Firewall Wizards mailing list archives
RE: Interlopers on the WLAN
From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Wed, 06 Nov 2002 02:29:54 -0800
On 6 Nov 2002 at 9:54, Frank O'Dwyer boldly uttered:
On Wed, 2002-11-06 at 09:17, Philip J. Koenig wrote:Further on the legal/abuse front: I predict the next wave of spammers will be heavily exploiting open WLANs to anonymize themselves while sending out spam, and I wouldn't be a bit surprised to see DNS-based blacklists of open WLANs pop up, just like the various ones that are now operating to flag open SMTP relays and other potential spam sources.I'm not sure that would work. For example if I created an open WLAN here, everything would appear to originate from a dynamic IP address. To block that, you'd have to block my entire ISP, which would prevent a sizeable proportion of the UK from sending email.
Such details have not in the past stopped email blacklisters from listing giant swaths of IP address space just because a couple of those addresses had been accused of sending spam. It happens to be an issue which I have argued with the "antispam zealots" over for several years now. A surprisingly high number of sysadmins block all email traffic from entire countries these days as a draconian "anti- spam" measure.
But also worrying is the potential for somebody to start launching full-on attacks using WLANs as the connection point. These will appear to originate from Harry Homeowner's DSL connection or from XYZ Corp. I don't know if it would be possible to physically locate the origin of a WLAN sender, as it is with mobile phones, but if so then that would be a saving grace.
One of my issues with the whole idea of "wardriving" is that it provides the kind of anonymity which hackers cherish and which the security community is no fan of. I'd venture to say that hacking over an open WLAN is by far the MOST anonymous way of doing so - Mitnick was arrested while running over a stolen cellphone and traversing a chain of at least 3-4 different networks to slow down attempts to find him. If he were doing this over someone's open WLAN while parked on the street out front, all he'd need to do is drive away and it would be next to impossible to find him.
Otherwise we may be stuck with one of two fairly ugly scenarios: plausible deniability for Harry Hacker ("it wasn't me, someone must have used my open WLAN"), or Harry Homeowner made liable for everything originating from his connection.
Personally I favor the latter example, since one should take responsibility for one's actions - in this case, operating an insecure network. But let me reiterate that while I believe that any operator of a WLAN should be responsible for damage which results from it, I also believe that unsophisticated users can't be expected to understand all the specific security issues at play, particularly if their retail-bought hardware doesn't turn it on by default. Which is why I think the presumption on the part of interlopers that a network is *by default* public, unless special measures are taken, is not particularly rational. (rather, it's self-serving, because people who espouse it, IMHO, are blinded by the promise of "free internet".) But as soon as certain entities with significant resources and something to lose get damaged by some WLAN interloper, I'll bet that they will be looking to crack down on and prosecute anyone caught in the act. This may indeed change the attractiveness of "wardriving" quite a bit in the future. -- Philip J. Koenig pjklist () ekahuna com Electric Kahuna Systems -- Computers & Communications for the New Millenium _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Interlopers on the WLAN, (continued)
- Re: Interlopers on the WLAN Al Potter (Nov 05)
- Re: Interlopers on the WLAN Mikael Olsson (Nov 05)
- Re: Interlopers on the WLAN Frank O'Dwyer (Nov 05)
- Re: Interlopers on the WLAN R. DuFresne (Nov 06)
- Re: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- Re: Interlopers on the WLAN R. DuFresne (Nov 06)
- Re: Interlopers on the WLAN R. DuFresne (Nov 06)
- RE: Interlopers on the WLAN Bill Royds (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 09)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
- RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
- RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
- RE: Interlopers on the WLAN Paul Robertson (Nov 06)