Firewall Wizards mailing list archives

RE: Interlopers on the WLAN

From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Wed, 06 Nov 2002 14:25:15 -0800

On 6 Nov 2002 at 21:41, Frank O'Dwyer boldly uttered:

On Wed, 2002-11-06 at 20:54, Philip J. Koenig wrote:
[...]

 if a hacker hops on an insecure 
WLAN and causes damage to some other site by DoS'ing it for example, 
who's at fault - the commercial site that the hacker attacks, the 
operator of the insecure WLAN, or the hacker?  I say 1) the hacker


Me too. Why is there a need to blame anyone else.

and to a lesser extent 2) the operator of the insecure WLAN.


Why? Firstly, you're assuming the WLAN is "insecure" simply 
because it lets anyone connect without asking who they are. 
Maybe that's what the owner and users of the WLAN want. His
network, his policy. If you don't like his policy, maybe 
you need make sure your network isn't connected to his in
any way that matters to you.



Once you connect a network to the internet, your security problems 
often become everyone else's security problems.

Maybe you need to put pressure
on the ISP to stop giving connectivity to such "insecure"
hosts. Or maybe yours is the insecure network that shouldn't
be connected - it's not at all obvious who is putting who at
risk here.



Bear in mind my main original point was about the legality or ethics 
of hopping onto an open WLAN.  But beyond that, there is this concept 
of an "attractive nuisance" when someone connected to the internet 
does something to encourage hacking activity from systems under their 
control.  The term commonly used is that it's a "rogue" network or 
system.  As you mentioned, the usual choke point for such rogue 
systems is their upstream provider, and just as it has become an 
issue for ISPs who host spammers and open-relays, I think it will 
become an issue for ISP customers with indiscriminately open WLANs. 
(reinforced by the fact that in many cases, these ISP customers are 
also breaching the terms of their ISP agreement by providing access 
to others beyond their household, or in some cases by profiting from 
selling access)

Regardless, someone's network is not insecure just because it
doesn't comply with *your* security policy. It may well be 
perfectly secure with respect to its own assets, security 
goals, and policy.



I think there are a variety of commonly-accepted norms for networks  
connected to the internet, and if you blatantly flout such norms 
(hosting hackers, spammers, and other troublemakers) you will shortly 
find yourself without connectivity because of the pressure your 
upstream will get over you.

Certainly not the final victim of the attack.


Of course not. At least not until someone starts setting precedents
for holding people liable for running "insecure networks". Because 
the ultimate victim of an attack is also going to look bad under
that standard.

Of course not, but your earlier comment (see below) implies that the 
victim is as "guilty" as the network used as a launching point for an 
attack.  As I said earlier, there is often absolutely nothing a 
victim can do to mitigate such attacks (cf the DDoS attacks on E-
Trade, Yahoo, Ebay etc by "mafiaboy" a couple years ago), whereas the 
network(s) where the attack was launched from generally can do quite 
a lot to prevent such attacks from occurring or succeeding.

You wrote:

    > I can't think of any reasonable definition of "operating an
    > insecure network" that doesn't apply first and foremost to the
    > target of any successful attack.

[...]

IMO The proper response is (a) to help people to secure their own
networks (and no that does not mean shutting down open access 
points) and (b) prosecute hackers. Making criminals of the rest
of us is unjustifiable, ineffectual, and may even be 
counterproductive.



Point taken, but in the meanwhile I'm not looking forward to 
thousands of hacker-anonymizing open WLANs creating a serious 
nuisance for the community either. (much of my consternation should 
be directed at the greedy WLAN industry groups and hardware vendors 
who have greatly added to the problem by A) not requiring security to 
be turned on under the various 802.11 standards and B) shipping 
products with security defaulting to off.)



--
Philip J. Koenig                                       pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New Millenium


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Interlopers on the WLAN, (continued)
- - - Re: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - Re: Interlopers on the WLAN R. DuFresne (Nov 06)
  - RE: Interlopers on the WLAN Bill Royds (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 09)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
    - RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
    - RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
    - RE: Interlopers on the WLAN Paul Robertson (Nov 06)
    - RE: Interlopers on the WLAN Jim Leo (Nov 06)
    - RE: Interlopers on the WLAN R. DuFresne (Nov 06)
- RE: Interlopers on the WLAN Moody, Thomas (Contractor) (DDC) (Nov 05)
  - Re: Interlopers on the WLAN Kyle R. Hofmann (Nov 05)

(Thread continues...)