RE: Wireless Security

["Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

G. Allen,

        I'll do that thanks.

        It's not that I'm doubting you, it's just that it doesn't seem right that even
though they were the ones who were
illegally accessing someone else's network that the owner of the network can't
look at their box to find out who they
are.

        Would that also apply to just looking at what comes up in Windows Explorer
under the network icon?  I mean by using
what that they are not "hacking" the other persons box parse, correct?  I mean
they're just using what is already being
shown on their own box/system.  And not using any "hacking" tools to do so.

Herman

- -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Friday, 14 October, 2005 02:01
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


        Google using the parameters tsunami and hacker.  You will get
multiple hits.  A couple should point you to ZD Net, among many others.  The
story is in fact legit.  Regardless of the fact that someone is making
unauthorized use of your wireless network, it is against the law to hack
into that person's system.

        Now I would have to imagine that there is no reason you couldn't
trap and analyze packets going across your wireless network, it belongs to
you.  And it's likely that some identifying data could be derived from such.
Just bear in mind, the moment you SCAN that person's system w/out
authorization, but w/ the intent of getting into it, you can be brought up
on criminal charges.

        I've read the other replies you've gotten on this question Herman,
and from what I've seen, ALL of them back me up.  That alone should be
telling you something.

G. Allen Johnson.

- -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Thursday, October 13, 2005 9:58 PM
To: G. Allen Johnson; security-basics () securityfocus com
Subject: RE: Wireless Security


*** PGP SIGNATURE VERIFICATION ***
*** Status:   Bad Signature
*** Alert:    Signature did not verify. Message has been altered.
*** Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com> (0xDB13DBD3)
*** Signed:   14-Oct-05 12:48:07 AM
*** Verified: 14-Oct-05 1:06:25 PM
*** BEGIN PGP VERIFIED MESSAGE ***

G. Allen,

        But if they're getting an IP from your AP/Wi-Fi enabled router
wouldn't a trace
on their IP address show as being in
that "private" pool of IP addresses?  What about trapping and analyzing the
packets that are going across their
network?  Would it be legal for the person who setup the network to
intercept
and analyze them?

        That doesn't sound quite fair to me.  That they can illegally attach
themselves
to someone else' Wi-Fi network and
that the owner of said network isn't allowed to investigate by looking at
their
computer to at least try and find out
their identity.

        I've read just the article that you directly linked to, was the site
a legit
site, or was it a scam?

Herman

- -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Thursday, 13 October, 2005 22:18
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


"C)     Can the person who initially setup the Wi-Fi network ***legally go
in
and look around>>> his/her neighbors computers?"
"C) ***I'd think that it is possibly a gray area***.  I would think that IF
a person discovers that they uninvited guest(s) and s/he is trying to find
out who they are, and where they are I would think that lawyer would argue
that the person who setup the Wi-Fi network was just investigating those who
were illegally accessing his/her system."

        Negative, no gray area here.  Unless you have written permission
&/or some other manner of consent to enter a system not owned by you, you
may not legally enter that system.  In regards to identifying the culprit
however, the wireless AP should give the IP's of the devices connected to
it.  Once the IP address of the offender is acquired, there are a number of
ways to pursue and resolve the problem.  Even law enforcement has
prerequisite requirements that must be fulfilled before entering/hacking
into someone's system.  Taking the law into your own hands, so to speak,
will net you a similar result to the UK fellow who "investigated" the
Tsunami relief website.
http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/
1 to 2 years ago I would have agreed w/ you Herman.  But the power of the
individual to investigate such things has decreased while the power of the
gov't to perform such activities has increased.  The war on terror, much
like the war on drugs, is really nothing more than a war on civil liberties.

