ChefDude

Each time I switch on my laptop, there are at least 3 "unsecured wireless networks" in my range.

I connected to one to see if i could. i could. i then disconnected. it is stealing after all.

what do you do?

in fact if you 'steal' other people's bandwidth, how do you protect yourself?
on your own wifi network setup, how do you 'secure' it?

jaytc2003

iTrader: (1)

if you access other peoples networks, have a bit of fun by changing their router settings. Chances are the username and password are still at default. Then set up wep or wpa so that they cannot access it!!!

(obviously do this at your own risk as this could be classed as hacking )

spectrum48k

I reckon its RIFE all over the place. People just aren't informed enough to lock down their routers. You see all this fancy advertising by the ISP's about their latest wireless products, but I bet very few focus on security.

Assuming joe public does try and secure the router, they'll probably use WEP - which, as we know, is as much use as a chocolate fire guard.

Apparently a lot of businesses use cr*p security on their wireless too.

jaytc2003

iTrader: (1)

out of interest why is wep cr@p?

I use wep, but I also have mac ids locked in my router so only the macs that I specifiy can access the internet.

NickAdams

iTrader: (5)

I walked up our road with Wififofum on my pda and found 7 wireless lans,3 of which weren't secured.Lucky for me,my neighbour hasn't got his wireless lan secured and his router username and password are still set to the defaults......



For now

spectrum48k

do a search on google and you'll be able to find a hack tool that will defeat WEP pretty easily.

a mate of mine, who works for a certain 3 lettered computer company, is issued with said hack tool so he can effortlessly get into client's LANs.

Locking the MAC addresses down is a good move though.

ScoobyDoo555

Apparently it can be done quite easily

Again, Wififofum is a great little package!!

Dan

Markus

I can see three to five networks when I have a look under my airport menu. Some of them have a password requirement to access them, others do not. Some of them have the name of "Default" or "D-Link", and no security. So it seems someone has just got a wireless router/access point and connected it up and done nothing else with it.

Out of curiousity I did try connecting to unsecured networks, and found that I could obtain the gateway address, pop that into my browser and be prompted to login to the wireless router. A quick search on the internet gave me the default username and passwords for the routers (the authentication dialog listed the product model) and I was able to connect and could have reconfigured things had I wished to.

I've got my own internet connection, so have no desire to steal someone elses. If I were to decide to do that then I'd probably look at software that could mask/change the MAC Address and network name of my computer.

I also have my own wireless network, an Airport Extreme Base Station and an Airport Express. I have them secured by using a WPA Personal password. A WEP password would probably be ok in my case as I work from home, so I doubt there would be too many people trying to hack the connection, however, I chose WPA just in case .

I *do* have my network name visible, though I could if I wished hide this and made the network closed, thus you'd need to know the network name and the password to connect.

There was an interesting article on slashdot a couple of weeks back where a chap found his neighbour stealing his bandwidth and decided to have some fun. Basically, all the images from any site the neighbour went to would be upside down

There was a whole debate about the "stealing" issue, some argued if you left the network unsecured, it stated that you did not mind if people hopped onto it (yeah right, like if my garden has no fences that means you can use it for your BBQ).

If you wanted to be rather restrictive then you could use WPA, closed (hidden) network with a cryptic name, and also have MAC Address filtering enabled.

Mick

iTrader: (1)

The bandwidth is so huge now I have downgraded mine from 2 to 1 Mb - saves me £10 a month - I am quite happy to share it with my neighbour if it reaches - is this legal?

- I do have it secured by WPA and MAC address link only

cheers

Mick

RichB

no point kicking them out of their own network, they'll realise, reset it and get someone to secure it, best to just leave it be and carry on.

A relative of mine may have been doing this but her Mac just automatically connected to it and worked out the box... *snigger*

Markus

One issue that was raised was if someone was using your connection without your permission or knowledge to download/share copyrighted material. Who would the RIAA come after?

ru'

I've heard it could be advisable to leave your router unsecured if you're using it for dodgy purposes, i.e. bittorrent music downloads where you do not hold the copyright.

