RE: Interlopers on the WLAN

["Philip J. Koenig" <pjklist () ekahuna com>]

On 6 Nov 2002 at 19:24, Frank O'Dwyer boldly uttered: 

> On Wed, 2002-11-06 at 10:29, Philip J. Koenig wrote: 
> [...] 
> > Mitnick was arrested while running over a stolen cellphone and  
> > traversing a chain of at least 3-4 different networks to slow down 
> > attempts to find him.  If he were doing this over someone's open WLAN 
> > while parked on the street out front, all he'd need to do is drive 
> > away and it would be next to impossible to find him.
> True, but equally he might have tossed the cellphone out the window and
> driven off into the sunset. 


There's a big difference here: cellphone's are trackable to a 
cellsite and a location in realtime, but since WLANs are not 
centrally managed by a technically clueful organization (cellphone 
carrier) there is little or no oversight in many cases for 
interlopers.


> The impression of WLAN anonymity may be just
> as false. While someone is connected to a WLAN, they are certainly
> revealing *something* about their location. Maybe a lot. If it's
> possible to get a few arrests based on that fact then that may adjust
> the attitudes of the attackers. 


Given all the essentially unmanaged open WLANs (I'd surmise that the 
vast majority of "open" WLANs are poorly managed and unsupervised, 
for obvious reasons) then I do think there's a very big problem that 
doesn't exist for ie cellular networks.


> > > Otherwise we may be stuck with one of two fairly ugly scenarios:
> > > plausible deniability for Harry Hacker ("it wasn't me, someone must have
> > > used my open WLAN"), or Harry Homeowner made liable for everything
> > > originating from his connection.
> >
> > Personally I favor the latter example, since one should take 
> > responsibility for one's actions - in this case, operating an 
> > insecure network.  
>
> This is a kind of 'blame the victim' approach. It would also be 
> deeply hypocritical of the one bringing the charges, i.e. the
> targets of the attack. After all, theirs may be the only network 
> that was actually breached. How can they prosecute someone else
> for "operating an insecure network", all on the basis that their
> own flaky network just got turned over, without blatantly 
> admitting that they operate an insecure network themselves?


Not sure who you're referring to: if a hacker hops on an insecure 
WLAN and causes damage to some other site by DoS'ing it for example, 
who's at fault - the commercial site that the hacker attacks, the 
operator of the insecure WLAN, or the hacker?  I say 1) the hacker 
and to a lesser extent 2) the operator of the insecure WLAN.  
Certainly not the final victim of the attack.  In this particular 
case the WLAN was "used", not "damaged" per-se.


> I can't think of any reasonable definition of "operating an
> insecure network" that doesn't apply first and foremost to the
> target of any successful attack. OTOH, I can think of at least 
> two reasonable definitions that *don't* necessarily apply to 
> an open access point. 


There are various attacks (ie DDoS attacks) that are next-to-
impossible to mitigate simply by network security.  It's a global 
ISP/backbone problem.  While you might be able to harden your 
network/hosts so that they don't die under such an attack, your 
connectivity can be decimated with little you can do about it from 
your end, and the end-result is the same as if your hosts died - your 
users can't access your resources.


--
Philip J. Koenig                                       
pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New 
Millenium


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards