User Panel
Posted: 3/4/2006 9:31:39 AM EDT
The New York Times
March 5, 2006 Hey Neighbor, Stop Piggybacking on My Wireless By MICHEL MARRIOTT For a while, the wireless Internet connection Christine and Randy Brodeur installed last year seemed perfect. They were able to sit in their sunny Los Angeles backyard working on their laptop computers. But they soon began noticing that their high-speed Internet access had become as slow as rush-hour traffic on the 405 freeway. "I didn't know whether to blame it on the Santa Ana winds or what," recalled Mrs. Brodeur, the chief executive of Socket Media, a marketing and public relations agency. The "what" turned out to be neighbors who had tapped into their system. The additional online traffic nearly choked out the Brodeurs, who pay a $40 monthly fee for their Internet service, slowing down their access until it was practically unusable. Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture. "I don't think it's stealing," said Edwin Caroso, a 21-year-old student at Miami Dade College in Miami, echoing an often-heard sentiment. "I always find people out there who aren't protecting their connection, so I just feel free to go ahead and use it," Mr. Caroso said. He added that he tapped into a stranger's network mainly for Web surfing, keeping up with e-mail, text chatting with friends in foreign countries and doing homework. Many who piggyback say the practice does not feel like theft because it does not seem to actually take anything away from anyone. One occasional piggybacker user recently compared it to "reading the newspaper over someone's shoulder." Piggybacking, makers of wireless routers say, is increasingly an issue for users who live in densely populated areas like New York City or Chicago, or for anyone clustered in apartment buildings in which Wi-Fi radio waves, with an average range of about 200 feet, can easily bleed through walls, floors and ceilings. Large hotels that offer the service have become bubbling brooks of free access that spill out into nearby homes and restaurants. "Wi-Fi is in the air and it is a very low curb, if you will, to step up and use it," said Mike Wolf of ABI Research, a high-technology market research company in Oyster Bay, N.Y. This is especially true, Mr. Wolf said, when so many users do not bother to secure their networks with passwords or encryption programs. The programs are usually shipped with customers' wireless routers, devices that plug into an Internet connection and makes access to it wireless. Many home network owners admit that they are oblivious to their piggybackers. Some, like Marla Edwards, who believe they had locked intruders out of their networks, learn otherwise. Ms. Edwards, a junior at Baruch College in New York, said her husband recently discovered that their home network was not secure after a visiting friend with a laptop easily hopped on their network. "There's no gauge, no measuring device that says 48 people are using your access," Ms. Edwards said. When Mr. Wolf turns on his computer in his suburban Seattle home, he regularly sees on his screen a list of two or three wireless networks that do not belong to him but are nonetheless available for use. Mr. Wolf uses his own wired network at home, but he admits that he has piggybacked onto someone else's wireless network when traveling. "On a family vacation this summer we needed to get access," Mr. Wolf recalled, explaining that his father, who brought along his laptop, needed to send an e-mail message to his boss from Ocean Shores, Wash., to the East Coast. "I said, 'O.K., let's drive around the beach with the window open.' We found a signal and the owner of the network was none the wiser," Mr. Wolf said. "It took about five minutes." Jonathan Bettino, a senior product marketing manager for the Belkin Corporation, a major maker of wireless network routers based in Compton, Calif., said home-based wireless networks were becoming a way of life. Unless locking out unauthorized users becomes commonplace, piggybacking is likely to increase too. Last year, Mr. Bettino said, there were more than 44 million broadband networks among the more than 100 million households in the United States. Of that number, 16.2 million are expected to be wireless by the end of this year. In 2003, only 3.9 million households had wireless access to the Internet, he said. Humphrey Cheung, the editor of a technology Web site, tomshardware.com, measured how plentiful open wireless networks have become. In April 2004, he and some colleagues flew two single-engine airplanes and over metropolitan Los Angeles with two wireless laptops. The project logged more than 4,500 wireless networks, with only about 30 percent of them encrypted to lock out outsiders, Mr. Cheung said. "Most people just plug the thing in," he said of those who buy wireless routers. "Ninety percent of the time it works. You stop at that point and don't bother to turn on its security." Martha Liliana Ramirez, who lives in Miami, said she had not thought much about securing her $100-a-month Internet connection until recently. Last August, Ms. Ramirez, 31, a real estate agent, discovered a man camped outside her condominium with a laptop pointed at her building. When Ms. Ramirez asked the man what he was