RE: Wireless Security

["Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- -----Original Message-----
From: Kevin Reiter [mailto:tux () penguinnetwerx net]
Sent: Thursday, 13 October, 2005 09:19
To: security-basics () securityfocus com
Subject: Re: Wireless Security


Herman Frederick Ebeling, Jr. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've got a question (actually a few) along these lines.  Let's say that a
person
> has a Wi-Fi network setup at home.
> And they find out that some of their neighbors have accessed it.

They should've taken the time to properly configure their network using
WEP/WPA/RADIUS/etc. so there isn't any outside/unwanted access.

> A)    What if any obligation to the neighbors does the person who initially setup
> the Wi-Fi network have?

None.  It's not the neighbor's network, and unless they have a written
agreement in place (which I highly doubt they do) there's nothing the
neighbors can do about it if the owner decides to pull the plug on it or
slap a fat padlock around it.

====>   That's my take on it as well.

> B)    What happens IF one neighbor goes in and reads/deletes msgs/files from
> another neighbor's computer is the person who
> initially setup the Wi-Fi network for their own use liable?

If there is bona fide proof (logs, etc.) that this happened, the person
doing the invasive actions is liable, and depending on which country
this happens to take place in, laws vary.  Unauthorized access is still
unauthorized access.

====>   That's also my take on it as well.

> C)    Can the person who initially setup the Wi-Fi network legally go in and look
> around his/her neighbors computers?

No.  It's not their property, even if they're providing Internet access
to other parties, either willingly or unwillingly.  That's also
unauthorized access.

====>   I would have to think that one should/would be able to go in to various
computers that are illegally hooked to their network in order to determine the
identity of those who are using his/her network illegally.

> D)    What if one the neighbors get a virus, is the person who initially setup
the
> Wi-Fi network liable?

Not that I know of, but this is still under debate.  That's like suing
an ISP if you get a virus.  They provide the vehicle to get online, but
it's up to you to take the proper steps to protect yourself from
viruses, intrusions, etc.  If you're using an unauthorized network (i.e.
using someone else's poorly configured wireless network to gain Internet
access without permission) and something happens to you, it's your own
fault.

====>   I have to agree with ya there.  I would say that it can be compared to
when cable/DSL first started to be offered where one could "see" all of their
neighbor's boxes on the same segment.  It would be up to the individual to
secure their own box and NOT the company that provided the high speed/broadband
access.

> E)    What if any expectations to privacy do the unauthorized users have?

If they are accessing a network without permission, that's illegal.
There shouldn't be any expectations regarding privacy, and if there are,
someone needs to be more informed in this area.

====>   That's my take on it as well.  They should NOT be surprised IF their
packets are scanned to determine who they are.

Herman

> Herman

Kevin

> - -----Original Message-----
> From: Daryl Davis [mailto:daryl () ultbingo com]
> Sent: Tuesday, 04 October, 2005 12:56
> To: security-basics () securityfocus com
> Subject: Wireless blocking
>
>
> I believe I have an unauthorized wireless router on my network.  I have been
> unable to physically find it as of yet.
>
> Does anyone know how to find the hidden SSID and then Jam it?
>
> Thank you.
>
> Daryl R Davis
> Digital Game Media, Inc.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQ01ORx/i52nbE9vTEQJiUgCeOOjX9N6x73SckuWo8IM3fRrF7NoAni3P
> b8FzLCft8X2qZYK7BYhdx+E3
> =9dp4
> -----END PGP SIGNATURE-----


- --

It said "use Linux 2.4 kernel or better" so I installed FreeBSD.  Now
everything runs better.  Why didn't they just tell me to do that to
begin with?


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ07vjh/i52nbE9vTEQLAVQCgg06hvl6OGgBZEhbMVqTZVEkccgEAn1L5
wp1n6oU0yUL3rI1jS6hgqCov
=zo7F
-----END PGP SIGNATURE-----