Unsecured wifi networks

optiplexgx270

Mine is unsecured by choice (my DVD player has issues connecting to the wireless when wep is on even though it supports it i just lost the patients getting it to work) but have a MAC filter in place. Which is better? i don't do any on-line trans on the wireless that involves credit cards etc.. So i don't mind ppl "seeing" my data just dont want them using my bandwidth.

watty

A Mac filter is no security.
An existing MAC can be cloned and used when the traffic for it stops.

WEP is also supposed to no longer be secure but there is a slight difference between shared (better) and open (worse).

Obvoiusly the best value of MAC filter or WEP is to prevent the accidental connection and demonstrate that the network is not public.

no SSID does not work either. You could put Private or Public in the SSID name to indicate use. I've seen SSIDs such as "Public connection" for ones intended to be freely used.

Even WAP is only secure really with a Radius server. The non-Radius version used SOHO is not secure.

If you are really concerned don't use WiFi or use a router that implements PPPoE/VPN and requires then the WiFi users to use VPN/PPPoE logon to connect at all.

thebman

cast_iron wrote:

WRONG. You have taken a portion of their download capacity for your own gain without their permission, and that IS ILLEGAL.

WRONG. You have taken a portion of their download capacity for your own gain without their permission, and that IS ILLEGAL.

WRONG. You have taken a portion of their download capacity for your own gain WITH their permission, and that IS LEGAL.

How do you know you don't have their permission when the router is publicly broadcasting its SSID, the network doesn't have any encryption and it hands out IP addresses to anyone?

That is the same as saying come on in! There is no keep out, private network notice so for all you know it is a public access point. If anyone actually got taken to court for it, they would most likely win especially if the network was being broadcast into their house.

To say its wrong under all circumstances is fantasy. Anyway since many providers don't actually charge for going over the download the limit, the person wouldn't be out anything depending on the network they use.

ixoy

Again on the issue of security - my router (LinkSys 54GL) had a number of options regarding WPA. Now I chose WPA - Personnal but noticed there was also WPA - Business, WPA2 - Personnal/Business.

From what I can make out, WPA2 is the finalized version of WPA and thus that margin better. The business version is more complex in both cases to set up but apparently more secure (to what degree I couldn't easily determine).

I would imagine then that if you implemented WPA2 - Personnal, non-SSID broadcasting, and filtered by MAC address you'd be more than secure in the sense that anyone bothering to hack into wireless a/cs would choose the 95%+ of wireless networks that would be easier to crack (no figures for that, but I imagine most are less secure).

Incidentally NTL's NetGear router - is it a modem/router or just a router? If it's the former, does it support WPA2 and is it easy to bridge these devices to setup my own router instead?

AlmightyCushion

chopperbyrne wrote:

I have no idea about the other providers, but Eircoms netopia routers come with 128bit WEP turned on by default.

They may have changed over to WPA since I left them. They were very security conscious when I was there.

Yes it is turned on by default but I think they all use the same password. So it's still very unsecure.

cast_iron

brim4brim wrote:

How do you know you don't have their permission when the router is publicly broadcasting its SSID, the network doesn't have any encryption and it hands out IP addresses to anyone?

I don't know any such thing. What I said was, if you don't have permission, it's illegal. Just because it's there, doesn't mean you have permission.

brim4brim wrote:

That is the same as saying come on in! There is no keep out, private network notice so for all you know it is a public access point.

It's the same as someone leaving the keys in the car and door open for someone to take. Very foolish, but that doesn't make stealing it okay.

brim4brim wrote:

To say its wrong under all circumstances is fantasy. Anyway since many providers don't actually charge for going over the download the limit, the person wouldn't be out anything depending on the network they use.

That's not the point. However, you are taking some of the real time bandwidth, so while someone is illgally using it, it will be slower for the owner.

chopperbyrne

AlmightyCushion wrote:

Yes it is turned on by default but I think they all use the same password. So it's still very unsecure.

No each router has a different WEP key.

Unless you've mistakenly been sent a router with the same Serial No as someone else.

I'd suggest switching over to WPA with MAC filtering too if you do use your home connection for purposes that would require a secure connection.

In general, WEP is fine for home use though.

JNive

It's the same as someone leaving the keys in the car and door open for someone to take. Very foolish, but that doesn't make stealing it okay.

Dont confuse it with accessing something and physically taking away from the owner.

With regards to open wifi etc, its far more equivalent to a person leaving the car doors open, and parking the car on the street, and a stranger sitting into, listening to the radio for a bit and then leaving it as it was and walking away.

He didnt 'break and enter', he didnt operate the car or move it, he just temporarily entered the vehicle which was publicly accessible on a public highway.

lol.

