RE: Interlopers on the WLAN

["Philip J. Koenig" <pjklist () ekahuna com>]

On 6 Nov 2002 at 9:54, Frank O'Dwyer boldly uttered: 
> On Wed, 2002-11-06 at 09:17, Philip J. Koenig wrote:
>
> > Further on the legal/abuse front: I predict the next wave of spammers 
> > will be heavily exploiting open WLANs to anonymize themselves while 
> > sending out spam, and I wouldn't be a bit surprised to see DNS-based
> > blacklists of open WLANs pop up, just like the various ones that are 
> > now operating to flag open SMTP relays and other potential spam 
> > sources.
>
> I'm not sure that would work. For example if I created an open WLAN
> here, everything would appear to originate from a dynamic IP address. To
> block that, you'd have to block my entire ISP, which would prevent a
> sizeable proportion of the UK from sending email.


Such details have not in the past stopped email blacklisters from 
listing giant swaths of IP address space just because a couple of 
those addresses had been accused of sending spam.  It happens to be 
an issue which I have argued with the "antispam zealots" over for 
several years now.  A surprisingly high number of sysadmins block all 
email traffic from entire countries these days as a draconian "anti-
spam" measure.


> But also worrying is the potential for somebody to start launching
> full-on attacks using WLANs as the connection point. These will appear
> to originate from Harry Homeowner's DSL connection or from XYZ Corp. I
> don't know if it would be possible to physically locate the origin of a
> WLAN sender, as it is with mobile phones, but if so then that would be a
> saving grace. 


One of my issues with the whole idea of "wardriving" is that it 
provides the kind of anonymity which hackers cherish and which the 
security community is no fan of.  I'd venture to say that hacking 
over an open WLAN is by far the MOST anonymous way of doing so - 
Mitnick was arrested while running over a stolen cellphone and  
traversing a chain of at least 3-4 different networks to slow down 
attempts to find him.  If he were doing this over someone's open WLAN 
while parked on the street out front, all he'd need to do is drive 
away and it would be next to impossible to find him.


> Otherwise we may be stuck with one of two fairly ugly scenarios:
> plausible deniability for Harry Hacker ("it wasn't me, someone must have
> used my open WLAN"), or Harry Homeowner made liable for everything
> originating from his connection.


Personally I favor the latter example, since one should take 
responsibility for one's actions - in this case, operating an 
insecure network.  

But let me reiterate that while I believe that any operator of a WLAN 
should be responsible for damage which results from it, I also 
believe that unsophisticated users can't be expected to understand 
all the specific security issues at play, particularly if their 
retail-bought hardware doesn't turn it on by default.  Which is why I 
think the presumption on the part of interlopers that a network is 
*by default* public, unless special measures are taken, is not 
particularly rational. (rather, it's self-serving, because people who 
espouse it, IMHO, are blinded by the promise of "free internet".)

But as soon as certain entities with significant resources and 
something to lose get damaged by some WLAN interloper, I'll bet that 
they will be looking to crack down on and prosecute anyone caught in 
the act.  This may indeed change the attractiveness of "wardriving" 
quite a bit in the future.


--
Philip J. Koenig                                       
pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New 
Millenium


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards