Wireless network thieves

[41magsnub]

My home internet connection sure is faster now that I booted the neighbor college kids off of it...

I factory reset my DSL modem a couple of weeks ago after a firmware update and forgot to disable the wireless connection in it.  

Noticed the past few days it was super slow, glanced at the DSL modem and saw the wireless light was on and blinking like crazy.  I was going to do something nasty involving a DNS server and redirecting all web traffic to tubgirl but I decided it was my own fault and just turned it off.

No risk to me, there is a firewall running NAT between the DSL modem and the rest of the network.  I just left DHCP on in the modem because I am lazy which between that and the open wireless connection hooked the kids up.  I know it was them because I looked up the DHCP leases then ran Nessus on them which gathered enough data I figured out who they were.

[BlueStarLizzard]

ahhhh... the modern day version of "HEY!! You KIDS get off my LAWN!" 

[Vodka7]

This is one of the reasons I bought my own cable modem instead of renting one from Comcast.

Seriously, how could an ISP think it's a good idea to have the default settings for wireless to be A) on, and B) unprotected?

I can see 8 wireless networks from here, and I have a crappy antennae.  Only one of them (mine) is on WPA2.  One more is WPA, and a third is WEP.  The other five are wide open, including two separate linksys routers with the default SSID and channel.

[Regolith]

I make sure mine is disabled;  I only use it periodically, and when I do I use it with WPA2 and a very strong encryption on it. 

[KD5NRH]

"HEY!! You KIDS get off my LAN!" 

FTFY 

[Grandpa Shooter]

If you drive around the country like we did last summer, you can simply cruise through parking lots or neighborhoods and pick up wireless connections anywhere.  I was surprised at first, but then realized the average user is somebody like me who doesn't have a clue how to encrypt it or hide it.

It wasn't until I got Mozilla Firefox that I had protection.  If I am on an unsecured network it switches me to public use mode and protects my computer.

[mtnbkr]

I'm surprised how few open WLANs I see in Virginia.  From my house, as I type, I can see 9 other networks (those are the ones broadcasting, there may be more).  All are secured.

I personally use WPA2 w/AES.  I don't broadcast my SSID and I have enabled MAC filtering. 

Chris

[AJ Dual]

Other than the bandwidth wasteage, and the risk your unwanted riders are surfing kiddy porn etc. You can have so much fun with an unsecured access point.

You can attack/hack their machines and/or capture their private data.

You can run a proxy that does wacky things like invert every downloaded web-image to upside down, fuzzy, or replace them with pornographic, random, or disgusting imagery.  Or route through a proxy that that does word/phrase replacing etc. or simply re-route certain URL's to ones of your choosing, being as blatant or diabolically subtle and evil as you want

And of course many people simply don't know which wireless access point they're on.

And a few years back I found so many unsecured access points on my street, I was about to walk up and down the street with my laptop and start ringing on doorbells teaching people what to do. I first thought to look for them when I found I was on a neighbors network when trying to diagnose very poor performance. The reason being I was catching a signal from several houses away.

Then over the course of a year, they all went secured. And this was before AT&T U-Verse came into the neighborhood. Time Warner wasn't giving out Wireless routers/access points AFAIK. At least they never offered me one. So at least on my street, people began to figure it out after a few years.

I'm surprised how few open WLANs I see in Virginia.  From my house, as I type, I can see 9 other networks (those are the ones broadcasting, there may be more).  All are secured.

I personally use WPA2 w/AES.  I don't broadcast my SSID and I have enabled MAC filtering. 

Chris

I used to bother with MAC filtering, but with no SSID broadcast, and WPA2 and AES there's just no point. MAC address filtering is so easy to spoof it's virtually transparent. All it would do is keep an honest person from unintentionally connecting. And there's zero chance of that happening with SSID broadcast turned off, and WPA2 in the first place.

The only point I see to it now is to punish a family member or restrict their access when needed.

[Tallpine]

Anyone within wireless range is within rifle range 

[mtnbkr]

I used to bother with MAC filtering, but with no SSID broadcast, and WPA2 and AES there's just no point. MAC address filtering is so easy to spoof it's virtually transparent. All it would do is keep an honest person from unintentionally connecting. And there's zero chance of that happening with SSID broadcast turned off, and WPA2 in the first place.

The only point I see to it now is to punish a family member or restrict their access when needed.

Defense in Depth.  It might be unnecessary, but it doesn't hurt.

