Legality of open wifi

nudist

I have a wireless problem. Some of the devices i want to connect to my wireless dont support wpa at all so in order for them to connect i have to create a second ssid connection with no encryption. If someone abuses this connection where do i stand legally?

TheReverend

nudist wrote: »

I have a wireless problem. Some of the devices i want to connect to my wireless dont support wpa at all so in order for them to connect i have to create a second ssid connection with no encryption. If someone abuses this connection where do i stand legally?

As far as I know its your connection so your problem, can you not set the encryption to WEP?

L31mr0d

Using WEP is about as effective as using a paper umbrella against rain. It can be cracked in minutes depending on your network traffic, and doesn't require the cracker to even have the slightest bit of technical knowledge. Google "WEP crack" for proof.

OP, these certainly won't stop the average cracker, but they'll stop the common wifi user who connects to your open network by mistake.

Turn off DHCP and assign each of your devices an IP address, then limit your IP pool to only those addresses. You should be able to filter by MAC addresses also.

After your devices have connected to the wifi, disable your SSID broadcast so that no further devices can see it.

As I said, a cracker can easily get around these, but at least you'll have filtered out the majority of people who will be connecting to your open network by mistake.

TheReverend

L31mr0d wrote: »

Using WEP is about as effective as using a paper umbrella against rain. It can be cracked in minutes depending on your network traffic, and doesn't require the cracker to even have the slightest bit of technical knowledge. Google "WEP crack" for proof.

OP, these certainly won't stop the average cracker, but they'll stop the common wifi user who connects to your open network by mistake.

Turn off DHCP and assign each of your devices an IP address, then limit your IP pool to only those addresses. You should be able to filter by MAC addresses also.

After your devices have connected to the wifi, disable your SSID broadcast so that no further devices can see it.

As I said, a cracker can easily get around these, but at least you'll have filtered out the majority of people who will be connecting to your open network by mistake.

However using WEP at least ads security and if someone cracks it ans does something illegal it isnt really the router owners fault

homer911

L31mr0d wrote: »

You should be able to filter by MAC addresses also.

+1 I happened to be doing this myself last night - a very simple change and locks your router to access from these wireless devices only

L31mr0d wrote: »

After your devices have connected to the wifi, disable your SSID broadcast so that no further devices can see it.

+1 You could also rename the SSID after you stop broadcasting it and then manually add the devices you only want to have access to your router - another way to stop devices with existing access from having continued access

vibe666

WEP is very easy to crack as L31mr0d has already said, but the thing to note is that people will need to be maliciously trying to do it, whereas an open wifi network is prone to getting used by all your neighbours regardless. there are a lot of people out there who wouldn't even think of looking to crack WEP that wouldn't think twice about hopping on to a totally open network for a bit of pr0n surfing or downloading so you are just as open to a 10 year old on an ipod touch as a wardriver.

MAC filtering is another good layer of protection, but it's not much harder to sniff WEP encrypted packets to find a valid MAC and then spoof it, so as with WEP it'll stop casual wifi hopper, but not someone with real intent. add to this by assigning static IP's and limiting the number of client IP's to the actual number of clients you have. again, a tiny bit more security but altho not much, it all helps.

same again with turning off broadcasts.

also consider turning down your radio transmit power to something that is plenty enough for you in your house, but isn't going to be visible down the road. if someone has to be right outside your door to pick up a signal, they are more likely to be noticed.

as wifi stands now, nothing is going to be 100% bulletproof but you can make it as awkward as possible to get in to make it more likely that someone will pick a weaker target. just another example of survival of the fittest.

Nollog

vibe666 wrote: »

MAC filtering is another good layer of protection, but it's not much harder to sniff WEP encrypted packets to find a valid MAC and then spoof it

It's actually a prerequisite in most cases.

