Free loading hacking A-holes

[h4444]

Hate em'

OK,,,OK,,,I kind of did it to myself. I got a dsl line and setup a wireless network, wasn't deligent about securing it. ...

Shame on me....

Looks like a wise ass neighbor was moochin' off my bandwidth.

Performance started to deteriorate, so I hopped on my router,,,,low and behold there's an unknown device attached to my network.

Pinged them,,,,,amazing how fast they got off.

I don't think they got access to anything of importance, but I didn't waste anytime turning on WEP encryption and turning on my ACL (Access Control List).

Bastards.

H4444

[kimel]

WEP ain't gonna do much. Stop broadcasting your SSID (change it too), turn on WEP just for giggles and then restrict to MAC addresses that are yours. That will slow them down considerably and entice them to go pick on someone else.

It will NOT keep them out if they are determined.

[EricW]

I used to walk around my neighborhood with my laptop and home in on all the WiFi set ups just for laughs.

Having your neighbor be able to share isn't all bad. With cable modems pushing $50 to $70 / mo, why not split the bill?

[George]

I know someone who put his apartment number and DSL5dollarsamonth as his SSID. When his neighbors come a knocking he explains that if they give him 5 bucks a month, he will tell them the new, non-trivial password each month. In the last year he says he has typically made his monthly cost back, or more.

He had been running it open (RF point on the outside of his main router), but a coffeshop below his apartment complained that they were losing business on the WiFi connection they sold passwords to their customers for. He said this gave him the idea for the 5 bucks a month bit.

--

Regards,

[shred]

Yeah.. splitting the cost is the way to go if you get along with them (you'll need to firewall the router off from the rest of your systems too). If they're non-hackers, WEP, non-broadcast SSID or MAC lists will get rid of them. If they're hackers, nothing will get rid of them, although it may get them to move to somebody else's AP. Get yourself off channel 6 while you're at it (try 1 or 11).

From my apartment I can see 6 to 8 wireless access points. A few of them are secured, many are not.

FWIW, it only takes about 500,000 packets to break a WEP key nowdays. That's a week of surfing, but only a few hours of heavy downloads or internet music.

[SiG Lady]

Suggestion: Would one of our Admin types care to move this important thread into the Computers portion of the forum...? Might do a lot of good there....

[George]

There is a move on to run access points open everywhere to share all the bandwidth.

http://www.oreillynet.com/pub/wlg/2293

http://news.com.com/2100-1033-965070.html

http://www.newburyopen.net/

In some college towns, a lot of wifi points are deliberately left open by people who like being able to go anywhere and jump from point to point seamlessly.

There is also a (small) movement called “Warchalking” that goes back to the Hobo practice of marking places that were friendly and unfriendly for their fellow Hobo’s.

http://webword.com/moving/warchalking.html

http://www.warchalking.us/

I run SSID on and no encryption. I also have it the other side of a clamped router with all ports closed on all the machines that have any real data on them. Non-trivial passwords are a good idea. I also know that none of us change our passwords as often as we really should.

I personally believe in free bandwidth and think it will eventually have to go that way. The user should be in charge of his own security, just like the shooter is responsible for shooting safely.

--

Regards,

[shred]

I run SSID on and no encryption. I also have it the other side of a clamped router with all ports closed on all the machines that have any real data on them. Non-trivial passwords are a good idea. I also know that none of us change our passwords as often as we really should.

George rocks! We have a pretty good contingent of sandwich shops and cafes that run free open wireless sites in town, but more is always better.

We looked at a company in Canada that made wireless access points with built-in firewalls and VPN servers for just this purpose (leave the AP open, VPN back into your own wired net), but unfortunately they died in the big internet bust up.

More than once I've gone to a place because they had free wireless..

[Rob Boudrie]

Yeah.. splitting the cost is the way to go if you get along with them (you'll need to firewall the router off from the rest of your systems too).  If they're non-hackers, WEP, non-broadcast SSID or MAC lists will get rid of them.  If they're hackers, nothing will get rid of them, although it may get them to move to somebody else's AP.  Get yourself off channel 6 while you're at it (try 1 or 11).

From my apartment I can see 6 to 8 wireless access points.  A few of them are secured, many are not.

FWIW, it only takes about 500,000 packets to break a WEP key nowdays.  That's a week of surfing, but only a few hours of heavy downloads or internet music.

WAP is better than WEP. Cracking WEP using a large quantity of known packets (looking for ones which use "weak keys") still involves a fair amount of work, since you need to get a card which lets you get at the raw data and a utility like AirSnort.

Can it happen? Sure. Likely? Not if you live in a boring suburb and no one is targeting you specifically.

If you want to get an idea how many access points are out there, get a copy of Network Stumbler - it's not a "hacker tool" since it doesn't break passwords; find non-broadcast SSID's; etc. - but it does give a nice summary and even has an option to work with a GPS. I turned it on and carried the laptop with me while going on the nightly dogwalk (http://www.fsguns.com/images/simon.jpg)

and the system showed 14 access points when I got home - only one of which was encrypted.

If you think there is no risk of letting others freely access your bandwidth, check out http://www.eff.org/share/ - and that's not getting into the living hell someone could make your life by sending unlawful messages from your IP address.

[George]

If you think there is no risk of letting others freely access your bandwidth, check out http://www.eff.org/share/ - and that's not getting into the living hell someone could make your life by sending unlawful messages from your IP address.

Heck, there is risk involved every time you walk into a quickee-mart, or drive around the block. You might as well stop using debit cards to pay for stuff at the supermarket, or your amex card to buy stuff at Amazon.com and the Midway webstore. I have no fears about my security level, or my ability to withstand incorrect assumptions on the part of misinformed bureaucrats. If I earn some attention, then it must be my 15 minutes and I will wallow in it.

The world is what you make of it and I am a whole lot more concerned with the possibility of being car-jacked than I am with being used as a virtual relay.

--

Regards,

[shred]

WAP is better than WEP.  Cracking WEP using a large quantity of known packets (looking for ones which use "weak keys") still involves a fair amount of work, since you need to get a card which lets you get at the raw data and a utility like AirSnort.

Can it happen?  Sure.  Likely?  Not if you live in a boring suburb and no one is targeting you specifically.

You mean "WPA" (Wireless Protected Access), and it's good if your AP can do it.

But.. Airsnort's no longer state of the art. 500K IV's is all you need, weak or not (recent 802.11 gear mostly no longer generates IV's in the weak ranges anyway). Most popular 802.11 cards work great, even under Windows.

That's a week of dedicated sniffing by a neighbor if all you do is surf wirelessly. A night or two of sniffing if you do internet multimedia or big downloads over wireless. Ten minutes if you broadcast wireless video. I've tried these things.. gotta try and keep our customers safe, despite their best efforts.

The real geek-fun is War-Flying. We took a friends plane around ~1500' AGL over town and access points were coming up non-stop (little known fact: in open air 802.11 goes a long way.)

[Rob Boudrie]

WAP is better than WEP.  Cracking WEP using a large quantity of known packets (looking for ones which use "weak keys") still involves a fair amount of work, since you need to get a card which lets you get at the raw data and a utility like AirSnort.

Can it happen?  Sure.  Likely?  Not if you live in a boring suburb and no one is targeting you specifically.

You mean "WPA", and it's good, if your AP can do it.

But.. Airsnort's no longer state of the art. 500K IV's is all you need, weak or not (recent 802.11 gear mostly no longer generates IV's in the weak ranges, btw). Most popular 802.11 cards work great, even under Windows.

That's a week of dedicated sniffing by a neighbor if all you do is surf wirelessly. A night of sniffing if you do internet multimedia or big downloads over wireless. Ten minutes if you broadcast wireless video. I've tried these things.. gotta keep our customers safe, despite their best efforts.

The real geek-fun is War-Flying. We took a friends plane around ~1500' AGL over town and access points were coming up non-stop (little known fact: in open air 802.11 goes a long way.)

Yup, meant WPA. I found a SMC wireless with WAP a/b/g for $35.00 after rebate. Worked fine once I turned the SMC "Nitro accelleration" off.

Does the current stare of the art also make it practical to break WPA?

[shred]

Does the current stare of the art also make it practical to break WPA?

Not that I'm aware of. If you had a particularly bad implementation of WPA and were blasting packets at full bandwidth on an .11g or .11a network, then maybe there would be some data exposure, but I still doubt it.

WPA2 will be along before long to fix all that as well.

[Rob Boudrie]

I am hoping to have wireless running at A7/2005 so bring your laptop if you want to check scores from the clubhouse and don't want to wait for a system to free up. I doubt I'll be able to have the wireless reach the bays though.

[Indiana James]

Yeah, wireless makes security worse. I've had credit cards swiped. Companies been great. They do go after them criminals.