Chris

[brimic]

I wonder if there is a way to set a trap for people tapping into your wireless connection? Is there a way to send them a nasty virus/malware prOn popups?

[mtnbkr]

I wonder if there is a way to set a trap for people tapping into your wireless connection? Is there a way to send them a nasty virus/malware prOn popups?

Absolutely.  That said, just secure your stuff and they'll go somewhere else.

Chris

[Jim147]

Not to defend the kids but this:

And a few years back I found so many unsecured access points on my street, I was about to walk up and down the street with my laptop and start ringing on doorbells teaching people what to do. I first thought to look for them when I found I was on a neighbors network when trying to diagnose very poor performance. The reason being I was catching a signal from several houses away.

I found the same thing when a friend called me to look at his very slow internet only on his laptop.He was hooking up to someone else's network without knowing it.

jim

[brimic]

Absolutely.  That said, just secure your stuff and they'll go somewhere else.

I used to have everything set up correctly with wep encryption, but then I had windows BSOD and had to reinstall, and my wife was screwing around with one of the laptops setting, and now have the kids Wii and DS using the system and I haven't been able to get things to jive up correctly since with encryption

[Nick1911]

I used to have everything set up correctly with wep encryption, but then I had windows BSOD and had to reinstall, and my wife was screwing around with one of the laptops setting, and now have the kids Wii and DS using the system and I haven't been able to get things to jive up correctly since with encryption

MAC address filtering will keep out most people.

[brimic]

But I'm lazy

[lee n. field]

And of course many people simply don't know which wireless access point they're on.

A year or two ago I ran into a guy who swore up and down that our little town had free municipal wireless, because he could wander anywhere and get on.

[mtnbkr]

I used to have everything set up correctly with wep encryption, but then I had windows BSOD and had to reinstall, and my wife was screwing around with one of the laptops setting, and now have the kids Wii and DS using the system and I haven't been able to get things to jive up correctly since with encryption

I have three laptops, a Wii, and an iTouch all connected wirelessly with WPA2/AES, no SSID, and Mac filtering.  It isn't hard.

But I'm lazy

It takes less work than infecting others with viruses for using your unsecured AP.

Chris

[Vodka7]

I have three laptops, a Wii, and an iTouch all connected wirelessly with WPA2/AES, no SSID, and Mac filtering.  It isn't hard.

It takes less work than infecting others with viruses for using your unsecured AP.

Chris

Things may have changed with the DSi, but the original DS and the DS lite do NOT support anything beefier than WEP.

When I had a DS I used to....  *cough*....  Use an unprotected neighbor's WiFi because I sure as heck wasn't using WEP on my own network

[41magsnub]

I make sure mine is disabled;  I only use it periodically, and when I do I use it with WPA2 and a very strong encryption on it. 

I have another access point with more power behind it wtih WPA on it and didn't mean to enable the crappy ActionTec built in one.  I can't do WPA2 because my old tablet PC I use for a couch computer doesn't support it.  WPA is good enough for a home network.  I only really have WPA on to prevent somebody else from getting on the network.

[Regolith]

I have another access point with more power behind it wtih WPA on it and didn't mean to enable the crappy ActionTec built in one.  I can't do WPA2 because my old tablet PC I use for a couch computer doesn't support it.  WPA is good enough for a home network.  I only really have WPA on to prevent somebody else from getting on the network.

I'm within a block of a university campus that has a CS department. Some of the courses that the CS department provides teaches students how to hack. 

I don't take any chances.   

[French G.]

Anyone within wireless range is within rifle range 

Yep, my wireless is wide open. You've got to do some right fancy trespassing to get to the signal.

[mtnbkr]

Yep, my wireless is wide open. You've got to do some right fancy trespassing to get to the signal.

A high gain antenna might get a person access out of your fields of vision.  A group in the Shenandoah Valley of Va was able to stretch a wifi signal for over 100 miles using, among other things, high gain antennas.

Chris

[lee n. field]

Anyone within wireless range is within rifle range  

Where I work, one of the other divisions is a wireless ISP.  You know, tower mounted antenna to house mounted antenna, out in de boonies where Mediacom doesn't go, where your other choices are satellite, cell phone or (aaack) dialup.  I'll have to ask them what their longest jump is.  I'd guess a good fraction of their stuff is out of range of anything except artillery.

[RocketMan]

I can't do WPA2 because my old tablet PC I use for a couch computer doesn't support it.

It may be that you just lack the patch for WPA2 support if you are running Windows XP.  It's not always installed with the original O/S installation.  Look for the knowledge base article KB893357.