Firewall Wizards mailing list archives
RE: Interlopers on the WLAN
From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Sat, 09 Nov 2002 02:26:47 -0800
On 9 Nov 2002 at 9:10, Frank O'Dwyer boldly uttered:
On Wed, 2002-11-06 at 22:25, Philip J. Koenig wrote:On 6 Nov 2002 at 21:41, Frank O'Dwyer boldly uttered:[...] Firstly, you're assuming the WLAN is "insecure" simplybecause it lets anyone connect without asking who they are. Maybe that's what the owner and users of the WLAN want. His network, his policy. If you don't like his policy, maybe you need make sure your network isn't connected to his in any way that matters to you.Once you connect a network to the internet, your security problems often become everyone else's security problems.Absolutely, but you're still prejudging the issue by using loaded terms like "insecure" and "interloper". An open access point is not necessarily "insecure", it's just open. Someone connected to an open access point may not be an "interloper" but may in fact be using it exactly as intended by its owner. In this case the appropriate term is "user" not "interloper". In this sense it is rather like a public access web site, which don't authenticate users either, and are also a risk to the Internet. We could demand that all of those be shut down too using a similar argument, but actually they are pretty useful so we don't. Also note that these people are not particularly *likely* to be DDoS'ing, spamming, or hacking anyone. Certainly these abuses are possible and a real problem, but I'd hazard a guess that to three significant figures, 100% of such users simply want to surf and read their email. As far as providing open access goes, the security features of WLAN simply wouldn't apply even if they worked. (Except in so far as the current default installations make it far too likely that someone will *unwittingly* set up an open access point.) Basically the point I am trying to make here is that these sorts of networks are not useful only to hackers etc, they are also just plain useful.
I think you're stating the obvious. Of course they're useful, just like open SMTP relay hosts are "useful".. but they also happen to be a widely frowned-upon attractive nuisance on the internet these days. Almost every security problem on the net starts out because someone stuck some host or device online to do something "useful".. but simultaneously overlooked the security implications. I remember the days when running an open SMTP relay was considered neighborly - and convenient if for example your normal ISPs MTA(s) were having temporary problems. But the current situation makes it an extremely bad idea to run such hosts any more.
Disconnecting them would be a really draconian response, and the underlying issue would remain (these attacks occurred before WLAN even existed).
I have never advocated "disconnecting" open WLANs. I have pointed out that A) those who deign to hop on them for a "free ride" may find themselves the subject of criminal proceedings, B) I hope to make people aware of the need for vendors to ship products in a secure configuration by default (and fix the WEP problems) and C) I hope to make people aware of the serious security implications of (intentionally or unintentionally) running open WLANs.
[...]Bear in mind my main original point was about the legality or ethics of hopping onto an open WLAN. But beyond that, there is this concept of an "attractive nuisance" when someone connected to the internet does something to encourage hacking activity from systems under their control.Merely setting up an open access point hardly constitutes encouragement of that kind. If I lend you my mobile phone, am I encouraging you to make an illegal call? Or if someone uses a cab as a getaway vehicle does that mean there shouldn't be cabs, or cab drivers should ask for ID?
This is a pointless argument and I hope that your common sense and (presumed) experience in the security field will allow you to understand the big picture here. To wit, the argument you attempt to make, taken to its logical conclusion, would excuse just about any latent security problem on the net whatsoever.
What would be more useful here is some kind of mitigation - e.g. the ability to perform some kind of 'egress filtering' - that could be a standard firewall operated in reverse, to filter certain protocols, or to drop signs of misuse, or to shape traffic. It might be more appropriate for ISPs to do that however, than to expect end users to do it. A useful feature for any developer of personal firewalls though - zonealarm could easily do some of this. This would also start to address wired abuses.
I personally am not a great fan of ISPs acting as "Big Brother" by scrutinizing every packet their users send/receive, and I do think the issues in question can be addressed without dumping that responsibility on them. (and subjecting us all to constant surveillance) As we can see every day, relying on end-users to solve their own security problems is generally a waste of time. (See ILOVEYOU, BubbleBoy, Klez, CodeRed, various DDoS zombie client trojans, and every other virus, trojan, worm, malicious code, ad infinitum.)
The term commonly used is that it's a "rogue" network or system.Again this is a loaded term that doesn't necessarily fit the facts. Other terms that are commonly used for the same thing are "internet cafe", "open access point", and "wow, you mean I can get broadband access when on the road, how handy!". :)
A clueful internet cafe doesn't create internet security liabilities just by being in business. Likewise, lots of things are convenient but are REALLY BAD IDEAS. Telnet is pretty convenient too, but how many people with any sense at all are using it for anything that has any security importance whatsoever these days? You also characterize things above as if open WLANs are the only source of mobile connectivity in the world - hardly the case. But even with all the issues I point out, with a little work using existing standards and adjusting practices on the part of vendors and users even WLAN security issues can be solved pretty easily. The question of "anonymous strangers" using someone's network is a bone of contention for anyone who runs an ISP or backbone and those who are impacted by the resulting security issues - and I really don't think WLANs are any different than any other potentially anonymizing access-point in that respect. They're just a relatively new, popular (and particularly appealing for a hacker, I'd surmise) option at this point. -- Philip J. Koenig pjklist () ekahuna com Electric Kahuna Systems -- Computers & Communications for the New Millenium _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Interlopers on the WLAN, (continued)
- RE: Interlopers on the WLAN Bill Royds (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 09)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
- RE: Interlopers on the WLAN Bill Royds (Nov 06)
- RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
- RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
- RE: Interlopers on the WLAN Paul Robertson (Nov 06)
- RE: Interlopers on the WLAN Jim Leo (Nov 06)
- RE: Interlopers on the WLAN R. DuFresne (Nov 06)
- Re: Interlopers on the WLAN Kyle R. Hofmann (Nov 05)
- RE: Interlopers on the WLAN Paul Robertson (Nov 05)