Security Basics mailing list archives
Re: RE: Wireless Security
From: Alloishus BeauMains <all0i5hu5 () gmail com>
Date: Wed, 19 Oct 2005 09:34:24 -0500
There are some recent court cases prosecuting folks for using unsecured networks. Not alleged, but actually found guilty. As far as I read from those cases, and much to the dismay of the computer security community as a whole, security of the actual network did not matter. Attractive nuisance has not been upheld in court, as far as computer security goes. On 10/18/05, Dave Bush <hockeystatman () gmail com> wrote:
On 10/17/05, Herman Frederick Ebeling, Jr. <hfebelingjr () lycos com> wrote:Yep, which is why I was thinking that one should be able to use Network Neighborhood to glean any and all information about who they are.If something happens that an attacker doesn't show up in Network Neighborhood, remember the benefits of the command line tools that are out there. (Yes, even for Windows!) nbtstat -A <ip address of rogue system> That'll give you output similar to this: U:\>nbtstat -A 10.1.58.56 Local Area Connection: Node IpAddress: [10.1.58.56] Scope Id: [] NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- DBUSH-XPNB <00> UNIQUE Registered [REMOVED] <00> GROUP Registered DBUSH-XPNB <20> UNIQUE Registered [REMOVED] <1E> GROUP Registered MAC Address = 00-0F-1F-C8-DD-51 Under type, 00 UNIQUE is the workstation service and 00 GROUP is the domain name. (Not that it really matters, but I removed the domain name references above.) Type 20 UNIQUE is the file server service. Here's a good reference I found by Googling: http://is-it-true.org/nt/atips/atips274.shtml As for the questions that originally started this - I'M NOT A LAWYER - but I'd think that leaving a wireless access point unconfigured so that anyone could connect to it could be considered an attractive nuisance. (Let's go back to Business Law from undergrad, shall we?) An attractive nuisance is defined as something that attracts children but also endangers their safety. I'd think that the legal definition is more along the lines of physical safety, like an unfenced swimming pool. I'm guessing that some lawyer could extend an open wireless access point to be an attractive nuisance though. Let's guess that little Joey connects to an access point that Martha was too inexperienced or lazy to properly configure. Joey goes online, buys some veterinarian grade Viagra, and manages to turn his leg into solid concrete thus ruining his potential football career. An ambulance chasing lawyer would love to argue the fact that Joey couldn't have done that if Martha had taken the steps necessary to prevent Joey from accessing her network. Now, if Martha could prove that she'd at a minimum encrypted her network with WEP then it's going to be much, much more difficult for that lawyer to prove his point. Martha did put up a "fence" to protect her network by implementing WEP. Joey had to bring his fence cutters (in the form of AirSnort) in order to get into a place he should have reasonably known he wasn't supposed to be in. Could Martha shoot Joey for being in her pool? Not unless he was threatening Martha in such a way as she felt she had to protect herself. Along the same lines, sorry - you can't legally retaliate against someone using your wide open wireless access point. The best you can do is lock them out in some way (MAC filtering, WEP, etc.) to tell them to stay out. This is for active connections folks. Anyone can passively monitor traffic on your network as long as they can pick up your signal. I'm taking a class that's basically a wireless hacking class as part of my Masters, and I've already had a nice conversation with the police when they were wondering what I was doing outside of Home Depot at 10:45 PM on a Saturday night. (Sitting far back in their parking lot, monitoring their broadcast beacons with AiroPeek, and guessing that they're using a Cisco proprietary encryption protocol to protect themselves.) When the cops asked what I was doing, I told them homework and explained exactly what I was doing. Because I was passively monitoring signals that were being sent all over the area, there was nothing they could do. The second I start trying to break into the network though it's, "Hello Mr. Handcuffs." Again, I'm not a lawyer, but I'd think that leaving an access point wide open is an invitation not only to be hacked, but to also possibly find yourself in court because some dumb kid got in trouble via your connection. CYA folks! -- Dave Bush <hockeystatman () gmail com> There are two seasons in my world - Hockey and Construction
Current thread:
- RE: Wireless Security, (continued)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- RE: RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- Re: RE: Wireless Security Dave Bush (Oct 18)
- Re: RE: Wireless Security Alloishus BeauMains (Oct 21)
- Re: RE: Wireless Security Dave Bush (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- Re: Wireless Security Austin Murkland (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 21)
- RE: Wireless Security David Gillett (Oct 21)
- Re: Wireless Security Austin Murkland (Oct 18)
- RE: Wireless Security Drumm, Daniel (Oct 21)
- RE: RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 21)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 24)
- RE: Wireless Security Burton Strauss (Oct 24)