doing, he said he was stealing a wireless Internet connection because he did not have one at home. She was amused but later had an unsettling thought: "Oh my God. He could be stealing my signal." Yet some six months later, Ms. Ramirez still has not secured her network. Beth Freeman, who lives in Chicago, has her own Internet access, but it is not wireless. Mostly for the convenience of using the Internet anywhere in her apartment, Ms. Freeman, 58, said that for the last six months she has been using a wireless network a friend showed her how to tap into. "I feel sort of bad about it, but I do it anyway," Ms. Freeman said her of Internet indiscretions. "It just seems harmless." And if she ever gets caught? "I'm a grandmother," Ms. Freeman said. "They're not going to yell at an old lady. I'll just play the dumb card." David Cole, director of product management for Symantec Security Response, a unit of Symantec, a maker of computer security software, said consumers should understand that an open wireless network invites greater vulnerabilities than a stampede of "freeloading neighbors." He said savvy users could piggyback into unprotected computers to peer into files containing sensitive financial and personal information, release malicious viruses and worms that could do irreparable damage, or use an unprotected computer as a launching pad for identity theft or the uploading and downloading of child pornography. "The best case is that you end up giving a neighbor a free ride," Mr. Cole said. "The worse case is that someone can destroy your computer, take your files and do some really nefarious things with your network that gets you dragged into court." Mr. Cole said that Symantec and other companies had created software that could not only lock out most network intruders but also could protect computers and their content if an intruder managed to gain access. Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access. "I'm sticking it to the man," said Elaine Ball, an Internet subscriber who lives in Chicago. She complained that she paid $65 a month for Internet access until she recently switched to a $20-a-month promotion plan that would go up to $45 a month after the first three months. "I open up my network, leave it wide open for anyone to jump on," Ms. Ball said. For the Brodeurs in Los Angeles, a close reading of their network's manual helped them to finally encrypt their network. The Brodeurs told the piggybackers that the network belonged to them and not to the neighborhood. While apologetic, some neighbors still wanted access to it. "Some of them asked me, 'Could we pay?' but we didn't want to go into the Internet service provider business," Mrs. Brodeur said. "We gave some weird story about the network imposing some sort of lockdown protocol." Andrea Zarate contributed reporting from Miami for this article, and Gretchen Ruethling from Chicago. * Copyright 2006The New York Times Company |
|
bash.org/?202477
Edit: WEP or WPA is trivial to set up, for anyone who bothers to read the manual. The older WEP standard is easier to break, but still takes hours and is enough to keep honest neighbors honest. I live in a condo, and keep my wireless locked down with WEP. |
|
|
Everyone running wireless routers just needs to set up some sniffers on their rigs. Once you find the passwords of a few people piggybacking on your connection, fuck 'em over by changing some accounts and maybe they'll learn their lesson.
|
|
I caught my neighbor doing this a while back. I let it go for a while ,as he was just checking email and so forth after the hurricanes. But then he started dragging down my whole network, downloading shit and so forth well after he was able to get internet back at his house.
Previously, I was leaving my network open to sort of return the favor, as I sometimes hop on a wireless network if I'm out traveling. But, with my neighbor constantly leeching my bandwidth, I've decided to finally close it off. |
|
WEP is easy to break if one knows how. MAC address filters are much harder, but still can be fooled with enough time invested. |
|
|
Better yet, people should stop stealing. Amazing concept, huh? |
|
|
|
||
|
Harder? My stock Windows computer lets me set my internal WiFi card to any MAC I want. All I'd have to do is sniff the network and observe a good MAC, then use that one. Maybe not trivial, but easier then setting up a sniffer and traffic stimulator to crack WEP. |
||
|
I'm aware of that. My wife is using an older model iBook, and I don't believe a WPA capable card is available for it. For now, the best I can do is the combination of WEP and MAC filtering, until I can afford a nicer laptop for her. |
|
|
Yea, you could run them crazy that way. Not messing with their money/bank accounts (you could get jail for that) but just every once and a while, sending bogus emails to people they know, making posts to forums they get on, ect. Not to mention what you could do with business contacts. They could end up very embarassed..... ~ |
|
|
Personally, in my house we are using hardwired CAT5/6 cables. It is kind of messy, but the speed more than makes up for it. It is somewhat a waste to get 5Mbps cable internet access and to be restrained by a wireless router, even it is the new higher speed versions.
|
|
Actually a crazy way to screw with the leechers is just to turn the modem OFF whn you're not using it, that will surprise the $hit out of people who are downloading the 100MB porn movies, or the guy with BT that was running for 10 hours. |
||
|
For those that are too lazy to set up WEP/WPA/MAC address filtering - just turn off SSID broadcast and that will solve most of the freeloading problems...
|
|
A layer two spoof takes around ten seconds and every netstumblin bum in the world knows how to do it. AES/PSK is a bare minimum. IPSEC Is better. |
||
|
I recant my previous post.
I had no clue it was that easy to crack. I was going to pick up some wireless stuff this weekend so my wife could get on the web with her laptop, and so I could communicate with my server which is now in the basement. Fuck that. Looks like I'll be dropping in a cable plant in a few weeks, rather than wireless this weekend. I have some fairly confidential financial shit for work on my machines, as well as some potentially valuable source code. I got out of the network side of IT before I got to mess with stuff like wireless and IPSec, and I have no desire to try to configure that stuff on my LAN. I had always figured WEP with encryption would be nice and secure. |
|
How difficult is it to "set up sniffers"? I have a Netgear wireless router that I don't use much and could just hook it up on the odd occasion that I use my laptop. It WOULD be kinda cool to mess with the mind of folks who piggyback on it though. Even if I just cut them off randomly when they go online..... Prolly would drive 'em batty. I really don't want to be TOO good of a neighbor!! |
|
|
I broke down on I40 (in AZ) in an area with no cell service signal. (middle of desert...)
I fired up my laptop - and behold - 3 wireless networks are found - 1 @ 40% sig strength was open. I used Skype to call a tow... I don't use wireless @ home - I have it for when working onsite jobs. If I ever do add wireless I will run it thru a spare W2003Server sys. I will leave it open to unknown users, but there connections will be capped to alittle better than dialup speed and it will be fully logged. System like in use at some airports.... We're watching what your watching.... Edit: After I got home I called up a sat image of where I was. Just on the other side of a little hill was a group of about 20 houses. - Still I figure it was about 300yrds... I guess I was just real lucky. |
|
THis stuff is so far beyond me....
I did set up the wireless in my dad's house, and set up the WEP, non key provided, so I had to enter the WEP address on the laptops. What else should I do? He surfs wirelessly, and my laptop upstairs is wireless. My other 2 computers are in the basement. running hardlines through my lynksys router, into his wireless router... |
|
While WEP is easy to crack, I wouldn't really worry about it. Why should a hacker take the time to break the security when he can just drive down the road and find more networks that are unsecured? |
|
|
Turn off the SSID broadcast and turn on MAC filtering. It isn't 100% foolproof, but I doubt anyone would take the time and effort to break in. |
|
|
And how does one go about doing that? |
||
|
I'm still trying to convince my parents that Dad's social security number is not a good password to use for the wireless router. Mom wants something secure and picked it, Dad didnt realize at the time that anyone could sniff it but now Mom is too set in her ways to let Dad change it.
Kharn |
|
Read the directions |
|||
|
There was a girl next door that her sister was misplaced by Katrina. We let her use our key to do her telecommuting for school work.
