WHY DON'T YOU LOCK YOUR WIRELESS NETWORK???
I'm sitting here on the 35th floor of the Sheraton Seattle with nothing more than a laptop and a Lucent Gold Wireless Card (bout $70 thse days)... no antennas, nothing... and I can see over 30 wireless networks, 10 or 12 of them have NO ENCRYPTION whatsoever.
So, not only am I using someone's bandwidth, I could access all of their company's internal resources...
I want to get my car fitted with a 12dB omni and GPS, so I can go wardriving!
I'm sitting here on the 35th floor of the Sheraton Seattle with nothing more than a laptop and a Lucent Gold Wireless Card (bout $70 thse days)... no antennas, nothing... and I can see over 30 wireless networks, 10 or 12 of them have NO ENCRYPTION whatsoever.
So, not only am I using someone's bandwidth, I could access all of their company's internal resources...
I want to get my car fitted with a 12dB omni and GPS, so I can go wardriving!
My home AP isn't protected. I don't want the overhead of WEP (which causes a performance hit). My PCs are running current patched XP with a software firewall, so its remote that you're getting in. I could care less if someone wanted to use my cable company's bandwidth. And from what I've read, hacking WEP is pretty trivial for someone that really wants to get in.
Our Work AP's aren't protected either, but the hitch is that they are all attached to our "bastion" subnet, which is where our internet/external servers sit. To use wireless, you have to VPN in, even though you're in the building. Again, I think out telecom guys aren't concerned if someone wants to use it for some freeloading surfing.
[This message has been edited by skofarrell (edited 01-18-2003).]
Our Work AP's aren't protected either, but the hitch is that they are all attached to our "bastion" subnet, which is where our internet/external servers sit. To use wireless, you have to VPN in, even though you're in the building. Again, I think out telecom guys aren't concerned if someone wants to use it for some freeloading surfing.
[This message has been edited by skofarrell (edited 01-18-2003).]
They are learning, albeit slowly. It still amazes me.
Some of those might be open to the public by the owner/user. This is becoming common in larger cities. For example, this company
http://www.newburyopen.net/
provides free Wi-Fi access on Newbury St in Boston.
------------------
Michael Steinberg
Editor
BizTrip
www.biztrip.com
Some of those might be open to the public by the owner/user. This is becoming common in larger cities. For example, this company
http://www.newburyopen.net/
provides free Wi-Fi access on Newbury St in Boston.
------------------
Michael Steinberg
Editor
BizTrip
www.biztrip.com
Believe me, the WEP does NOT take a significant performance hit. Go to www.extremetech.com if you want proof.
Why is it not wise to leave your internet connection open? What if some hacker used YOUR IP address / internet connection to hack a bank, or the military installations, or send out a terrorist threat to the public? Or more likely, if they used it to send out SPAM or viruses? You could be in a world of trouble...
WEP is NOT trivial to get in. The hacker must scan about 500MB of data in order to guess your password. For those who are extremely paranoid, they can change the encryption key daily and it should be more than secure. In addition, you should secure your AP with a read/write password, so someone does not corrupt or lock you out of your AP. In addition, you should use MAC filtering so that the hacker would have to emulate your MAC address before they have access to your AP.
Bottom line, you wouldn't let someone make unlimited free local phone calls on your home phone, so why would you let someone surf the web with your AP?
IMO it's even more dangerous for businesses to leave their wireless network open, because of the possibility of damage that may be caused when some outsider sends inappropriate information or hacks other websites with their internet connection. That business may well be hit with a lawsuit for being the source of the hack...
[This message has been edited by UALOneKPlus (edited 01-18-2003).]
Why is it not wise to leave your internet connection open? What if some hacker used YOUR IP address / internet connection to hack a bank, or the military installations, or send out a terrorist threat to the public? Or more likely, if they used it to send out SPAM or viruses? You could be in a world of trouble...
WEP is NOT trivial to get in. The hacker must scan about 500MB of data in order to guess your password. For those who are extremely paranoid, they can change the encryption key daily and it should be more than secure. In addition, you should secure your AP with a read/write password, so someone does not corrupt or lock you out of your AP. In addition, you should use MAC filtering so that the hacker would have to emulate your MAC address before they have access to your AP.
Bottom line, you wouldn't let someone make unlimited free local phone calls on your home phone, so why would you let someone surf the web with your AP?
IMO it's even more dangerous for businesses to leave their wireless network open, because of the possibility of damage that may be caused when some outsider sends inappropriate information or hacks other websites with their internet connection. That business may well be hit with a lawsuit for being the source of the hack...
Quote:
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by skofarrell:
My home AP isn't protected. I don't want the overhead of WEP (which causes a performance hit). My PCs are running current patched XP with a software firewall, so its remote that you're getting in. I could care less if someone wanted to use my cable company's bandwidth. And from what I've read, hacking WEP is pretty trivial for someone that really wants to get in.
Our Work AP's aren't protected either, but the hitch is that they are all attached to our "bastion" subnet, which is where our internet/external servers sit. To use wireless, you have to VPN in, even though you're in the building. Again, I think out telecom guys aren't concerned if someone wants to use it for some freeloading surfing.
