Security Basics mailing list archives
RE: Wireless Security
From: "Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>
Date: Fri, 14 Oct 2005 13:35:14 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G. Allen, I'll do that thanks. It's not that I'm doubting you, it's just that it doesn't seem right that even though they were the ones who were illegally accessing someone else's network that the owner of the network can't look at their box to find out who they are. Would that also apply to just looking at what comes up in Windows Explorer under the network icon? I mean by using what that they are not "hacking" the other persons box parse, correct? I mean they're just using what is already being shown on their own box/system. And not using any "hacking" tools to do so. Herman - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Friday, 14 October, 2005 02:01 To: hfebelingjr () lycos com Subject: RE: Wireless Security Google using the parameters tsunami and hacker. You will get multiple hits. A couple should point you to ZD Net, among many others. The story is in fact legit. Regardless of the fact that someone is making unauthorized use of your wireless network, it is against the law to hack into that person's system. Now I would have to imagine that there is no reason you couldn't trap and analyze packets going across your wireless network, it belongs to you. And it's likely that some identifying data could be derived from such. Just bear in mind, the moment you SCAN that person's system w/out authorization, but w/ the intent of getting into it, you can be brought up on criminal charges. I've read the other replies you've gotten on this question Herman, and from what I've seen, ALL of them back me up. That alone should be telling you something. G. Allen Johnson. - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Thursday, October 13, 2005 9:58 PM To: G. Allen Johnson; security-basics () securityfocus com Subject: RE: Wireless Security *** PGP SIGNATURE VERIFICATION *** *** Status: Bad Signature *** Alert: Signature did not verify. Message has been altered. *** Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com> (0xDB13DBD3) *** Signed: 14-Oct-05 12:48:07 AM *** Verified: 14-Oct-05 1:06:25 PM *** BEGIN PGP VERIFIED MESSAGE *** G. Allen, But if they're getting an IP from your AP/Wi-Fi enabled router wouldn't a trace on their IP address show as being in that "private" pool of IP addresses? What about trapping and analyzing the packets that are going across their network? Would it be legal for the person who setup the network to intercept and analyze them? That doesn't sound quite fair to me. That they can illegally attach themselves to someone else' Wi-Fi network and that the owner of said network isn't allowed to investigate by looking at their computer to at least try and find out their identity. I've read just the article that you directly linked to, was the site a legit site, or was it a scam? Herman - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Thursday, 13 October, 2005 22:18 To: hfebelingjr () lycos com Subject: RE: Wireless Security "C) Can the person who initially setup the Wi-Fi network ***legally go in and look around>>> his/her neighbors computers?" "C) ***I'd think that it is possibly a gray area***. I would think that IF a person discovers that they uninvited guest(s) and s/he is trying to find out who they are, and where they are I would think that lawyer would argue that the person who setup the Wi-Fi network was just investigating those who were illegally accessing his/her system." Negative, no gray area here. Unless you have written permission &/or some other manner of consent to enter a system not owned by you, you may not legally enter that system. In regards to identifying the culprit however, the wireless AP should give the IP's of the devices connected to it. Once the IP address of the offender is acquired, there are a number of ways to pursue and resolve the problem. Even law enforcement has prerequisite requirements that must be fulfilled before entering/hacking into someone's system. Taking the law into your own hands, so to speak, will net you a similar result to the UK fellow who "investigated" the Tsunami relief website. http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/ 1 to 2 years ago I would have agreed w/ you Herman. But the power of the individual to investigate such things has decreased while the power of the gov't to perform such activities has increased. The war on terror, much like the war on drugs, is really nothing more than a war on civil liberties. G. Allen Johnson. - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Wednesday, October 12, 2005 8:25 PM To: G. Allen Johnson Subject: RE: Wireless Security
PGP SIGNATURE VERIFICATION *** Status: Bad Signature Alert: Signature did not verify. Message has been altered. Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
Signed: 12-Oct-05 11:00:43 PM Verified: 13-Oct-05 10:57:20 PM BEGIN PGP VERIFIED MESSAGE ***
