Firewall Wizards mailing list archives

RE: Interlopers on the WLAN

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 6 Nov 2002 12:01:08 -0500 (EST)

On Wed, 6 Nov 2002, Philip J. Koenig wrote:

        [SNIP]


Personally when I started the thread I was thinking more in terms of 
the whole practice of "wardriving" and whether it's defensible from a 
legal standpoint or not.


Yu've changed the context of the argument, which I'd suspected from the
begining that this was more the context meant in the original post.  But,
passive sniffing is at present apparently not illegal, in fact the secret
service is actively 'wardriving' in various pasrts of the US to ascertain
the weak default setus that might be infringing security of various gov
and mill sites exposed to wireless toys.

I was not referring to clueful individuals and organizations/ 
institutions that properly take care of the security issues on their 
WLANs.  I was referencing the very clear fact that a huge amount of 
these WLANs are operated by non-technical consumers who, in my view, 
cannot really be expected to understand all the technical/security 
issues at play, particularly if the vendors not only ship the product 
with an insecure default configuration, but also do a poor job of 
educating the consumer about the issues at hand.

Given that there are so many WLANs out there that are owned/operated 
by these types of users, it makes me think that to assume a WLAN is 
"public" simply because a non-technical user set it up in it's most 
likely configuration is a stretch to say the least.

Further on the legal/abuse front: I predict the next wave of spammers 
will be heavily exploiting open WLANs to anonymize themselves while 
sending out spam, and I wouldn't be a bit surprised to see DNS-based
blacklists of open WLANs pop up, just like the various ones that are 
now operating to flag open SMTP relays and other potential spam 
sources.


Spammers might well take this route, and might already have taken this
route.  They are the less hideous of the security risks one should be
envisioning here.  As you hinted at with the Mitnick ordeal <which if
folks recall, required Tsutomu Shimonura's use of illegal equipment to
trace Mitnick down>.  I'd certainly use a route such as this to base any
attacks upon a private corporate of gov sites these days.  The annonimity
makes it far too easy a place to hide ones presence from.

The free.nets of the past are perhaps a dying breed, soon to be over
shadowed by the free wireless routes available for access.  And there are
many ventures to provide such access advertised weekly in various
locations around the globe.  I've collected a few examples from various
media over the past year or so.  The problem gets even messier as to
insecure default settings though when one looks at all the new laptops and
desktops hipping with wireless trinkets imbedded in the new equipment,
turned on with totally insecure default settings.  I'm just wondering how
long it takes before some of the larger systems are shipped as AP's as
well as clients <it might already have been done and I've just missed it>.
The point being, this is a nightmare that's already been unleshed and soon
to be exposed to big time security issues, if it hasn't already raised
it's ugly head.  And the focus needs to be pushed ba k towards the vendors
to do something about the awful default settings they provide.  Until the
vendors are forced to take responsibility, it's the end users that will be
the ones to share the financial costs of their toys being used for nasty
business.

And let's not even reopen the old dead thread on the wireless video
equipment being shipped as 'security devices' and the exposure they
provide.


Thanks,


Ron DuFresne
<broadcast at your own risk>
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Interlopers on the WLAN, (continued)
- - - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 09)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
    - RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
    - RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
    - RE: Interlopers on the WLAN Paul Robertson (Nov 06)
    - RE: Interlopers on the WLAN Jim Leo (Nov 06)
    - RE: Interlopers on the WLAN R. DuFresne (Nov 06)
- RE: Interlopers on the WLAN Moody, Thomas (Contractor) (DDC) (Nov 05)
  - Re: Interlopers on the WLAN Kyle R. Hofmann (Nov 05)
- RE: Interlopers on the WLAN bmonkman (Nov 05)
  - RE: Interlopers on the WLAN Paul Robertson (Nov 05)
- Re: Interlopers on the WLAN Roger Marquis (Nov 06)
- RE: Interlopers on the WLAN Cox, Michael (Nov 06)
- RE: Re: Interlopers on the WLAN Moody, Thomas (Contractor) (DDC) (Nov 06)
- Re: Interlopers on the WLAN Dave Piscitello (Nov 06)
  - Re: Interlopers on the WLAN Frank O'Dwyer (Nov 09)