AlmightyCushion

chopperbyrne wrote:

No each router has a different WEP key.

Unless you've mistakenly been sent a router with the same Serial No as someone else.

I'd suggest switching over to WPA with MAC filtering too if you do use your home connection for purposes that would require a secure connection.

In general, WEP is fine for home use though.

I remeber reading somewhere that the eircom netopia routers used the same default key.

chopperbyrne

I worked there for close to two years. I tested those routers a lot. They all have different WEP keys.

Eircom uses the same PPPoE username/password for every user.

thebman

cast_iron wrote:

I don't know any such thing. What I said was, if you don't have permission, it's illegal. Just because it's there, doesn't mean you have permission.

It's the same as someone leaving the keys in the car and door open for someone to take. Very foolish, but that doesn't make stealing it okay.

That's not the point. However, you are taking some of the real time bandwidth, so while someone is illgally using it, it will be slower for the owner.

I'm not illegally connecting to someones network. They left it open for me to connect to. Therefore it was not dishonest. Its not like I'm hiding my presence, they can check which IP addresses and computer names are on their router. I've made no dishonest attempt to connect to the router. I simply connected to it because it was there and open for anyone to use. If they don't want me on it, all they have to do is secure it or ask me to stop using it.

cast_iron wrote:

I don't know any such thing. What I said was, if you don't have permission, it's illegal. Just because it's there, doesn't mean you have permission.

People leave routers open intentionally so other people can use their connection. Why would I assume they don't want me to connect? Since it is possible to secure a router, it is reasonable to assume that they don't mind me accessing it.

Their action of leaving a wireless connection broadcasting into my house with no security on it implies that they don't mind me accessing it. If they really don't want me to use it they should stop sending wireless signals into my house or secure it or set up an alert for new users on the network to tell me that I'm not allowed use the network or specify the Mac addresses that can connect to the router. If they do any of that, I have no excuse if I'm on the network. As it is, there is no protection so I don't know. They can even ask me to stop accessing the network and I'll stop because they've reqeuested me to.

Saying someone is guilty for it is like saying if your neighbour is listening to music loud enough that you can hear it then you owe the artist money for listening to their IP. I mean you could have gone into a room in the house where you can't hear it or plugged your ears or ask your neighbour to turn it down so you can't hear it but its reasonable to assume the artist and your neighbour don't mind that your overhearing the music.

It's the same as someone leaving the keys in the car and door open for someone to take. Very foolish, but that doesn't make stealing it okay.

That's not the point. However, you are taking some of the real time bandwidth, so while someone is illgally using it, it will be slower for the owner.

Not really. If they are just browsing the web and I'm just browsing the web on a 1-2Mb connection, they will notice little to no difference so it doesn't harm them in any way. It is unlikely that we will both be even using the connection at the same time, similar to how contention ratios work when signed up to any broadband supplier.

Anyway, since in most cases, the person that knows nothing about wireless security doesn't know someone is using their connection then it obviously isn't effecting them or they'd ask someone why their connection is so slow (a friend who knows about wireless, the operator, read the manual, type it into google etc..).

Moriarty

Unless you have explicit permission from the access point owner, you are breaking the law if you connect to it. Whether it's secured in any way or not is entirely irrelevant in the eyes of the law. There's a reason for that too. Connecting to other peoples networks (for whatever reason) can not be justified. It's not yours to use, so don't use it.

If you want to dream up poor excuses for yourself, work away, but it doesn't change the facts.

thebman

Moriarty wrote:

Unless you have explicit permission from the access point owner, you are breaking the law if you connect to it. Whether it's secured in any way or not is entirely irrelevant in the eyes of the law. There's a reason for that too. Connecting to other peoples networks (for whatever reason) can not be justified. It's not yours to use, so don't use it.

If you want to dream up poor excuses for yourself, work away, but it doesn't change the facts.

Then the law protects idiots at the expense of idiots and is wrong and needs to be changed.

As windows connects to non-preferred access points by default and users are too stupid to setup their security, the law has set it up so the majority of people break the law at some point or another without even knowing it. It needs reform.

Besides I pay for my broadband so I'm not trying to justify anything.

Cabaal

moved to wireless

Dankoozy

By the same law it would be illegal to ping somebody from the internet. you would need explicit permission before looking at a person's self-hosted website, or access any other public service they are running off their server.

After all you are accessing their system, using up their bandwidth for your own benefit, eating up their montly allowance and possibly slowing them down. When you are using up someone elses wifi you are doing the same thing, but in reverse. the overall effect is the same on their end.

