hxxp://money.cnn.com/2005/08/08/technology/personaltech/internet_piracy/index.htm?cnn=yes

Following this article,

I think that both the attacker and the victim have a role to play in this. By exposing a vulnerable wifi network without protection (be it WEP key, WPA, or are there any other types ? ), the victim should be partially blamed..

As for the attacker, I think that it's more of a moral question. Having my own onsite service biz., it's not uncommon to see customers connected to neighbor's network, without even knowing !! But on the other side, if the connection is secured, the hacker should be blamed if cought. (even though it doesn't seem like there are any laws right now.. (?!!?) )

What do YOU think ? have you ever done that ? Given the easyness of the "hack", what would you consider to be over the line ?

Not exactly, Wep/WPA still has it's flaws. I have included resources below.


128 Bit Wep Cracking
http://www.crimemachine.com/Tuts/Flash/wepcracking.html

WPA Cracking
http://www.crimemachine.com/Tuts/Flash/WPA.swf

Document on several flaws in the Wired Equivalent Privacy algorithm[Berkeley]
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

Document on WPA Security Issues
http://yahoo.pcworld.com/yahoo/article/0,aid,113340,00.asp

I agree, in the case where absolutely no security is used. I have threaded on this a bit already. Even with WEP and WPA flaws, security should be layered, so not too many excuses there.

Now, when folks look to move to a new area, they don't always ask, "Is there broadband access available at this location?" Instead, they ask, is there any FREE WIRELESS near this location?

I live in a small technologically challenged town, and I administer most of the wifi networks around here. The big issue that comes up here is what the end user's intentions are. For instance, none of my clients care if people use their wifi to connect to the internet and check their email, etc. However, there are those who will take advantage of such things and use the networks for illegal purposes. I am pretty sure that their will be a new algorithm released soon that revolutionizes 802.11x security, and it will be cracked 3 months later, patched, then cracked all over again until a new technology is released and the cycle will continue.

While browsing through a home router config. option (DI-514) I noticed that you can disable the SSID broadcasting, which makes it "private".


That would be (I think) a very effective way of securing it, because you have to know the exact SSID to connect, or else you don't even see it when you fire up you favorite wireless scanner...

right ?

on a side note:
Wireless unprotected networks are IMO the best access point to perform any questionable acts. I just think of the nearest University campus in here... I used to sit in the caf. and enjoy my new free wifi connection ! I guess that this + mac spoofing would make an attacker pretty much undectable / untraceable uh ?

Nope,
using airodump, I could find my own SSID which is not broadcasted.

Errrr....wrong

You might want to read this article: http://blogs.zdnet.com/Ou/index.php?p=43

SSID hiding: There is no such thing as "SSID hiding". You're only hiding SSID beckoning on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden

wep has a long hard to remember key, WPA is a lil better but still has it's flaws. For my dad I just used MAC filtering. I know MAC's can be cloned, but if someone was going to go that far then they'd break WEP or WPA as well.

I'd still set up WEP so that his info isn't passing in the clear. Otherwise, someone can sniff the network and capture passwords and such, and then go back to their own Internet connection and use the info without ever using your dad's wireless network.

No WEP is not impossible to crack, but don't make it easy to gather info.

I was going to post the exact same thing last night but I was way too tired. I second this idea. Good Post.

I have a friend of mine who disabled DHCP on his router and statically assigns all of his devices, both wired and wifi. If someone were to crack his WEP would they be able to sniff out the client IP ranges anyhow?

Disabling DHCP was another "dumb idea" in securing your wireless network. Its in this article I posted before - http://blogs.zdnet.com/Ou/index.php?p=43

Disable DHCP: This is much more of waste of time than it is a security break. DHCP allows the automatic assignment of IP addresses and other configurations. Disabling DHCP has zero security value and just wastes time. It would take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address. Anyone who tells you that this is a way to secure your wireless LAN doesn't know what they're talking about.

Although I don't know the exact method, I'm sure it wouldn't be difficult to figure out.

To get the Static IP Settings, all you need is Default Gateway and Subnet mask. You can assume most of this info from just the Routers IP...

But, i'd like to point out BN's post about Layered Security....

If some kid came across this aswell as a hundred other security layers, he's going to give up. Once he's in your just making his life more difficult and knocking out another group of people who dont know how IP's work.

if you are on the 172.18.23.0/30 Subnet, how many hackers actually know which IP to set so they can get online ? Then they need DNS info. its a layered approach, that with planning can be added to be more of a 'pain in the ass wireless network' - Its not adding security, its just like adding another window that they have to climb through that they thought wasnt there.

I'd do it just to be a pain in the ass but thats just me

The problem, though, is that some layers are as much a pain in your ass as well as the attackers. Balance is key, unless you're like that crazy guy who requires his kids to use 14-digit pwds AND fobs to access their local PC at HOME!