RE: Interlopers on the WLAN

["Frank O'Dwyer" <fod () brd ie>]

On Wed, 2002-11-06 at 09:17, Philip J. Koenig wrote:
> On 6 Nov 2002 at 8:42, Frank O'Dwyer boldly uttered: 
>
> > So if you set your network up in the same sort of configuration, without
> > even a rudimentary attempt to restrict access, no clue that the network
> > is private, and route every packet thrown at you, then how on earth is
> > anyone supposed to know what you intended. Basically, it's unreasonable
> > to expect people to read your mind. 
>
>
> Personally when I started the thread I was thinking more in terms of 
> the whole practice of "wardriving" and whether it's defensible from a 
> legal standpoint or not.
>
> I was not referring to clueful individuals and organizations/ 
> institutions that properly take care of the security issues on their 
> WLANs.  I was referencing the very clear fact that a huge amount of 
> these WLANs are operated by non-technical consumers who, in my view, 
> cannot really be expected to understand all the technical/security 
> issues at play, particularly if the vendors not only ship the product 
> with an insecure default configuration, but also do a poor job of 
> educating the consumer about the issues at hand.
>
> Given that there are so many WLANs out there that are owned/operated 
> by these types of users, it makes me think that to assume a WLAN is 
> "public" simply because a non-technical user set it up in it's most 
> likely configuration is a stretch to say the least.

Good point. I was more arguing against the default assumption that all
WLAN networks are private though, than that they should be assumed
public. If there is an open access point, it's just not obvious how that
is intended to be used.

Yes, Harry Homeowner may unintentionally create an open access point at
home, but then he is also the very same guy who will switch on his
laptop and connect to any hotspot that is around. He is therefore the
very one who would be automatically criminalised by such a default
assumption. But you can't assume he knows what is going on *then*
either. I also think that passively connecting to what appear to be open
hotspots is an altogether different thing than running around the city
in the back of a cab with Netstumbler.  

Sure, in many instances it amounts to sitting outside someone's house
trying to make calls on their cordless phone, but where all of these
analogies break down is that it's going to be unclear if the WLAN was
intended to offer service, and it's also going to be unclear as to what
the user intended to connect to. Making criminals out of everyone so
that they can't co-operate even when they wish to is not a great
solution to this issue IMO.

> Further on the legal/abuse front: I predict the next wave of spammers 
> will be heavily exploiting open WLANs to anonymize themselves while 
> sending out spam, and I wouldn't be a bit surprised to see DNS-based
> blacklists of open WLANs pop up, just like the various ones that are 
> now operating to flag open SMTP relays and other potential spam 
> sources.

I'm not sure that would work. For example if I created an open WLAN
here, everything would appear to originate from a dynamic IP address. To
block that, you'd have to block my entire ISP, which would prevent a
sizeable proportion of the UK from sending email.

But also worrying is the potential for somebody to start launching
full-on attacks using WLANs as the connection point. These will appear
to originate from Harry Homeowner's DSL connection or from XYZ Corp. I
don't know if it would be possible to physically locate the origin of a
WLAN sender, as it is with mobile phones, but if so then that would be a
saving grace. 

Otherwise we may be stuck with one of two fairly ugly scenarios:
plausible deniability for Harry Hacker ("it wasn't me, someone must have
used my open WLAN"), or Harry Homeowner made liable for everything
originating from his connection.

Cheers,
Frank.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards