Glen T
join:2003-11-03
BC
| reply to SoonerAl
Re: Hiding unsecured wireless networks
Thanks to all who contributed their ideas to this discussion.
A few parting comments:
I never saw this as a security issue from my end. I brought this discussion to this forum because there is more expertise in this area.
From what I can gather from this discussion, the specific configuration/hack/switch that I was looking for does not exist within the limits of Windows XP configuration.
These kids are by no means hackers. They just used the helpful Windows tools available to them to locate a new connection when their's went off.
The 'real' problem is the availability of my neighbor's unsecured networks. However, these people can't exactly be faulted for bringing home a wireless router from Best Buy, plugging it in, following instructions and using it in its default state.
Ultimately, the fault lies with the vendors who don't make security setup a mandatory part of the wireless setup process IMHO.
Point taken on the admin. login.
As to whether it is "illegal" to log onto an unsecured wireless station using the unchanged default password, well, in my neighborhood you can actually do it by accident -- what with all the default SSIDs. |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| Sorry but I must disagree with you as to the manufacture of the equipment not making it mandatory to change the settings on the router or WAP. If that was the case I wouldn't buy that type of equipment. All they should do is supply the features and tools to do so. Ultimately it is your responsibility to secure your network NOT the makers of the equipment. And to go along with that it is your responsibility as a parent to do the same with your children, not to blame a hardware manufacturer or your neighbor for your problems.
--
Shooter Ready--Stand By BEEP ******** |
|
Birds
join:2004-10-23
2 edits | reply to Glen T
I agree with Shootist. There is a moral issue at the center here regardless of how many unsecured routers are near by. Security wouldn't be needed if our neighbors didn't "borrow" or eavesdrop.
If a neighbor were to leave their car unlocked and the keys in visor, that doesn't make it a "free" car. Your kids would be stealing if they used it without permission.
Your kids are knowingly connecting to someone elses network because they can't use yours. You don't pay for that connection. How is that not stealing? |
|
No_Strings
Premium,Mod
join:2001-11-22
The OC
Host:
Wireless Networking
All Things Unix
Cox HSI
Qwest
Efficient
| reply to Glen T
Come on, guys. He has that part under control.
said by Glen T  :With all due respect, I don't really need parenting advice. He wants a quick, painless fix without a lot of heavy lifting or a sermon about spoiled brat kids. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK |  reply to Glen T
I would be curious to hear about your final solution...
Good luck with whatever you decide to do...:)
--
"When all else fails, read the instructions..." |
|
Birds
join:2004-10-23
1 edit | reply to No_Strings
said by No_Strings :Come on, guys. He has that part under control. said by Glen T :With all due respect, I don't really need parenting advice. My apologies. Missed that point.
Haven't seen any quick and easy solutions that don't require administration/configuration/controls at some level or in some fashion. |
|
Glen T
join:2003-11-03
BC
| Well, this just seemed to me to be an obvious omission on the part of MS.
****
Sorry but I must disagree with you as to the manufacture of the equipment not making it mandatory to change the settings on the router or WAP. If that was the case I wouldn't buy that type of equipment.
****
I agree with Shootist. There is a moral issue at the center here regardless of how many unsecured routers are near by. Security wouldn't be needed if our neighbors didn't "borrow" or eavesdrop.
If a neighbor were to leave their car unlocked and the keys in visor, that doesn't make it a "free" car. Your kids would be stealing if they used it without permission.
****
This would appear to be a strange position to take on a "security" forum. I think you are forgetting that the technology effectively hides this issue. To most people, this would appear to be no different than changing channels on your cordless phone to get a better signal.
*Honestly* you can do this without even realizing it. When I first got a wireless router, I ended up connected to my next-door neighbor's WAP purely by accident. Both Linksys, same model (I have since set up security for him).
I am only suggesting that the router should be configured out of the box to not work if you just plug it in. You should have to run a wizard during first-time setup that offers you the OPTION of setting up security -- and something that will walk you through it if you agree.
My solution? I think I'll just set up some kind of logging on the network and tell the kids if they do log onto to someone elses network, that I will know and they will consequently lose access to the Internet for a week. School's almost over anyway. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| said by Glen T :This would appear to be a strange position to take on a "security" forum. I think you are forgetting that the technology effectively hides this issue. To most people, this would appear to be no different than changing channels on your cordless phone to get a better signal. My solution? I think I'll just set up some kind of logging on the network and tell the kids if they do log onto to someone elses network, that I will know and they will consequently lose access to the Internet for a week. School's almost over anyway. Consider that if the 'stealing party' started downloading kiddie porn, whose door would the FBI come knocking down. Its serious chit, whether you want to admit it or not!!
Glad to see that the parental advice you didn't seem to want, is really the solution afterall 
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"LlamaWorks Equipment |
|
Glen T
join:2003-11-03
BC
| *****
Glad to see that the parental advice you didn't seem to want, is really the solution afterall
*****
Actually, it is not the solution, but it will have to do for now.
I am interested in the larger issue of how to hide unsecured wireless networks at the client end because I'm sure I'll run into this issue again in my travels.
I understand the issue around using someone else's ISP. The point that I'm trying to make -- that no one is picking up on -- is this: the vast majority of people I have met who have unsecured wireless networks or who use other people's wireless networks are a)completely oblivious to the technical issues and/or b)unaware of the moral issues.
There have been well-publicized accounts in local papers here of people setting up their own hotspots -- particularly around universities. These are usually students who set up large antennas and boost their Linksys routers power output with alternative firmware. We do have DSL ISPs here who do not enforce traffic limits, so this is quite easy to do this with a home broadband account. Their philosophy is that Internet access should be free for everyone.
I'm not endorsing this -- not even close. If I was, I'd cancel my ISP and use my neighbor's and save $600 a year. My point is that the general public is getting mixed messages about wireless usage. Is it any wonder that there is a lot of confusion out there?
Here is the kind of issue that I'd be concerned about if I was a security professional (which I'm not): what if someone set up a 'free' hotspot around a university dorm, then used a sniffer to monitor traffic and grab charge card numbers etc? Who would be at fault -- the kids that used the 'free' unsecured connection?
This was never actually about my kids. This was a technical question that interested me professionally. And for those of you who made unwarranted comments about the character of my children, if you met them, you would then know how foolish you've been.
Next time, I won't provide so much 'context'. |
|
jaa
Premium,MVM
join:2000-06-13
 ·Optimum Online
 ·Vonage
| The reality is a lot of theoretical chatter about the lack of security and privacy on unsecured wireless and hotspots. While perhaps interesting from an intellectual perspective, from a practical perspective it is just chatter. I have yet to see even ONE instance of someone having passwords or other sensitive information stolen through unsecured wireless. Phishing the www is much more productive for this purpose than capturing packets from some silly hotspot in East Podunk.
Sharing a broadband connection through wireless is technically a contract issue between the provider and subscriber.
The original poster asked that this not be a discussion on proper parenting, but rather a discussion on the technology. Therefore the is no reason to divert into the moral issues concerning connecting to unsecured wireless networks without permission or providing open wireless access to one's broadband connection.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
aeiouy
join:2004-08-05
Fort Worth, TX
| reply to Glen T
The problem is you posed a specific problem and people were offering you alternative solutions. You didn't actually want a solution to your problem, you just wanted to know a specific piece of information.
So from that standpoint you are 100% right you should not have offered so much context, because it is second nature for most people to provide potential solutions to someone who poses a problem or dilema. People thought they were being helpful by trying to assist you with your problem.
I think you could have been a bit more gracious about the whole thing, myself. There was a lot of good advice in here to help you with your problem, presented with no malice at all. But you were dismissive and rude.
Good to see you take responsibility for misframing your initial query. |
|
Glen T
join:2003-11-03
BC
| said by aeiouy : ...presented with no malice at all. "...time for a meeting with the "board of education" and their bottoms"
"Your kids would be stealing..."
"...spoiled brat kids"
Maybe just a little malice?
Sorry I lost patience. I just thought the discussion got sidetracked from the original question despite my best efforts to steer it back.
