Do you steal wifi?
 

Each time I switch on my laptop, there are at least 3 "unsecured wireless networks" in my range.

I connected to one to see if i could. i could. i then disconnected. it is stealing after all.

what do you do?

in fact if you 'steal' other people's bandwidth, how do you protect yourself?
on your own wifi network setup, how do you 'secure' it?

if you access other peoples networks, have a bit of fun by changing their router settings. Chances are the username and password are still at default. Then set up wep or wpa so that they cannot access it!!!

(obviously do this at your own risk as this could be classed as hacking :nono: )

:lol1:

I reckon its RIFE all over the place. People just aren't informed enough to lock down their routers. You see all this fancy advertising by the ISP's about their latest wireless products, but I bet very few focus on security.

Assuming joe public does try and secure the router, they'll probably use WEP - which, as we know, is as much use as a chocolate fire guard.

Apparently a lot of businesses use cr*p security on their wireless too.

out of interest why is wep cr@p?

I use wep, but I also have mac ids locked in my router so only the macs that I specifiy can access the internet.

I walked up our road with Wififofum on my pda and found 7 wireless lans,3 of which weren't secured.Lucky for me,my neighbour hasn't got his wireless lan secured and his router username and password are still set to the defaults......



For now ;) :lol1:

do a search on google and you'll be able to find a hack tool that will defeat WEP pretty easily.

a mate of mine, who works for a certain 3 lettered computer company, is issued with said hack tool so he can effortlessly get into client's LANs.

Locking the MAC addresses down is a good move though.

Apparently it can be done quite easily ;)

Again, Wififofum is a great little package!! :D

Dan

I can see three to five networks when I have a look under my airport menu. Some of them have a password requirement to access them, others do not. Some of them have the name of "Default" or "D-Link", and no security. So it seems someone has just got a wireless router/access point and connected it up and done nothing else with it.

Out of curiousity I did try connecting to unsecured networks, and found that I could obtain the gateway address, pop that into my browser and be prompted to login to the wireless router. A quick search on the internet gave me the default username and passwords for the routers (the authentication dialog listed the product model) and I was able to connect and could have reconfigured things had I wished to.

I've got my own internet connection, so have no desire to steal someone elses. If I were to decide to do that then I'd probably look at software that could mask/change the MAC Address and network name of my computer.

I also have my own wireless network, an Airport Extreme Base Station and an Airport Express. I have them secured by using a WPA Personal password. A WEP password would probably be ok in my case as I work from home, so I doubt there would be too many people trying to hack the connection, however, I chose WPA just in case :D.

I *do* have my network name visible, though I could if I wished hide this and made the network closed, thus you'd need to know the network name and the password to connect.

There was an interesting article on slashdot a couple of weeks back where a chap found his neighbour stealing his bandwidth and decided to have some fun. Basically, all the images from any site the neighbour went to would be upside down :D

There was a whole debate about the "stealing" issue, some argued if you left the network unsecured, it stated that you did not mind if people hopped onto it (yeah right, like if my garden has no fences that means you can use it for your BBQ).

If you wanted to be rather restrictive then you could use WPA, closed (hidden) network with a cryptic name, and also have MAC Address filtering enabled.

The bandwidth is so huge now I have downgraded mine from 2 to 1 Mb - saves me £10 a month :thumb: - I am quite happy to share it with my neighbour if it reaches - is this legal?

- I do have it secured by WPA and MAC address link only

cheers

Mick :D

no point kicking them out of their own network, they'll realise, reset it and get someone to secure it, best to just leave it be and carry on.

A relative of mine may have been doing this but her Mac just automatically connected to it and worked out the box... *snigger* ;)

One issue that was raised was if someone was using your connection without your permission or knowledge to download/share copyrighted material. Who would the RIAA come after?

I've heard it could be advisable to leave your router unsecured if you're using it for dodgy purposes, i.e. bittorrent music downloads where you do not hold the copyright.

After all, how would they prove it was you, and not your neighbour downloading it?

(edit - took too long reading the thread and replied too late!)

I 'borrowed' a neighbours connection for about six months! Only surfed really and I dont secure mine so happy to return the favour!

Quite funny on holiday where we were staying they had a cyber cafe and locked down the machines so you had to pay. I managed to overcome the locking software so we browsed for free for a fortnight when we wanted to. When we got back the router was fooked so had to shell out for a new one, bad vibes biting my ass? You never know (cue The Twilight Zone music:))

Gary

However, are you opening up your computer to the network you're on?

e.g. you jump onto my unencrypted connection, I notice (I'm lying in wait you see ;):D) and fook your PC up big time, bmup you off then encrypt my network so you can't take revenge :D

WEP is easy to break because of a flaw in the encryption process. 64 bit WEP can be broken in under 10 mins (I've seen it done on many occassions). My (former) boss was on a local BBC programme a few months back. He did some basic scans and found roughly 50% of home WiFi and 25% of business WiFi networks unsecured.

Before you go admitting stuff like this on a public website, if you gain unauthorised access (even if there isn't a warning message) to a wireless network, you are technically in breach of the Computer Misuse Act. There was a guy last year fined £500 and given a 12 month conditional discharge for doing as exactly described by a few people on this thread.

BTW, if they can't do you under the CMA, it is also possible to be prosecuted under the Communications Act for illeagally obtaining a wireless signal :)

Chris (IT Security Consultant)

Not really, MAC spoofing is one of the easiest things to do. As is finding hidden SSIDs.

but if you assign static ips that are not in the standard range through your router mapped to the mac then that makes it more difficult

Not by your average punter - not by any means.

No, but easily by your average delinquent teenager who would probably be the most likely malicious attacker.

A 5 min search on Google will give you the tools and techniques to do MAC address spoofing to be honest. If you're targeted by a good hacker (and not some numpty script kiddie who downloads the latest tool from a second rate hacker site), then they can probably get in. Chances are that this is highly unlikely (why go to the trouble to be honest?). People should just be aware of what they are doing though.

Edit to say nice one JC :)

As above, MAC address security makes it difficult enough to thwart all but those specifically targetting you, IMHO :)

re picture, why did someone advertise free wifi? or did someone put it there unknown to the owners?

They were probably advertising it. Probably commies or something.

My view on this is I have my own b-band connection, and (secured) wifi. However, I have surfed onto an unsecured neighbour on 2 occasions when Telewaste went t*ts up and I needed/wanted to use the web.

I've also done similar when on holiday, in fact just returned from Edinburgh for the fringe, and "borrowed" the wifi from the B&B to check out events/venues/restaurants etc :)

Wouldn't ever do anything malicious, what's the point, but when you are used to 24/7 broadband it's funny how disconnected you feel when you want to look something up and can't get on line. Other peoples un-secured network solve this nicely :D

So how secure is WPA then as an alternative to WEP?

WPA is far more secure. I think "home user wise", the only possible weakness is the strength of the password that you use. i.e. using "password" as your password would be very easy to guess. WPA is still open to dictionary attacks (trying to guess your password by going through a list of words, phrases etc)

http://www.kurtm.net/wpa-pskgen/

so use that to make a decent WPA password

also using WEP is better than nothing, but use WPA equipment permits:)

When I was on an unlimited account, I used to leave my Wireless unsecured and broadcast the name.

I don't do that anymore, now I have a limit. As I'm in a cul-de-sac it's not so bad. Sometime, I connect to across the road's wireless...as I set it up :)

I'm not prescribing methods for a bullet proof LAN - just adding that the more security methods he looks into, the better. :brickwall

Leave mine wide open ;) Run a transparent proxy and firewall restricting what they can do. Must say, err, intersting url attempts :o I vpn in..