G. Allen Johnson.


- -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Wednesday, October 12, 2005 8:25 PM
To: G. Allen Johnson
Subject: RE: Wireless Security


> > > PGP SIGNATURE VERIFICATION ***
> > > Status:   Bad Signature
> > > Alert:    Signature did not verify. Message has been altered.
> > > Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
> > > Signed:   12-Oct-05 11:00:43 PM
> > > Verified: 13-Oct-05 10:57:20 PM
> > > BEGIN PGP VERIFIED MESSAGE ***

G. Allen,

        On A) I have to agree with ya.  I would also have to agree with ya
on B).  As
for C) I'd think that it is possibly a
gray area.  I would think that IF a person discovers that they uninvited
guest(s) and s/he is trying to find out who
they are, and where they are I would think that lawyer would argue that the
person who setup the Wi-Fi network was just
investigating those who were illegally accessing his/her system.

        As for d) I'd have to agree with ya again, IF a person is dumb
enough these
days NOT to be running some kind of
anti-virus PRG on their system, they are the one who is to blame for any and
all
virus' that they get.  As far as e) I
would agree that a person's E-Mails/files are the property of the owner.
However I would have to think that the
packets being sent illegally over another person's WLAN are the property of
the
owner of the network.

Herman

- -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Wednesday, 12 October, 2005 22:15
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


        Assuming the person in question is setting up a wireless AP for
his/her own personal use:
A)      None.  Establishing a wireless network does not automatically add
every wireless device in the area to its network.  The neighbors have to opt
in to use it, and they have to have the SSID and pass key to do so.
Assuming a default SSID and no pass key present, the neighbors in question
still have to choose to join the unsecured wireless network and have to take
responsibility for what nasty things may happen to their computer for
connecting to someone's personal wireless network w/out that person's
consent.
B)      No.  The person who set up the Wi-Fi isn't responsible, the person
who deleted the files is.
C)      No.  That would be considered hacking into someone else's system and
last I checked, that's against the law.  Just because someone accesses your
wireless network, that doesn't give you the right to illegally enter another
person's system.
D)      No.  See A).
E)      The privacy I know they can expect is that which is attached to the
system; i.e. the files on the hard drive.  As far as the privacy of what
packets their system is sending out or the privacy of their e-mails, I'm a
little fuzzier on that.  On one side, it is their e-mail, and it's against
the law for some third party to intercept that e-mail.  However, they are
sending it through an unauthorized connection.  So I'm not real solid on
this one Herman.

Hope that helps,

G. Allen Johnson.

- -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Wednesday, October 12, 2005 12:17 PM
To: security-basics () securityfocus com
Subject: Wireless Security


> > > PGP SIGNATURE VERIFICATION ***
> > > Status:   Bad Signature
> > > Alert:    Signature did not verify. Message has been altered.
> > > Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
> > > Signed:   12-Oct-05 1:56:23 PM
> > > Verified: 12-Oct-05 10:31:52 PM
> > > BEGIN PGP VERIFIED MESSAGE ***

I've got a question (actually a few) along these lines.  Let's say that a
person
has a Wi-Fi network setup at home.
And they find out that some of their neighbors have accessed it.

A)      What if any obligation to the neighbors does the person who
initially setup
the Wi-Fi network have?
B)      What happens IF one neighbor goes in and reads/deletes msgs/files
from
another neighbor's computer is the person who
initially setup the Wi-Fi network for their own use liable?
C)      Can the person who initially setup the Wi-Fi network legally go in
and look
around his/her neighbors computers?
D)      What if one the neighbors get a virus, is the person who initially
setup the
Wi-Fi network liable?
E)      What if any expectations to privacy do the unauthorized users have?

Herman

- -----Original Message-----
From: Daryl Davis [mailto:daryl () ultbingo com]
Sent: Tuesday, 04 October, 2005 12:56
To: security-basics () securityfocus com
Subject: Wireless blocking


I believe I have an unauthorized wireless router on my network.  I have been
unable to physically find it as of yet.

Does anyone know how to find the hidden SSID and then Jam it?

Thank you.

Daryl R Davis
Digital Game Media, Inc.


> > > END PGP VERIFIED MESSAGE ***






> > > END PGP VERIFIED MESSAGE ***






*** END PGP VERIFIED MESSAGE ***





-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ0/mxx/i52nbE9vTEQJ4ZACg5W2gWBd34fPYQBYaqYlYpQvszmAAoMXT
ypMpgdS+o+ipBT4zrmQQTLts
=MV7T
-----END PGP SIGNATURE-----