surfs wirelessly, and my laptop upstairs is wireless. My other 2 computers are in the basement. running hardlines through my lynksys router, into his wireless router...



Turn off the SSID broadcast and turn on MAC filtering. It isn't 100% foolproof, but I doubt anyone would take the time and effort to break in.

\

And how does one go about doing that?




Read the directions
Link Posted: 3/4/2006 1:04:58 PM EDT
Link Posted: 3/4/2006 1:11:37 PM EDT
tag
Link Posted: 3/4/2006 1:18:50 PM EDT
Link Posted: 3/4/2006 1:20:54 PM EDT
Teft. Plain and simple.
Link Posted: 3/4/2006 1:25:08 PM EDT

Originally Posted By cmjohnson:
Quite frankly I don't even get this wireless networking thing. Is it THAT much of a chore to plug
a cable into your networking jack?


I suspect that a lot of folks don't like the tangle of cable, and would rather endure the slower transfer speeds and of course sharing the modem with the world.
Link Posted: 3/4/2006 1:42:39 PM EDT

"I always find people out there who aren't protecting their connection, so I just feel free to go ahead and use it," Mr. Caroso said. He added that he tapped into a stranger's network mainly for Web surfing, keeping up with e-mail, text chatting with friends in foreign countries and doing homework.


So if someone leaves their car unlocked, that means they want you to have it, right?
Link Posted: 3/4/2006 1:56:21 PM EDT

Please refer to every post I've made in the three or so previous threads (aka shitshorms) on this topic. It will save me and everyone else a lot of time.

Jim
Link Posted: 3/4/2006 2:03:46 PM EDT
This attitude that "it isn't stealing" pisses me off to no end.

There you have it: the end result of Generation Y and late Gen X.

Wouldn't it be precious to knock next door and beat the living shit of the thieving motherfucker.
Link Posted: 3/4/2006 2:11:57 PM EDT

Originally Posted By Floppy_833:

Originally Posted By roboman:
Everyone running wireless routers just needs to set up some sniffers on their rigs. Once you find the passwords of a few people piggybacking on your connection, fuck 'em over by changing some accounts and maybe they'll learn their lesson.



Yea, you could run them crazy that way.
Not messing with their money/bank accounts (you could get jail for that) but just every once and a while, sending bogus emails to people they know, making posts to forums they get on, ect. Not to mention what you could do with business contacts. They could end up very embarassed.....
~



B#!! $h!t, give 10% of their bank account to ten different charities and then secure your system, its for the children
Link Posted: 3/4/2006 2:33:42 PM EDT

Originally Posted By 1Andy2:

"I always find people out there who aren't protecting their connection, so I just feel free to go ahead and use it," Mr. Caroso said. He added that he tapped into a stranger's network mainly for Web surfing, keeping up with e-mail, text chatting with friends in foreign countries and doing homework.


So if someone leaves their car unlocked, that means they want you to have it, right?




The problem is that a lot of people actually do leave it open on purpose, to be nice I guess, and it's hard to know which is which. It's also possible to bascially do it by accident as most newer systems will automatically glom onto the first open network they find when you turn them on.

I don't know how many wireless networks I've discovered that still had the default passowrd on the router. When I find those (uaually in office buildings when visiting clients) I make an effort to track them down and warn them.
Link Posted: 3/4/2006 2:43:27 PM EDT

Originally Posted By SWO_daddy:
This attitude that "it isn't stealing" pisses me off to no end.

There you have it: the end result of Generation Y and late Gen X.

Wouldn't it be precious to knock next door and beat the living shit of the thieving motherfucker.



I don't think its a generation issue. One of the people who was quoted in the article was an old lady.
Link Posted: 3/4/2006 2:48:34 PM EDT

Originally Posted By Zack3g:

Originally Posted By Barrelburner:
Just activate the WEP security



WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested.



I'm guessing that 9 out of 10 people leeching wireless connections would not know how to do that.
Link Posted: 3/4/2006 2:57:58 PM EDT

Originally Posted By GotGuns:

Originally Posted By Zack3g:

Originally Posted By Barrelburner:
Just activate the WEP security



WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested.



I'm guessing that 9 out of 10 people leeching wireless connections would not know how to do that.





The six dumbest ways to secure a wireless LAN

MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the person's name tag and compares it to his list of names and determines whether to open the door or not. Do you see a problem here? All someone needs to do is watch an authorized person go in and forge a name tag with that person's name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain.