L31mr0d's method is the best.
If I want to use my ds for example I have a spare router with pretty much the same setup as what he's said.
My setup involves a single IP, so there's no possible way for someone else to connect without kicking me off, and I went outside with my laptop the first time to fine-tune the transmitting power as vibe said.

the_syco

TheReverend wrote: »

However using WEP at least ads security and if someone cracks it ans does something illegal it isnt really the router owners fault

It is. The router owner will just have a harder time proving it wasn't he who committed the crime, as his network was "password protected".

=-=

Rename your SSID to something different, and don't use your default password. A hacker will see any block a challenge, but the ordinary Joe will see a block, and look elsewhere.

=-=

Could you say what devices you are using, so that can see if there is any workaround for them using WPA?

vibe666

you could just rename your SSID to "GardaHoneyTrap1". :pac:

Naikon

Basically, you should not even have a wireless access point if it does not support at least WPA-PSK or similar. Turn of active SSID broadcasting and simply connect when required. Oh, and if you access key does not look something like the following, please throw yourself against a wall:

!?$?%^&*( ): 23XydZF5;@3__UIO45~6564PzZ_2# |/

@Syco, you could also have some fun with people who break into your network.
A VLAN'ed DMZ might be good eitherway: http://www.ex-parrot.com/pete/upside-down-ternet.html

vibe666

Naikon wrote: »

Basically, you should not even have a wireless access point if it does not support at least WPA-PSK or similar. Turn of active SSID broadcasting and simply connect when required. Oh, and if you access key does not look something like the following, please throw yourself against a wall:

!?$?%^&*( ): 23XydZF5;@3__UIO45~6564PzZ_2# |/

@Syco, you could also have some fun with people who break into your network.
A VLAN'ed DMZ might be good eitherway: http://www.ex-parrot.com/pete/upside-down-ternet.html

i think the OP's problem is that he has some devices that don't support WPA, not that his AP doesn't.

without replacing the devices themselves with newer models (assuming they are available) there's no way to fix that and altho a new wireless NIC for a PC or laptop is going to be peanuts, it can get pretty expensive with other devices depending on what exactly you're replacing.

oh, and if you're stuck for random passwords, steve gibson has a handy random password generator here: https://www.grc.com/passwords.htm

as for turning your wifi frown (and internet) upside down, there's several simple tools out there that will packet sniff your own network to allow you to do facebook, email & forum hijacking of someone who uses your wifi, so if you were so inclined you could do all sorts of damage to someone using your wifi.

this is a warning to others as much as anything and neither I nor boards.ie would condone someone actually doing this, you just need to be aware that "free public wifi" hotspots will usually mean "i'm going to FB rape you and steal your email account etc."

nudist

Thanks for all the posts but basically some gaming consoles i have wont connect using wpa. I could use wep but since wep as already mentioned is not secure i might as well have no security on the connection as all.

Legally speaking if someone uses the connection for something illegal-spamming, hacking, child porn etc what can happen to me?

All i want to do is play games online!!!

the_syco

Naikon wrote: »

@Syco, you could also have some fun with people who break into your network.
A VLAN'ed DMZ might be good eitherway: http://www.ex-parrot.com/pete/upside-down-ternet.html

That's friggin' awesome. Nearly to the point where I'd leave a low speed port open if for nothing but to f**k with the neighbours

vibe666

nudist wrote: »

I could use wep but since wep as already mentioned is not secure i might as well have no security on the connection as all.

yes, WEP is far from 100% secure but it IS better than having no security at all.

if you have WEP enabled and someone with a little bit of knowledge wants to crack it, they can do and it takes very little time or effort, but it does take *some* time and effort and a little knowledge.

having NO security at all means that anyone that can see your wifi network can connect to it and it is actually actively advertising the fact that it is unsecured.

think of WEP as closing your front door. sure, it's not going to stop someone from coming up your front path and opening it and coming in if its not locked, but it at least appears to be locked to the casual observer walking past.

having no security at all is like leaving your front door wide open with a sign on the lawn saying please come in and help yourselves.

if you have no other options but to use WEP or nothing then for gods sake at least use that.

what happens when one of your neighbours starts using your connection to download kiddy pr0n or starts making bomb threats to people or something like that and you get a knock at your door from the garda?