After all, how would they prove it was you, and not your neighbour downloading it?

(edit - took too long reading the thread and replied too late!)

GaryK

I 'borrowed' a neighbours connection for about six months! Only surfed really and I dont secure mine so happy to return the favour!

Quite funny on holiday where we were staying they had a cyber cafe and locked down the machines so you had to pay. I managed to overcome the locking software so we browsed for free for a fortnight when we wanted to. When we got back the router was fooked so had to shell out for a new one, bad vibes biting my ***? You never know (cue The Twilight Zone music)

Gary

Dracoro

However, are you opening up your computer to the network you're on?

e.g. you jump onto my unencrypted connection, I notice (I'm lying in wait you see ) and **** your PC up big time, bmup you off then encrypt my network so you can't take revenge

Chris L

WEP is easy to break because of a flaw in the encryption process. 64 bit WEP can be broken in under 10 mins (I've seen it done on many occassions). My (former) boss was on a local BBC programme a few months back. He did some basic scans and found roughly 50% of home WiFi and 25% of business WiFi networks unsecured.

Before you go admitting stuff like this on a public website, if you gain unauthorised access (even if there isn't a warning message) to a wireless network, you are technically in breach of the Computer Misuse Act. There was a guy last year fined £500 and given a 12 month conditional discharge for doing as exactly described by a few people on this thread.

BTW, if they can't do you under the CMA, it is also possible to be prosecuted under the Communications Act for illeagally obtaining a wireless signal

Chris (IT Security Consultant)

KiwiGTI

Not really, MAC spoofing is one of the easiest things to do. As is finding hidden SSIDs.

jaytc2003

iTrader: (1)

but if you assign static ips that are not in the standard range through your router mapped to the mac then that makes it more difficult

TopBanana

Not by your average punter - not by any means.

KiwiGTI

No, but easily by your average delinquent teenager who would probably be the most likely malicious attacker.

JackClark

Chris L

A 5 min search on Google will give you the tools and techniques to do MAC address spoofing to be honest. If you're targeted by a good hacker (and not some numpty script kiddie who downloads the latest tool from a second rate hacker site), then they can probably get in. Chances are that this is highly unlikely (why go to the trouble to be honest?). People should just be aware of what they are doing though.

Edit to say nice one JC

dowser

As above, MAC address security makes it difficult enough to thwart all but those specifically targetting you, IMHO

ChefDude

re picture, why did someone advertise free wifi? or did someone put it there unknown to the owners?

TopBanana

They were probably advertising it. Probably commies or something.

BigGT3Fan

My view on this is I have my own b-band connection, and (secured) wifi. However, I have surfed onto an unsecured neighbour on 2 occasions when Telewaste went t*ts up and I needed/wanted to use the web.

I've also done similar when on holiday, in fact just returned from Edinburgh for the fringe, and "borrowed" the wifi from the B&B to check out events/venues/restaurants etc

Wouldn't ever do anything malicious, what's the point, but when you are used to 24/7 broadband it's funny how disconnected you feel when you want to look something up and can't get on line. Other peoples un-secured network solve this nicely

James Neill

iTrader: (1)

So how secure is WPA then as an alternative to WEP?

mike1210

WPA is far more secure. I think "home user wise", the only possible weakness is the strength of the password that you use. i.e. using "password" as your password would be very easy to guess. WPA is still open to dictionary attacks (trying to guess your password by going through a list of words, phrases etc)

http://www.kurtm.net/wpa-pskgen/

so use that to make a decent WPA password

also using WEP is better than nothing, but use WPA equipment permits

jowl

When I was on an unlimited account, I used to leave my Wireless unsecured and broadcast the name.

I don't do that anymore, now I have a limit. As I'm in a cul-de-sac it's not so bad. Sometime, I connect to across the road's wireless...as I set it up

spectrum48k

I'm not prescribing methods for a bullet proof LAN - just adding that the more security methods he looks into, the better.

HHxx

Leave mine wide open Run a transparent proxy and firewall restricting what they can do. Must say, err, intersting url attempts I vpn in..