If someone logged into my anonymous FTP and downloaded a file do I get to sue them for the bandwidth they stole from me because I was too lazy to set up a password? the FTP server doesn't even actively broadcast it's presence like an open wifi AP does

If there is any encryption or password at all involved it is a different story but if a person chooses to run a public AP, let them. but don't let them come to the gards because someone stole their precious 5kb of bandwidth

Even with the law saying what it says I highly doubt the gards would give a ****. We had knackers parked outside the gate here for months at a time, they did a lot worse than stealing bandwidth. They even took physical goods and trampled on the yard while there was nobody home and the gards did nothing about it - they just said something like "tell them to go away" and couldnt really be arsed with the problem. They would rather hide in the bushes to collect fines from people speeding so why would they jump out for some poor innocent who had a few bits of bandwidth taken from them?

Nobody in ireland has got into trouble for it yet, and if it stays like this for long enough then the law have its effect anymore. this happens to lots of laws that are no longer relevant in certain situations.

thejetset

Moriarty wrote: »

Unless you have explicit permission from the access point owner, you are breaking the law if you connect to it. Whether it's secured in any way or not is entirely irrelevant in the eyes of the law. There's a reason for that too. Connecting to other peoples networks (for whatever reason) can not be justified. It's not yours to use, so don't use it.

If you want to dream up poor excuses for yourself, work away, but it doesn't change the facts.

If that was the case we would have to stop assuming brochures were free unless explicitly marked so. We wouldn't be able to use soap in a hotel bathroom unless you were given explicit permission. That would be a ridiculous world. I leave my network open for people to use and they can connect as they like, I do make it clear on a splash page all actions are logged. The splash page does mean I give them explicit permission but how would they know until they connected? I am not dreaming up poor excuses for myself and I would love if people weren't afraid to connect to open wifi networks. If I didn't want them to use it, I would secure it. Simple as that. I know, perhaps I'll ring ahead to the library to make sure I have explicit permission to enter tomorrow!

EDIT: If I secured my network and people connected to it by hacking into it I would be annoyed but it is still not as bad as breaking and entering.

RangeR

thejetset wrote: »

If that was the case we would have to stop assuming brochures were free unless explicitly marked so. We wouldn't be able to use soap in a hotel bathroom unless you were given explicit permission. That would be a ridiculous world. I leave my network open for people to use and they can connect as they like, I do make it clear on a splash page all actions are logged. The splash page does mean I give them explicit permission but how would they know until they connected? I am not dreaming up poor excuses for myself and I would love if people weren't afraid to connect to open wifi networks. If I didn't want them to use it, I would secure it. Simple as that. I know, perhaps I'll ring ahead to the library to make sure I have explicit permission to enter tomorrow!

EDIT: If I secured my network and people connected to it by hacking into it I would be annoyed but it is still not as bad as breaking and entering.

Regardless of what YOU think or how YOU justify it for yourself, it's still illegal. It IS the, as you say, breaking and entering in the computer world.

And your point of your open wifi doesn't hold water. For those people that know how to make their wifi open with a splash screen.... They know what they are doing and usually name their hotspot accordingly.

Most hotspots that are "open" by accident usually have their default AP name [NETGEAR, LINKSYS, EIRCOM9768723 etc.]. To be honest, you can nearly always tell if a hotspot if a legitimate open spot or not.

Moriarty said it best, so I'll quote him, "If you want to dream up poor excuses for yourself, work away, but it doesn't change the facts.". It's breaking the law.

syklops

First off, slightyl OT, I had the great pleasure, last year of meeting the person who brought about the introduction of the Computer Misuse Act 1984(HMG).
And when I said brought it about I dont mean helped pass the act....

Anyhoo, IrishLTR has made some very valid points. Irish Law is very vague on this topic, however sentences in Ireland for computer crime is one of the strictest in europe. I don't have the figures to hand, but if you get convicted of computer crime in Ireland, you can pretty much bank on about 10 years inside. In this crazy world we live in, you will spend less time in prison for murdering someone then you will for hacking offenses. That is not the end of it though, for computer crimes against government systems, whatever it may be, can be classed as treason, and until 1990 still carried the Death Penalty. Now the sentencing for treason, carries a sentence no less than 40 years.

If you are in a hospital/library/Airport, and use their internet without permission, it can be classed as treason, as it is a government system, and as a result of people not generally understanding the ins and outs of the technology, a judge will most likely stick to the laws that are there rather than use his own common sense when deciding verdict.

Until a law comes in that leaves the responsibility up to the network owner, I would avoid using any access points other than your own. However for me, the reason I choose not to use open AP's is due to my own security rather than theirs. That open AP you find may have a packet sniffer connected to it, and it could be saving all your usernames and passwords, banking information, credit card information, and personal information, while you surf for free.