Glen T
join:2003-11-03
BC | reply to Anav
Re: Hiding unsecured wireless networks
Interesting idea, but it is kind of a moving target. At any given time I've seen two or three default routers within range. One client of mine who is in a commercial/condo complex sees 10 different different stations, 5 of which are unsecured. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| reply to Glen T
Probably already mentionned but why not setup another WIFI Router or AP in your house (but out of sight) set to the same SSID name and channel as the neigbour. It should cause enough interference within your house to disrupt their usage of the 'other circuit". The AP need not actually be connected to anything after being setup (WAN WISE or LAN WISE).
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"LlamaWorks Equipment |
|
Glen T
join:2003-11-03
BC
| reply to The OneTrue_glenn
said by The OneTrue_glenn:
My solution is, make them go to the neighbor's house and inform them that their network is unsecured, and help them correct it.
Had you read all the postings on this topic, your would have noticed that this suggestion was made and that it is not practical because we would have to go door to door (maybe 50 condos within range) to locate the unsecured networks. Likely, the people who own these networks wouldn't know what you are talking about (that's why the routers are set to defaults in the first place). They wouldn't know what an SSID is, so they wouldn't know what their's is.
Given other threads on this forum, would you walk around the neighborhood with your laptop in plain view, with the possibility that someone could call the police and subsequently charge you with trying to log onto their private network?
Assuming that one did eventually find the correct "Linksys" and "Default" stations, would you let a complete stranger into your home and let them look at your computer because he/she claimed that it was not set up correctly??? |
|
The OneTrue_glenn
@dslextreme.com
| reply to Anav
My solution is, make them go to the neighbor's house and inform them that their network is unsecured, and help them correct it.
Social solution is best, because, face it, your kids are much more likely to be able to counter any technological fix you apply, than you are to be able to prevent them from circumventing it.
You don't want to play a game of 'spy vs spy' with your kids, because they will win. Insist on your parental authority and their respect of your wishes. Otherwise you will end up with kids on a leash, and straining to break the leash.
 |
|
Glen T
join:2003-11-03
BC
1 edit | reply to danielhaden
Wow. Definitely sounds like the kind of thing that I'm looking for. Will check it out. Thanks for the heads-up. 
Edit:
Sadly, it begins to look like these aren't available north of the 49th. I'll keep my eyes open, though.  |
|
danielhaden
join:2005-07-24
Sedan, KS
1 edit | reply to Glen T
$45 Edimax, Jaht
client/AP/Repeater/all-in-one
$65 Hawking
client/AP
(all are the same Marvell based multi-purpose unit)
This small commercial AP can be set to client mode.
It offers WEP and WPA. I have the Edimax EW7203APG.
You plug it into the client computer by a short (you'll need one) ethernet patch cable. It sits atop the computer and has a short antenna. It works much like the similar-looking USB client devices.
There's one big difference:
Settings on associated network are internal (well-protected inside the $45 box) and cannot be changed without the password.
Upon setup, you initially set the PC to IP 192.168.2.whatever, and then change the client/ap's IP address to the same scheme as used by your home network.
Re-set the PC to automatic IP.
Log back into the client/ap with the IP address you just gave it.
It is probably necessary to either provide the Cient/AP a fixed IP address (if your home wireless router has this provision/feature) or
I just assigned mine outside of the DHCP range of my wireless router. My dumb Netgear automatically assigns IP from 192.168.0.2 through 192.168.0.50 so I set the Edimax client/AP on 51.
You set an internal password inside the client/AP.
Yes you do! Set the password. This will keep the kids from changing the internal settings.
Next, go to "client mode" and punch up site survey.
Associate with your home router.
Save settings.
You're done.
As you can see now, there is no way that this device will possibly associate with any other network but yours.
*WPA is very good at securing your network because it won't route easily. If possible, switch to WPA before you start.
*This small device works just like you ran a cord all the way, but you didn't have to run the cord. 
*I can't believe I read through 4 pages of opinions that do not answer your question. While not a direct answer, my solution will keep all other networks from appearing in windows. Maybe it was the 4 long pages of crap that stirred me into answering? It seems that it was useful after all.
Have fun!
*Those little AP's are "slightly" deaf, but pack a transmit punch that will carry for a good city block. Don't believe me: Put your thumb onto the antenna mount for a quick and very hot sensation of just how much power comes out.
Do set an admin password other than 1234 (it comes with 1234).
*If you have disconnects (and this is very unlikely) a $20 panel-type antenna can be added, or one of those 9dbi R-SMA replacement antennas from E-bay will do the job just fine. I would not expect trouble in AP mode till about 150' or client mode for about 90' distance indoors.
*If you should happen to use a casefull to cover a large building (as intended), plug them all into hubs (shared collision), not switches because hubs do fast roaming and switches cause drop-out. "String" the AP units along in order of ch3, ch7, ch11, 3,7,11 until you run out of building to cover. Anyway, that's what they're actually made for. Well, that and pesky teenagers.
*I got mine from newegg.com.
cheers!
EDIT:
If you have trouble setting it up in client mode then just set it up in AP mode exactly the same as your existing wireless router. Next, switch it to client mode. Press "Apply" and then associate it (site survey button) with your existing wireless router.
When using WPA, you will need one unit per client computer because WPA does not route easily.
Judy, webmaster of Edimax, has a good on-line tutorial in the FAQ, but setup shouldn't take longer than five minutes anyway. |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
1 edit | reply to Glen T
My Mistake ... Edit removed content. |
|
Symtex
join:2005-04-06
Verdun, QC
| reply to Glen T
Glen T : All I have read is good people trying to help you resolve but you are only looking for 1 type of answer. You are focusing on the problem instead of focusing on the solution.
Windows XP Zeroless configuration has very limited option and by given your kids administrive rights to your Windows XP machine, they can undo everything you block. Instead of putting a plaster on a infected wound, you try to cure it from the source. How hard is it to go knock on your neighbors doors and offer them to secure their network ? I mean you are informing him of the security breach he might have with his setup. You would be offering a good deed to the community. Unless you like to access your neighbors AP from time to time to do illegal activities. j/k |
|
Glen T
join:2003-11-03
BC
| reply to WLiley
****
Having scanned thru the many posts here, I offer apologies if this has been already covered.
And with all due respect, this is not advice on parenting. But this is just another example of expecting technology to solve a human behavior problem.
****
I'll try to explain again. I am interested in hiding unsecured wireless networks at the wireless client in a larger context based on the premise that if a user is unaware of the existence of such networks, then they cannot / will not connect to them.
Yes, of course, once the cat is out of the bag, once the genie is out of the bottle, you cannot put it back. However, in the context of a small, unmanaged, wireless network, such as the small business one I mentioned later, I would, by default, enable such an option as hiding unsecured networks if I was setting up such a network and if such an option existed.
Once again, I'm interested in the general issue of hiding unsecured wireless networks at the client -- not making them inaccessible, which is a different issue and considerably more complex.
Thanks, again, to everyone who offered alternative solutions. |
|
WLiley
Woodman
Premium
join:2000-12-01
Grand Blanc, MI
clubs:  
| reply to Glen T
said by Glen T  :With all due respect, I don't really need parenting advice. This was a technical question. Having scanned thru the many posts here, I offer apologies if this has been already covered.
And with all due respect, this is not advice on parenting. But this is just another example of expecting technology to solve a human behavior problem.
All the great suggestions have come with a "if your kids are sharp/smart they can bypass this..." So much for technological solutions.
Bottom line is this - you set forth your expectations. When those expectations are not met, you penalize them.
I'd decommission their pc's before I'd reside in letting people in my household that I expect to be accountable for thier own actions and responsible to me - knowingly defy rules I have set forth.
