Exploiting and Protecting 802.11b Networks

iforgotmyfirstlogon writes: "A couple of guys from Extreme Tech drove around New York, New Jersey, Boston, and Silicon Valley with a high gain antenna to see how many (secure and) unsecure wireless networks they could tap into. They used NetStumbler and Linux AirSnort to help them search. Results? They came across over 800 networks and less than 40% had any sort of security."

Traceable?

[sdo1]

I can just imagine some poor network admin trying to figure out who the heck is using their network to surf for pr0n (and imagine the PHB trying to figure out who they need to fire).

But seriously, with wireless it seems like it would be incredibly difficult to trace the unauthorized user. Land based hacks are usually done over the internet rather than by physically connecting to their network. As a result, there's usually logs to help track down the person(s) using the network.

But this seems incredibly tough... if the cracker didn't go anywhere on the network that would give themselves away (such as logging into hotmail to check their mail), I would guess that it would damn near impossible to find out who was sneaking into the network... even if/when they were actually connected. I would guess that the wireless network might get the MAC address of the card being used to get into the network, but even that likely wouldn't get you anywhere.

Is that true, or am I missing something here?

-S

Question on home security

[wareadams]

With all the stories on how bad WEP is and how most 802.11 networks aren't secured, I haven't found an answer to this question about securing a home 802.11 network (I'm not claiming to be an expert on this, so maybe this is a simple question).

I'm assuming most home users don't have the equipment/skills to set up the access point outside of a firewall and use VPN/SSH. Given that, how risky is the following:

1) Consumer base station (Airport)
2) WEP password enabled
3) Access restricted to specific MAC addresses (not possible w/Apple's configurator, but doable with the 3rd party Java version)
4) Airport plugged into home LAN, no other machines running any servers or file sharing (none are Windows boxes, 2 OS X, 2 OS 9.2)

I understand all the actual 802.11 traffic is basically open. I assume if the web site I'm using has effective encryption then that data is safe, but my POP3 password could be grabbed assuming it isn't encrypted by something other than WEP.

What I'm wondering is would this setup effectively prevent someone from setting up a laptop outside my house and getting at the files on my LAN.

This seems to me a reasonable set up for a home user, but if it leaves the family Quicken file vulnerable to any kid on the block then 802.11 seems to be destined to never be mainstream. If on the other hand a home user can put at least basic security in place (e.g. they can see your web pages but they can't trash your entire drive) then it has a chance.

Thanks.

New Zealand

We tried this stunt from an office window in the centre of New Zealand's largest city, Auckland. Even with only the laptop's wireless card, we were able to tap into 13 networks, and gain external internet access through 10 of these. The main security risk this poses, is that most highspeed business connections here are MB capped, and therefore, any kid with a laptop and wireless LAN card can use any local retailer's high-speed connection to download his warez, or even worse, to carry out even more highly illegal activity and it is traced back to.. the kid? No. The retailer. And this was only with a 5 inch steel aerial! Imagine what we could tap into with the kind of reciever power used in that article. Ironically, one of the internal networks we were able to enter completely anonymously, was that of a major NZ bank. Cash anyone?