Wardriving Worries Residents
sphynx99 writes "This article describes how residents of an upscale neighborhood in Arizona are worried about wardriving, a "new method of privacy intrusion and identity theft". Nothing to worry about, though; "The Scottsdale Police Department plans to create a cyber-crimes unit next year."
Instead of wasting tax payers' money, they should just use wired lans.
Why should the poor pay taxes to subsidize all these extra expenditure made for the sake of those who are wealthy?
I'm talking about those in the bottom of the scrap heap here. Those who don't even have computers, Joe Sixpacks.. like.. Homer!
Now, why would Homer have to pay more taxes so that Burns can have a safe wireless lan?
Those people who buy a wireless router should pay for a tax at time of purchase!
Online backup with Mozy, sounds like Ozzie, but more!
So on what basis are the residents reporting incidents? Or is it just upscale residents reporting scruffy people in beat up cars? (which is not necessarily a bad thing)
residents of an upscale neighborhood in Arizona are worried about wardriving
Geeks living in that area should consider advertising their services. Improving computer security and making money while doing it sounds like win-win situation to me.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
If you want to live in rich area like Scottsdale, you pay the sky high taxes for stupid shit like this. People live in areas like this for the stupid services. I'm sure you could list the services gated communities around the world do even stupider things.
A buddy of mine just had his neighborhood incorporated in the local city, they put in sewers, lights, and he can now use the local firedepartment and police, but his property tax went up. Was it worth it? Septics only cost a couple hundred to empty. Now, they charged him 20K, and he HAD to pay it. (And not including the money to hook upto the sewer, another 10K for pipe work.)
OT, speaking of Scottsdale, I almost hit a freaking Gatsby that ran a red light. And the lights are backwards compared the reset of phoenix. What a freaking wierd city.
I don't live in Stonegate, I live in a nice apartment building. From my apartment, I can see 2 or 3 other networks. I don't broadcast my SSID, use WEP, and have MAC filtering enabled so I'm not too worried about it.
It's easy for us geeks to shout from the rooftops to just lock it down, but we are dealing with people who think putting a key inside a fake rock is a safe way of not getting locked out of their home. I am surrounded by Joe Sixpacks and Barbi Braindeads. They have no clue and no amount of education is going to fix it.
Here is an idea -- provide a USB port on the access point and configure them with a random WEP key, no SSID broadcast, and MAC filtering at the factory. Then take a USB key fob to the access point, automagically download the SSID and WEP key, and take it to each PC. The PC can install the SSID and the key, and then download their MAC. Take the fob back to the lan and plug it in to finish configure the MAC filtering. No fuss, no bother, no skills involved.
There, problem solved. No computer can connect until it's done, and the system is delivered secure. Leave the web configuration utilitiy so if someone want's to turn it off to deliver free access they have a choice. That will take skills, or at least someone who can RTFM.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
its whether the communication is conducted via a method the user has a "reasonable expectation of privacy" using
That's a standard that the existance of the concept of wardriving shoots a nice big hole through...
A wide-open 802.11x access point can be seen as an open invitation onto that network. Afterall, there are many public places that intentionally set their networks to be wide open in order to encurage use by visitors/customers.
The lack of intent doesn't have much to do with it... if you set up a wide open network, you're giving an internationally recognized signal. One should know the customs of what they're dealing with lest they unintetionally make such a signal.
You need a few gigabytes of packets to crack WEP. The way most people use their wireless networks I wouldn't worry too much. Also, if you change your WEP once a week (or more often if you use it extensively) you are pretty much safe.
The only risk you have is your neighbour (no sane person will wait for a gig outside your house).
MAC-filtering can also be effective, although you could still suffer a DoS attack from someone who has cracked your WEP, but that's just a friendly remainder to change your WEP.
Of course, the best would be to use WPA[2] combined with a logon service like NoCatAuth, where you effectively kill all routing unless they authenticate.
For Joe Schmoe WEP suffices.
Ponder how you might feel if you were a Regular Joe using your WiFi equipment. You read the confusing literature and try your best to secure your WiFi network. But you're not exactly sure if you go it right. Now you find out that there are people out there lurking around in your neighborhood whose sole purpose is to look for unsecure networks and... and you don't know what, but you're not exactly excited to find out what these wardrivers are going to do once they've gained access.
Will they gain access to your network? Maybe, mabye not. But it makes you nervous because unlike most Slashdot readers, technology is not your life. You're just doing your best with the stuff you bought at the local ComputerShack.
In many ways it is like using Windows. You try your best to secure it against malware and spam, yet the stuff still gets in. You've read the manuals and you do your best, but this stuff that was supposed to be easy is not only a pain in the ass, it now can potentially screw with your life.