--
Team Z Member"The Edge... there is no honest way to explain it because the only people who really know where it is are the ones who have gone over." Hunter S. Thompson |
|
jpg366
join:2004-04-09
Humble, TX
 ·RoadRunner Cable
·Mediacom
 ·AT&T Southeast
| reply to Glen T
Put a software firewall on each PC. Say, ZoneAlarm Free. Set up your own network with a non-default IP range (eg. NOT 192.168.1.x for a linksys. Use something like 192.168.99.x) then allow only your network in the firewall. Put in the default ranges for the other networks (192.168.1.x for linksys, 192.168.2.x for belkin, etc, whatever is assigned by your unsecured neighbors' networks) and block those completely. Then password protect the firewall admin.
No need to hide the networks. The kids might be able to make radio contact, but no data will flow either way. |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
1 edit | reply to funchords
said by funchords :said by DaDogs : Hence the "winkie" implying that since they are set at the defaults *YOU* could go in and configure them to not allow access from your MAC address. Once you have done that you won't be able to get back to the device to reconfigure it to allow your MAC addresses access. Problem solved. That's brilliant! You are leaving your fingerprint at the scene of the so-called crime without so much as an explanation, but if the AP owner doesn't have a clue, he might not know what to do with it. ;)
They don't track devices by MAC address at the point of sale. Therefore someone would have to sniff your MAC off of the ether to prove that the MAC address was even in use in the area. Then they would have to find the house (not all that hard). Then they would need a subpoena which would mean they would need a chargeable offense. Now we are talking about something most DAs would definately want to avoid because he would still have to prove it was YOU that put the MAC address in your neighbors AP. Why would ANYONE fix their neighbor's AP so that they CAN'T steal service?
Kinda like locking the neighbor's front door so the kids can't go into their house to play.
Lol... Yep. Nobody is ever going to be tried on that one.
--
»www.freeantennas.com |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
 ·Skype
| reply to DaDogs
said by DaDogs : Hence the "winkie" implying that since they are set at the defaults *YOU* could go in and configure them to not allow access from your MAC address. Once you have done that you won't be able to get back to the device to reconfigure it to allow your MAC addresses access. Problem solved. That's brilliant!
You are leaving your fingerprint at the scene of the so-called crime without so much as an explanation, but if the AP owner doesn't have a clue, he might not know what to do with it.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA |
|
Glen T
join:2003-11-03
BC
| reply to DaDogs
My sentiments are with you, DaDogs.
Hey, I don't mind crusading a bit here. I figure if enough industry people read this, maybe we can influence them a bit. It's worth a try and doesn't cost anything. |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
1 edit | reply to Glen T
said by Glen T :***** If your neighbors APs rejected your MAC addresses, would that help? ***** It would, but it requires some action on the part of the neighbor. Hence the "winkie" implying that since they are set at the defaults *YOU* could go in and configure them to not allow access from your MAC address. Once you have done that you won't be able to get back to the device to reconfigure it to allow your MAC addresses access. Problem solved. I do believe you should leave them otherwise unchanged and I do understand that you would be doing something which many people would say was hacking .... but beating the kids is out so ....
said by Glen T :My opinion is that many people purchase wireless routers, plug them in, and use them with default settings because they work that way out of the box. Perfectly reasonable assumption and perfectly reasonable behaviour.
said by Glen T :Further, I know of people who have purchased a wireless router to use NAT firewall features (even though they only have one computer) or they have two computers sharing an Internet connection -- in both cases hardwired. Many (most) wireless routers available at retail include 4 wired ports. They are about the same price as hardwired routers alone, which are increasingly hard to find at retail stores. They might buy a wireless router thinking they might use wireless later when they get a new computer (I did). These people may not even be aware that they are running an active wireless station. They are simply using it as a wired router. In fact, they would have no way of knowing it. OK, so ... ?
said by Glen T :To me, these are arguments why manufacturers should a) not enable wireless functions by default, and b) include a setup wizard that you must run to choose to activate the wireless features and offer to walk you through the option of setting up security -- before it starts working. While I agree with your argument and I hate to be the one to point it out, this is not going to happen. If it were going to happen, it would have already happened. As a very early adopter of wireless I carried this flag quite some while before I gave up.