G. Allen, On A) I have to agree with ya. I would also have to agree with ya on B). As for C) I'd think that it is possibly a gray area. I would think that IF a person discovers that they uninvited guest(s) and s/he is trying to find out who they are, and where they are I would think that lawyer would argue that the person who setup the Wi-Fi network was just investigating those who were illegally accessing his/her system. As for d) I'd have to agree with ya again, IF a person is dumb enough these days NOT to be running some kind of anti-virus PRG on their system, they are the one who is to blame for any and all virus' that they get. As far as e) I would agree that a person's E-Mails/files are the property of the owner. However I would have to think that the packets being sent illegally over another person's WLAN are the property of the owner of the network. Herman - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Wednesday, 12 October, 2005 22:15 To: hfebelingjr () lycos com Subject: RE: Wireless Security Assuming the person in question is setting up a wireless AP for his/her own personal use: A) None. Establishing a wireless network does not automatically add every wireless device in the area to its network. The neighbors have to opt in to use it, and they have to have the SSID and pass key to do so. Assuming a default SSID and no pass key present, the neighbors in question still have to choose to join the unsecured wireless network and have to take responsibility for what nasty things may happen to their computer for connecting to someone's personal wireless network w/out that person's consent. B) No. The person who set up the Wi-Fi isn't responsible, the person who deleted the files is. C) No. That would be considered hacking into someone else's system and last I checked, that's against the law. Just because someone accesses your wireless network, that doesn't give you the right to illegally enter another person's system. D) No. See A). E) The privacy I know they can expect is that which is attached to the system; i.e. the files on the hard drive. As far as the privacy of what packets their system is sending out or the privacy of their e-mails, I'm a little fuzzier on that. On one side, it is their e-mail, and it's against the law for some third party to intercept that e-mail. However, they are sending it through an unauthorized connection. So I'm not real solid on this one Herman. Hope that helps, G. Allen Johnson. - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Wednesday, October 12, 2005 12:17 PM To: security-basics () securityfocus com Subject: Wireless Security
PGP SIGNATURE VERIFICATION *** Status: Bad Signature Alert: Signature did not verify. Message has been altered. Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
Signed: 12-Oct-05 1:56:23 PM Verified: 12-Oct-05 10:31:52 PM BEGIN PGP VERIFIED MESSAGE ***
I've got a question (actually a few) along these lines. Let's say that a person has a Wi-Fi network setup at home. And they find out that some of their neighbors have accessed it. A) What if any obligation to the neighbors does the person who initially setup the Wi-Fi network have? B) What happens IF one neighbor goes in and reads/deletes msgs/files from another neighbor's computer is the person who initially setup the Wi-Fi network for their own use liable? C) Can the person who initially setup the Wi-Fi network legally go in and look around his/her neighbors computers? D) What if one the neighbors get a virus, is the person who initially setup the Wi-Fi network liable? E) What if any expectations to privacy do the unauthorized users have? Herman - -----Original Message----- From: Daryl Davis [mailto:daryl () ultbingo com] Sent: Tuesday, 04 October, 2005 12:56 To: security-basics () securityfocus com Subject: Wireless blocking I believe I have an unauthorized wireless router on my network. I have been unable to physically find it as of yet. Does anyone know how to find the hidden SSID and then Jam it? Thank you. Daryl R Davis Digital Game Media, Inc.
END PGP VERIFIED MESSAGE ***
END PGP VERIFIED MESSAGE ***
*** END PGP VERIFIED MESSAGE *** -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQ0/mxx/i52nbE9vTEQJ4ZACg5W2gWBd34fPYQBYaqYlYpQvszmAAoMXT ypMpgdS+o+ipBT4zrmQQTLts =MV7T -----END PGP SIGNATURE-----
Current thread:
- Re: Wireless Security, (continued)
- Re: Wireless Security pand0ra . usa (Oct 13)
- Re: Wireless Security Joe George (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security David Gillett (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security David Gillett (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- RE: RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- Re: RE: Wireless Security Dave Bush (Oct 18)
- Re: RE: Wireless Security Alloishus BeauMains (Oct 21)
- Re: RE: Wireless Security Dave Bush (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- Re: Wireless Security Austin Murkland (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 21)
- Re: Wireless Security Austin Murkland (Oct 18)
(Thread continues...)