The worst part is that the Internet is now so tightly intertwined with most people's lives that to do without it is a major inconvenience. True, nobody is forcing you to use WiFi, but you want convenience, and you don't want to be victimized by people who for all you know could have serious malicious intent. You don't know who these wardrivers are, but you do know that they drive around snooping for open networks. Now tell me honestly, if someone were driving around your neighborhood snooping for open telephone lines, and you had no idea whether your telephone line was secure or not, wouldn't be a bit nervous?
Bashing on regular computer users perpetuates the stereotype that technically-savvy computer geeks are elitist snobs who take every opportunity to trumpet their intellectual superiority while taking advantage of the less technically-inclined.
Read the EFF's Fair Use FAQ
Actually you can inject ARP packets very easily into WEP'd networks and get lots and lots of packets as a result. WEP is useless. Try 802.1x or at least WPA.
My other car is first.
There are two sides to every coin. My WAP is open. Intentionally. All I have to say is: please don't make it illegal for other people to use it.
Random and weird software I've written.
WEP is better then not having anything at all tho. if you have WEP, that means someone will have to use effort to get into it, and instead, they can just go two houses down to find someone else with WiFi that doesnt have any security enabled. (and the majority of the time, the router itself isnt even password protected either)
I had a neighbor who I cut his wifi because he was so freakin' paranoid about someone warjamming his connection from the sidewalk. Anyway, this guy is gone, hasn't been able to get a job etc etc... thus, had to vacate his loft. sorry to see a guy with 15 years admin experience... but there's a limit to how much good intentioned paranoia can be tolerated in a corporate atmosphere. So while he was in a sense right... he was flat out wrong. And it cost him his livelyhood.
... say a year or two from now. But his appproach seemed to me to be a major "WTF", even with WEP and MacAddressed access combined, all they could do is warjam. So who gives a rats ass. The spammers as always will be looking for easy targets. Who'd want to collect a gig of data from some dude in downtown SF to hack his wifi AND manage to clone a mac address? I mean he had a lesser DSL connection than me!!! Sure more machines, but still.. every admin should be paranoid, but not too paranoid to be able to live with reality.
I hung out with him frequently because me and him got along. When he aboned his wifi and went back to ethernet. I asled him what that was about. He mentioned that he was unable to "absolutely secure his wifi network". My rhetoric to him was "Why the %^&** would someone want to sit out on the sidewalk and warjam your wifi? I mean.. what do you matter and why would anyone give a %^&%?". His answer? "The spammers man... they're everywhere and will take whatever they can get. And I run windows here as well as Red Hat". Right answer but wrong again. Sure, we'll be seeing that in says to come, wardriving for network access to attack and then spam
If I am home and using my wireless access point which I leave open because I like to share, and I am roaming around my house, go in my kitchen and my computer automatically switched networks to my neighbors, how am I at fault? If they didn't want someone using it, they should have secured it. Ignorance on their part doesn't make it illegal on my part. If they are blasting the radio and I can roam around my house sometimes hearing my radio and sometimes theirs, it doesn't make it illegal for me to listen to it.
> In all cases, including "wardriving", there is no > legitimate reason to collect the information or
> listen in. It's none of your goddamn business.
I operate a bunch of 802.11b 2.4ghz access points in my area ( somewhere in the order of 6 ), a couple of connections commercially but mostly for employees / acquaintances of our company with an assortment of antennas and gear.
We also operate a fair bit of Trango gear in the 5.3Ghz and 5.8Ghz spectrums, the fundamentals are the same.
Scoping out who is running networks and where they are pointing and roughly what EIRP they run is absolutely essential to ensure that I don't stomp on other peoples networks and that I run my own networks in channels that receive the least interferance.
I am completely uninterested in the data that crosses other peoples networks, and I am not defending people who are into snooping the _traffic_. But from a RF point of view, this is absolutely my business, as this is the only way that you can be a 'good citizen' in unlicenced spectrum.
I am a lawyer and this constitutes legal advice and I shall indemnify you against any losses arising from taking it.
You should be able to setup your network so that your MAC's get full priority, all others can use your leftover bandwidth. NoCatAuth should be able to hand this. Throw in a firewall and a wondershaper so their downloads don't crush your ACK's and you have something that makes everybody happy, except maybe your provider.
Consumer WAP's should operate in this mode by default with a nice wizard to help people set it up securely and easily. Cringely would probably argue you should get a penny per megabyte they transfer.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Not just non-geeks! I can't tell you how many times I've enabled WEP on a Linksys router, only to have all hell break loose, and nothing works any more. AP's drop off, clients can't connect. Sometimes a firmware upgrade helps, sometimes it only makes it worse.
If these are the problems I, as an IT professional, am having, I only cringe to think of what that non-geek is going through.
seriouslyexcited.net