Now the sister and mother are pissed off because I changed the key and told them to get their own cable connection. |
|
Quite frankly I don't even get this wireless networking thing. Is it THAT much of a chore to plug
a cable into your networking jack? Of course, not having a laptop and not having any want, need, or desire for one is probably an important factor in my attitude. My desktop computer is the only one I have other than a very old laptop that I keep on hand for certain specialized, application-specific functions. Encryption, man. Use it. CJ |
|
I suspect that a lot of folks don't like the tangle of cable, and would rather endure the slower transfer speeds and of course sharing the modem with the world. |
|
|
So if someone leaves their car unlocked, that means they want you to have it, right? |
|
|
Please refer to every post I've made in the three or so previous threads (aka shitshorms) on this topic. It will save me and everyone else a lot of time. Jim |
|
This attitude that "it isn't stealing" pisses me off to no end.
There you have it: the end result of Generation Y and late Gen X. Wouldn't it be precious to knock next door and beat the living shit of the thieving motherfucker. |
|
B#!! $h!t, give 10% of their bank account to ten different charities and then secure your system, its for the children |
||
|
The problem is that a lot of people actually do leave it open on purpose, to be nice I guess, and it's hard to know which is which. It's also possible to bascially do it by accident as most newer systems will automatically glom onto the first open network they find when you turn them on. I don't know how many wireless networks I've discovered that still had the default passowrd on the router. When I find those (uaually in office buildings when visiting clients) I make an effort to track them down and warn them. |
||
|
I don't think its a generation issue. One of the people who was quoted in the article was an old lady. |
|
|
I'm guessing that 9 out of 10 people leeching wireless connections would not know how to do that. |
||
|
|
||||
|
I have setup a wireless honey-pot in my apartment complex. I call it a "hAccess Point". Its a machine and a 200mw access point connected together and cut off my network and internet connection. No protection at all. I have a webserver with a special redirect firewall running on it. When someone jumps on my hAccess Point they get an IP. When they try to browse out they get redirected to my webserver page with a friendly message. Additionally, MAC, IP, browser, and any other information is logged. Also, I included the ability for them to leave me a message or perform a port scan on themselves at their discretion (no messages or port scans yet).
I was bored one night -Foxxz |
|
No s***, how about basic honesty |
||
|
These 6 dumb ways keep most people off your AP. Also, the author really had no suggestions on how to fix the problem. I can point out problems too. Many people can. Few offer viable solutions. -Foxxz |
|
|
IPSEC 512 bit AES/psk Any other comments? No? |
||
|
Well, if it's just a matter of spoofing a mac and doing some sniffing, I could still manage that, and I haven't been in networking for about 6 years. I'd bet my left nut no one could get into my W 2003 box, but my XP box and linux box I'm not so sure of. |
|||
|
Well a simple solution would be to encrypt your connection and then restrict the access to your connection to only the NICs you own, which would eliminate the problem.
|
|
Yup, like locking your doors. If they REALLY want in, they'll bring a crowbar and break glass, but it will keep the bored and the children out. |
|
|
Do many APs support IPSEC? No. Do many people even know what IPSEC is or how to set it up? No. If you set up IPSEC on your laptop will it offer you any extra security without a compadible host or termination point? No. -Foxxz |
|||
|
or AES for that matter Fact is, if your hardware does not support a strong encrypted tunnel (WPA ain’t it) then you are screwed. Someone with enough free time will eventually be using your network. All the folklore surrounding the subject is just there to make people feel better about that little factoid. |
||||
|
This is the problem exactly. There are no industry standards for securing it. B & G wifi is getting old hat and no one is going to revisit the problem with N and WImax right around the corner. 64 bit encryption would be alright with 128 and 256 being preferred if there are no weaknesses in the key distribution and weak IVs which was one of the main problems with WEP.
Coincidently many encrypted connections over the net still occasionally use or fallback to things like DES (56 bit). AES 128, 256, and 3DES prefered. SHA1 and then MD5 for hashes. WEP/WPA and MAC filtering will keep most people off your AP. It won't keep determined people off your access point. The basic point is: aside from going out of the way and setting up a VPN on your wifi connection, there is no full proof way to secure it. Case closed. -Foxxz |
|
Wow, you're a bitter old bird aren't you? Perhaps you missed the part of the article where an old lady was going to play dumb if caught? Theives are thieves, and there are plenty of them in every generation. So why don't you get off your self-righteous high horse? |
|
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.