[This message has been edited by skofarrell (edited 01-18-2003).]</font>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by skofarrell:
My home AP isn't protected. I don't want the overhead of WEP (which causes a performance hit). My PCs are running current patched XP with a software firewall, so its remote that you're getting in. I could care less if someone wanted to use my cable company's bandwidth. And from what I've read, hacking WEP is pretty trivial for someone that really wants to get in.
Our Work AP's aren't protected either, but the hitch is that they are all attached to our "bastion" subnet, which is where our internet/external servers sit. To use wireless, you have to VPN in, even though you're in the building. Again, I think out telecom guys aren't concerned if someone wants to use it for some freeloading surfing.
[This message has been edited by skofarrell (edited 01-18-2003).]</font>
[This message has been edited by UALOneKPlus (edited 01-18-2003).]
Slightly OT: Markbach's post has inspired me to post the questions I've got re wireless. Appreciate any wisdom at
http://www.flyertalk.com/travel/fttr...ML/000218.html
http://www.flyertalk.com/travel/fttr...ML/000218.html
WEP is a good idea but one of the most sure ways to make sure your wireless network isn't penetrated is to control signal leakage. Can't hack the network if you can't pick it up. To that end, tightly controlling power levels (on APs that allow it) and using highly directional antennas can mitigate much of the threat. For that last bit, there's a new way to make your network 'invisible' that I plan to try out just as soon as I can throw up another Linux box at the office called FakeAP. Basically it emulates THOUSANDS of access points. The chances of anyone actually finding your network is slim to none.
In Memoriam
While I'm in a residential area, and don't think many people would be accessing my network, I still locked it. I know I would be one of the people looking for networks if I had time, so I know others do too.
Not that I have anything worth stealing, just don't want to come home someday and find some joker thought it would be a blast to have all my printers print all day or something (as they are shared). I've also told the router which addresses to accept, for a second level.
Not that I have anything worth stealing, just don't want to come home someday and find some joker thought it would be a blast to have all my printers print all day or something (as they are shared). I've also told the router which addresses to accept, for a second level.
I've got the proprietary Lucent network, with the "Closed" network setting. It is a stealth mode that is very secure... Very nice security from the best, Orinoco, aka Lucent.
Quote:
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by kanebear:
WEP is a good idea but one of the most sure ways to make sure your wireless network isn't penetrated is to control signal leakage. Can't hack the network if you can't pick it up. To that end, tightly controlling power levels (on APs that allow it) and using highly directional antennas can mitigate much of the threat. For that last bit, there's a new way to make your network 'invisible' that I plan to try out just as soon as I can throw up another Linux box at the office called FakeAP. Basically it emulates THOUSANDS of access points. The chances of anyone actually finding your network is slim to none. </font>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by kanebear:
WEP is a good idea but one of the most sure ways to make sure your wireless network isn't penetrated is to control signal leakage. Can't hack the network if you can't pick it up. To that end, tightly controlling power levels (on APs that allow it) and using highly directional antennas can mitigate much of the threat. For that last bit, there's a new way to make your network 'invisible' that I plan to try out just as soon as I can throw up another Linux box at the office called FakeAP. Basically it emulates THOUSANDS of access points. The chances of anyone actually finding your network is slim to none. </font>
If someone wants to hack a bank using my AP while sitting in my residential driveway (given the range that's where they have to be sitting), have at it.
Maybe its my hardware, but I see a 15-20% drop in throughput when WEP is on.
Maybe its my hardware, but I see a 15-20% drop in throughput when WEP is on.
It's pretty easy to crack MAC access control. My D-Link wireless card came with a utility to SET the MAC address. You just need to sniff some successful traffic, find a good MAC address, then steal theirs. There are a few wrinkles, such as you can't both be using the same MAC address at the same time, etc.
There are tools that make it easy (but time-consuming) to crack WEP. As stated above, WEP is pretty good security if you change the key. But if you have more than 2 or 3 users, you really can't change the key very often.
The better solution is 802.1x authentication, coupled with WEP. Here's a decent presentation about the subject: http://www.shmoo.com/1x/html/802.1x_files/frame.htm
There are tools that make it easy (but time-consuming) to crack WEP. As stated above, WEP is pretty good security if you change the key. But if you have more than 2 or 3 users, you really can't change the key very often.
The better solution is 802.1x authentication, coupled with WEP. Here's a decent presentation about the subject: http://www.shmoo.com/1x/html/802.1x_files/frame.htm
wouldn't it be a lot easier to do your wireless hacking at a Starbucks than my house? 
In Memoriam
Yeah, but hackers know they can hack a starbucks, to them it's nore fun at your house. It's the hunt, not the catch.
I see the sidewalk markings in Manhattan all the time now for open networks, makes you smail wondering how many times the IT guy walks by at lunch not knowing it's about his network.
I see the sidewalk markings in Manhattan all the time now for open networks, makes you smail wondering how many times the IT guy walks by at lunch not knowing it's about his network.
Suspended
I just run LEAP at home with the Cisco AP/card. Then again, I've got my place wired too.