The vendors are in this business to make money, not to secure people's networks. While you and I may feel they have a moral responsibility not to harm a network by making it less secure when their device is installed, they apparently do not have a legal responsibility.
I'm not sure why it works that way, but Microsoft would be the first example of "shipping an unsecure system by default and getting away with it for twenty years" that I would point out to you.
I have come full circle WRT open access points which are set to completely default factory conditions. At one time I would try to notify the owner's but there is always the risk that they will demonstrate a very hostile attitude about the fact that you know how to intercept their wireless traffic. Don't make the mistake of pointing out to someone (like a doctor) who has a LEGAL responsibility to secure the information on their network, that their network is spraying all sorts of privacy act information out onto the street.
No, I handle things much differently now. If I find a network which is *obviously* unsecure and processing information which I know should be protected, I turn on encryption, change the password and ssid, and lock the damn thing down so that they can't use it without a reset. Then I drive away. When they figure out what is wrong with their network, they will have learned enough to secure it. Until that time, they are like a five year old with a loaded handgun and what adult would not gently remove a handgun from a five year old?
Just my two ... Kindly refrain from the flames ... I am not recommending this course to anyone else.
--
»www.freeantennas.com |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| reply to Glen T
said by Glen T :I did that with my nextdoor neighbor, but beyond that it gets hard to figure out who is who. The only thing you have to go on is signal strength. If you live in an urban high-density area it would be pretty difficult -- unless you're into meeting people. Pickup line: "Hi. Do you have a wireless router I could borrow for a few minutes?" Some wireless network adapter software show MAC addresses. You can use that too if you know your MAC address.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
Glen T
join:2003-11-03
BC
| reply to JoeR
I did that with my nextdoor neighbor, but beyond that it gets hard to figure out who is who. The only thing you have to go on is signal strength. If you live in an urban high-density area it would be pretty difficult -- unless you're into meeting people.
Pickup line: "Hi. Do you have a wireless router I could borrow for a few minutes?" |
|
JoeR
Dude?
join:2001-06-01
Norfolk, VA
| reply to Glen T
Some time ago I discoverd that my next door neighbor had gotten a Linky WRT54G set to the defaults. Occassionally I would accidentally associate to it.
Being good friends, I simply told them that I would hack their computers and upon booting in the very near future they would find that their wallpaper would be transformed into a picture of ME. 
That was plenty of incentive to secure their router!
--
The truth is out there... well, maybe not here.. |
|
Glen T
join:2003-11-03
BC
| reply to DaDogs
*****
If your neighbors APs rejected your MAC addresses, would that help?
*****
It would, but it requires some action on the part of the neighbor.
My opinion is that many people purchase wireless routers, plug them in, and use them with default settings because they work that way out of the box.
Further, I know of people who have purchased a wireless router to use NAT firewall features (even though they only have one computer) or they have two computers sharing an Internet connection -- in both cases hardwired. Many (most) wireless routers available at retail include 4 wired ports. They are about the same price as hardwired routers alone, which are increasingly hard to find at retail stores. They might buy a wireless router thinking they might use wireless later when they get a new computer (I did).
These people may not even be aware that they are running an active wireless station. They are simply using it as a wired router. In fact, they would have no way of knowing it.
To me, these are arguments why manufacturers should a) not enable wireless functions by default, and b) include a setup wizard that you must run to choose to activate the wireless features and offer to walk you through the option of setting up security -- before it starts working. |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
| reply to Glen T
Your neighbors won't secure their AP's.
Your neighbors are using default passwords.
If your neighbors APs rejected your MAC addresses, would that help?
--
»www.freeantennas.com |
|
