RE: Wireless Security (Part 2)

["David Gillett" <gillettdavid () fhda edu>]

  No, for two reasons.

1.  You haven't mentioned any way to ensure that the intruder visits
that page and sees it, let alone agrees to its conditions.  [Technology
exists to address this, it's called a "captive portal".  So this problem,
at least, can be solved.]

2.  Can you post a sign on your driveway, giving yourself the right to
search any cars that park there that you don't recognize?  I don't 
think so.  You have the right to report them to the *police*, who in turn
might determine that a search warrant (or one of the few exceptions) is
appropriate, but simply arrogating that authority to yourself is risky 
at best.

  Really, it would be a whole lot simpler to (a) secure the network in
the first place, and (b) ban and/or report any intruder who gets past 
that security.  [If you lock access to a list of MAC addresses, the only
way an intruder can get in is to spoof one of those addresses, and so
identifying and banning him will be problematic at best.]

  An awful lot of the intruders I encounter have a NetBIOS name set, so
their computer offers me clues about who they are *without* any kind of
counter-intrusion on my part.  And since they're just looking for free
bandwidth, it doesn't take a lot of banning effort before they decide to
go somewhere easier.
  My current "ban" list is not very long, and there's only one entry on
there for which the police *will* be called if it shows up again.  But
that one wasn't just hitching a free Internet connection....

David Gillett


> -----Original Message-----
> From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] 
> Sent: Monday, May 15, 2006 2:34 PM
> To: security-basics () securityfocus com
> Subject: Wireless Security (Part 2)
>
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A few months back we had a discussion going about whether or 
> not a person who has setup a Wi-Fi network for their and 
> their families use.  And IF someone illegally connects to 
> said network if the person who setup the network has the 
> right to go into the other person's computer to find out who 
> they are.  The consensus is/was that sadly no the person who 
> setup the Wi-Fi network doesn't have the right to go into the 
> intruder's computer to find out who they are.
>
> What IF the person who sets up the Wi-Fi network has a web 
> page, or a dialog box that is displayed that says the 
> following whenever a new computer signs onto the network:
>
>                               WARNING
>
>    You have connected to a PRIVATE COMPUTER NETWORK
>
> IF you were NOT invited to join the network then leave now.
> IF you continue to use the network, know that by doing so you 
> consent to having your computer inspected for the purpose of 
> finding out who you are so that the proper authorities can be 
> notified.
> IF you leave now no actions will be taken, but IF you 
> continue then the appropriate actions WILL be taken, you have 
> been WARNED.
> This is your ONLY warning, leave NOW.
> Also know that along with your name your computers MAC 
> address will also be recorded, and blocked in the future.
>
>       If the above is setup as a web page then the 
> capitalized words would be in bold as well as red to catch 
> the person's attention.  Also with the above they wouldn't be 
> able to say that they weren't warned, correct?
>
> - -----
> Herman
> Live Long and Prosper
>  ___________________          _-_
>  \==============_=_/ ____.---'---`---.____
>              \_ \    \----._________.----/
>                \ \   /  /    `-_-'
>            __,--`.`-'..'-_
>           /____          ||-
>                `--.____,-'
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
> Comment: Space the Final Frontier
>
> iQA/AwUBRGjzqx/i52nbE9vTEQL2VgCfa6k5g7v+iXyLAWn8x0C4puoejFIAnA0l
> pyeqL5W4eOfzDQCLuHEk31Q/
> =c+u5
> -----END PGP SIGNATURE-----