SSID hiding: There is no such thing as "SSID hiding". You're only hiding SSID beaconing on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden and all youve achieved is cause problems for Wi-Fi roaming when a client jumps from AP to AP. Hidden SSIDs also makes wireless LANs less user friendly. You dont need to take my word for it. Just ask Robert Moskowitz who is the Senior Technical Director of ICSA Labs in his white paper Debunking the myth of SSID hiding.

LEAP authentication: The use of Cisco LEAP authentication continues to be the single biggest mistake that corporations make with their wireless LAN because they leave themselves wide open to attack. Cisco still tells their customers that LEAP is fine so long as strong passwords are used. The problem is that strong passwords are an impossibility for humans to deal with. If you doubt this, try a password audit of all the users in your organization and see how long it takes to crack 99% of all passwords. 99% of organizations will flunk any password audit for most of their users within hours. Any attempt to enforce strong passwords will result in passwords written on sticky notes. Since Joshua Wright released a toolthat can crackLEAP with lighting speed, Cisco was forced to come out with a better alternative to LEAP and they came up with an upgradeto LEAP calledEAP-FAST. Unfortunately, EAP-FAST still falls short in security with its default installation. Although Cisco makes LEAP and EAP-FAST freely available to partners for the client end, the same is not true for Access Points.LEAP and EAP-FAST are essentially two proprietary protocolsthat Cisco employs as a strategy to monopolize the Access Point market. There are open standards based EAP mechanisms like EAP-TLS, EAP-TTLS, and PEAP which are all much more secure than either LEAP or EAP-FAST and they work on all Access Points and client adapters, not just Cisco. Cisco does support open standard EAPs just like everyone else so you should always use open EAP standards to get better security and avoid the hardware lock-in.

Disable DHCP: This is much more of waste of time than it is a security break. DHCP allows the automatic assignment of IP addresses and other configurations. Disabling DHCP has zero security value and just wastes time. It would take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address. Anyone who tells you that this is a way to secure your wireless LAN doesn't know what they're talking about.

Antenna placement: I've heard the craziest thing from so called security experts that actually tell people to only put their Access Points in the center of their building and put them at minimal power. Antenna placement does nothing to deter hackers. Remember, the hacker will always have a bigger antenna than you which can home in on you from a mile away. Making a wireless LAN so weak only serves to make the wireless LAN useless. Antenna placement and power output should be designed for maximum coverage and minimum interference. It should never be used as a security mechanism.

Just use 802.11a or Bluetooth: Fortunately, I haven't heard this one for a while. There were so called security experts that went around telling people that they simply needed to switch to 802.11a or Bluetooth to secure their wireless LAN. 802.11a refers to a physical transport mechanism of wireless LAN signals over the air, it does not refer to a security mechanism in any way.

Link Posted: 3/4/2006 2:59:00 PM EDT
I have setup a wireless honey-pot in my apartment complex. I call it a "hAccess Point". Its a machine and a 200mw access point connected together and cut off my network and internet connection. No protection at all. I have a webserver with a special redirect firewall running on it. When someone jumps on my hAccess Point they get an IP. When they try to browse out they get redirected to my webserver page with a friendly message. Additionally, MAC, IP, browser, and any other information is logged. Also, I included the ability for them to leave me a message or perform a port scan on themselves at their discretion (no messages or port scans yet).

I was bored one night

-Foxxz
Link Posted: 3/4/2006 2:59:31 PM EDT

Originally Posted By Tomislav:

Originally Posted By Barrelburner:
Just activate the WEP security



Better yet, people should stop stealing. Amazing concept, huh?



No s***, how about basic honesty
Link Posted: 3/4/2006 3:01:51 PM EDT

The six dumbest ways to secure a wireless LAN


These 6 dumb ways keep most people off your AP. Also, the author really had no suggestions on how to fix the problem.

I can point out problems too. Many people can. Few offer viable solutions.

-Foxxz
Link Posted: 3/4/2006 3:03:39 PM EDT

Originally Posted By Foxxz:

The six dumbest ways to secure a wireless LAN


These 6 dumb ways keep most people off your AP. Also, the author really had no suggestions on how to fix the problem.

I can point out problems too. Many people can. Few offer viable solutions.

-Foxxz



IPSEC

512 bit AES/psk

Any other comments?