Obviously, there is no easy solution. However, I sure did find another situation similar to my own just this past week.
Client had me setting up a wireless network for a small business in multi-use commercial/condo (you can live where you work). There were no fewer than 10 wireless networks within range of the their comps.
Overlapping frequencies kept bumping their computers off the station. Within an hour two of my client's users were hooked up to other people's networks -- before we even had a chance to try alternative channels. Their SSID kept disappearing, so they just hooked up to another one named "linksys".
Half of the 10 networks in that building/block are not secured in any way. It would really be useful to have an easy way of hiding the non-secured networks. |
|
claudeo
join:2000-02-23
Redmond, WA
| reply to Glen T
Having accidentally used a neighbor's unsecured network when I thought I was connected to my own network, I can sympathize with those who have the problem. On the other hand, I recently bought a ThinkPad laptop that comes with network connection software that will not connect to "ANY". Unlike many wireless config utilities from Orinoco, Airlink+, Belkin, Linksys, etc., the IBM Access Connection software will only connect to APs by a specific SSID name according to one of the specified profiles. The software has some features that are mildly annoying to someone used to unrestricted roaming, but on the other hand it is very effective at preventing accidental connection to a network you don't want, and it looks like it can be administratively secured to prevent "normal" users from overriding it. I don't know whether something like it is available anywhere else than on ThinkPads though. |
|
Glen T
join:2003-11-03
BC | Sure wish that Microsoft would consider adopting this philosophy in their Wireless Connection wizard -- at least as an administrative option. |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| said by Glen T :Sure wish that Microsoft would consider adopting this philosophy in their Wireless Connection wizard -- at least as an administrative option. I totally agree. There should be a feature to stop any connections to other wireless networks other than the ONES you specify.
--
Shooter Ready--Stand By BEEP ******** |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
| reply to Glen T
Your neighbors won't secure their AP's.
Your neighbors are using default passwords.
If your neighbors APs rejected your MAC addresses, would that help?
--
»www.freeantennas.com |
|
Glen T
join:2003-11-03
BC
| *****
If your neighbors APs rejected your MAC addresses, would that help?
*****
It would, but it requires some action on the part of the neighbor.
My opinion is that many people purchase wireless routers, plug them in, and use them with default settings because they work that way out of the box.
Further, I know of people who have purchased a wireless router to use NAT firewall features (even though they only have one computer) or they have two computers sharing an Internet connection -- in both cases hardwired. Many (most) wireless routers available at retail include 4 wired ports. They are about the same price as hardwired routers alone, which are increasingly hard to find at retail stores. They might buy a wireless router thinking they might use wireless later when they get a new computer (I did).
These people may not even be aware that they are running an active wireless station. They are simply using it as a wired router. In fact, they would have no way of knowing it.
To me, these are arguments why manufacturers should a) not enable wireless functions by default, and b) include a setup wizard that you must run to choose to activate the wireless features and offer to walk you through the option of setting up security -- before it starts working. |
|
JoeR
Dude?
join:2001-06-01
Norfolk, VA
| reply to Glen T
Some time ago I discoverd that my next door neighbor had gotten a Linky WRT54G set to the defaults. Occassionally I would accidentally associate to it.
Being good friends, I simply told them that I would hack their computers and upon booting in the very near future they would find that their wallpaper would be transformed into a picture of ME. 
That was plenty of incentive to secure their router!
--
The truth is out there... well, maybe not here.. |
|
Glen T
join:2003-11-03
BC
| I did that with my nextdoor neighbor, but beyond that it gets hard to figure out who is who. The only thing you have to go on is signal strength. If you live in an urban high-density area it would be pretty difficult -- unless you're into meeting people.
Pickup line: "Hi. Do you have a wireless router I could borrow for a few minutes?" |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by Glen T :I did that with my nextdoor neighbor, but beyond that it gets hard to figure out who is who. The only thing you have to go on is signal strength. If you live in an urban high-density area it would be pretty difficult -- unless you're into meeting people. Pickup line: "Hi. Do you have a wireless router I could borrow for a few minutes?" Some wireless network adapter software show MAC addresses. You can use that too if you know your MAC address.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