No?
Link Posted: 3/4/2006 3:04:23 PM EDT
[Last Edit: 3/4/2006 3:12:11 PM EDT by PeteCO]

Originally Posted By GotGuns:

Originally Posted By Zack3g:

Originally Posted By Barrelburner:
Just activate the WEP security



WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested.



I'm guessing that 9 out of 10 people leeching wireless connections would not know how to do that.



Well, if it's just a matter of spoofing a mac and doing some sniffing, I could still manage that, and I haven't been in networking for about 6 years. I'd bet my left nut no one could get into my W 2003 box, but my XP box and linux box I'm not so sure of.
Link Posted: 3/4/2006 3:04:28 PM EDT
[Last Edit: 3/4/2006 3:05:58 PM EDT by John_Wayne777]
Well a simple solution would be to encrypt your connection and then restrict the access to your connection to only the NICs you own, which would eliminate the problem.
Link Posted: 3/4/2006 3:07:10 PM EDT
[Last Edit: 3/4/2006 3:08:04 PM EDT by NimmerMehr]

Originally Posted By guardian855:
While WEP is easy to crack, I wouldn't really worry about it. Why should a hacker take the time to break the security when he can just drive down the road and find more networks that are unsecured?



Yup, like locking your doors. If they REALLY want in, they'll bring a crowbar and break glass, but it will keep the bored and the children out.
Link Posted: 3/4/2006 3:10:12 PM EDT

Originally Posted By Sub-MOA:

Originally Posted By Foxxz:

The six dumbest ways to secure a wireless LAN


These 6 dumb ways keep most people off your AP. Also, the author really had no suggestions on how to fix the problem.

I can point out problems too. Many people can. Few offer viable solutions.

-Foxxz



IPSEC

512 bit AES/psk

Any other comments?

No?



Do many APs support IPSEC? No.
Do many people even know what IPSEC is or how to set it up? No.
If you set up IPSEC on your laptop will it offer you any extra security without a compadible host or termination point? No.

-Foxxz
Link Posted: 3/4/2006 3:15:11 PM EDT

Originally Posted By Foxxz:

Originally Posted By Sub-MOA:

Originally Posted By Foxxz:

The six dumbest ways to secure a wireless LAN


These 6 dumb ways keep most people off your AP. Also, the author really had no suggestions on how to fix the problem.

I can point out problems too. Many people can. Few offer viable solutions.

-Foxxz



IPSEC

512 bit AES/psk

Any other comments?

No?



Do many APs support IPSEC? No.
Do many people even know what IPSEC is or how to set it up? No.
If you set up IPSEC on your laptop will it offer you any extra security without a compadible host or termination point? No.

-Foxxz



or AES for that matter

Fact is, if your hardware does not support a strong encrypted tunnel (WPA ain’t it) then you are screwed. Someone with enough free time will eventually be using your network.

All the folklore surrounding the subject is just there to make people feel better about that little factoid.
Link Posted: 3/4/2006 3:29:16 PM EDT
[Last Edit: 3/4/2006 3:30:14 PM EDT by Foxxz]
This is the problem exactly. There are no industry standards for securing it. B & G wifi is getting old hat and no one is going to revisit the problem with N and WImax right around the corner. 64 bit encryption would be alright with 128 and 256 being preferred if there are no weaknesses in the key distribution and weak IVs which was one of the main problems with WEP.

Coincidently many encrypted connections over the net still occasionally use or fallback to things like DES (56 bit). AES 128, 256, and 3DES prefered. SHA1 and then MD5 for hashes.

WEP/WPA and MAC filtering will keep most people off your AP. It won't keep determined people off your access point.

The basic point is: aside from going out of the way and setting up a VPN on your wifi connection, there is no full proof way to secure it. Case closed.

-Foxxz
Link Posted: 3/4/2006 3:41:27 PM EDT

Originally Posted By SWO_daddy:
This attitude that "it isn't stealing" pisses me off to no end.

There you have it: the end result of Generation Y and late Gen X.

Wouldn't it be precious to knock next door and beat the living shit of the thieving motherfucker.


Wow, you're a bitter old bird aren't you?
Perhaps you missed the part of the article where an old lady was going to play dumb if caught?

Theives are thieves, and there are plenty of them in every generation.

So why don't you get off your self-righteous high horse?
Arrow Left Previous Page
Page / 2
Top Top