Neighborhood WiFi Security

picaro writes to tell us the New York Times has an interesting piece about the abundance of open wireless connections available due to the lack of the average user's knowledge. The article also takes a look at how the prevalent attitude is that tapping in to these connections does not equate to stealing and why still other may disagree. From the article: "Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture."

RTFM

[xgadflyx]

Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access.

That would be the category I fall under. I think everyone should follow the sharing principle, lock your box, and open the AP. No matter what deviant may come around and use your access, you can always prove it wasn't you. Now it may be a hassle and even cost a bit of cash..., which we all know sucks, but I've been sharing my wifi for nearly 3 years now and have had no problems. Plus, I've always appreciated the neighborhood open-ness eg. when cable modem users go down and the DSL subscribers are still kicking it, just hop right over and keep on keeping on.

"I'm sticking it to the man," said Elaine Ball, an Internet subscriber who lives in Chicago.

"Whoa sweetheart, slow down. We're just talking about sharing internet connections, nothing more" -me, an internet subscriber who lives in Columbus First post?

Re:RTFM

[Steinfiend]

I'm sure I'm supposed to be more public spirited than this, but I can't really bring myself to open up my WiFi to other people. I don't think its the money aspect really, 40 bucks a month isn't so much as it would break me. However, I need my Internet connection to be available when I need to use it. I work from home quite regularly and have to either SSH or RDP into work, or sometimes even the reverse, SSH back home from work. If some wonderful neighbor of mine has picked that exact moment to download the latest IT Crowd episode (great show by the way!), then my ability to do the job for which I am paid would suffer.

If I could be sure everyone would only use it for browsing, email, IM and the odd bit of downloading then I'd be for it, other than that, I would rather not risk it.

As for being able to prove it wasn't you, should someone hop on and do some dastardly deed, I'd be interested to know how. Has anyone tested that theory? I'd hate to be the first person to go to court, try and prove it wasn't me, and find out the court wasn't having any of it!

Take a bike, leave a bike

[BadAnalogyGuy]

Some cities have implemented systems where you can borrow one of the public bicycles that are painted with an ugly colorscheme and use it to go where you need to go. Someone can then, in turn, borrow that bike from you after you've parked it. It's an interesting system because the bikes are just community property and everyone has the right to ride them.

Re:Take a bike, leave a bike

[ihuntrocks]

When you have potential for community property, there will always be the potential for individuals to abuse this, and some will. I'm not quite sure if I feel that tapping into nearby unprotected WiFi is actually immoral or even "stealing" in this case. The average user does not come close to using their full bandwidth potential. These same average users, however, are then paying for things they are not using, and those tapping in are merely using the excess in most cases that will never be missed. Above average users would probably secure their networks in the first place :-) On another note, sharing WiFi access promotes information sharing (which is neither positive nor negative, it is all in how the individual uses it). Feedom of information and ideas, rather than the cloistering and supression of the same is what brought us out of the dark ages. I think that viable community driven and supported publicly accessable WiFi would be a great help to our culture. Information shouldn't be horded an doled out to only those who can afford it, it's not a luxury. Just my two cents.

Re:Take a bike, leave a bike

Yes, they did it in Cambridge (UK). The city bought and put out dozens of bikes. One week later every single one had been stolen. The scheme folded.

Sharing schemes never work without close policing. Most people are honest, but too many are not.

Re:Take a bike, leave a bike

[ryanov]

Japan does that for umbrellas in many train stations.

Re:Take a bike, leave a bike

[Hal_Porter]

Well, I can tell you an interesting story about Japan. My Dad worked got invited to do some research there a few years back. One of his colleagues brought a expensive looking laptop to work each day, in a battered satchel. Once someone asked him a question that needed internet access to answer, and he looked around for the laptop and realised he'd left it somewhere. He didn't seem to panic at all, and went asked at the railway station when he got out of work at the usual time. The laptop was there. No one seemed at all suprised that neither the guy that found it, nor the railway workers had been tempted to steal it.

So Japan is, or maybe was different. But I'd think that the bike thing would work there still. Hell lots of European cities manage it, and I'd guess small towns could manage it as well. But in a big US/UK city, this sort of scheme is doomed.

I have WiFi access!

[Opportunist]

My neighbour bought an access point!

Old joke, I know. But so true. And why? Because without fault, ALL APs are configured to accept any and all connections by default. And why? Because otherwise, clueless people would swarm the manufacturer's call center asking how to connect.

When it's configured in nymphomaniac mode (i.e. do it with everyone you can get), people can connect, they're happy and won't even bother thinking about securing their 'net. At least until the feds knock at their door, asking a few dumb questions about movies and pron.

But that's no problem either, because in our legislative, being clueless on the net is appearantly an excuse for committing any crime. You participated in a DDoS because your computer contains more malware than other programs? No worries, you didn't know, you're not to blame. Your connection was used to run an illegal server? No worries, it wasn't your fault, your computer was abused as a server.

Usually not knowing it's a crime is no get outta jail card. When it comes to the 'net, it is. Maybe 'cause legislators and judges are predominantly clueless in respect to the net as well.

Hey, self interest!

But as long as it's an excuse to shrug your shoulders and claim you didn't know what you're doing, people won't get wiser.

Re:I have WiFi access!

[Tim+C]

Usually not knowing it's a crime is no get outta jail card.

Usually not knowing that what you are doing is not a crime is no defence, true. Generally though, not knowing that you're not doing something is, unless the prosecution can prove negligence.

Until and unless there's a crime of failing to take reasonable steps to secure a PC or similar, people are going to "get away" with it.

Note that if you claim that it wasn't you, it was someone else using your connection without your knowledge, but the prosecution can demonstrate that actually it most likely was you and that you left your connection unsecured in order to provide yourself with that excuse, you'll likely not be believed.

Re:I have WiFi access!

[grand_it]

Because without fault, ALL APs are configured to accept any and all connections by default.

I've tested and reviewed about 20 APs and wireless routers in the last two years. I've found only one that had WPA ebabled by default: Netgear's WGU624.

Re:I have WiFi access!

[Professor_UNIX]

Because without fault, ALL APs are configured to accept any and all connections by default.

I have just the opposite experience. Ameritech.. err SBC.. err AT&T offers DSL in my area and sold a very popular line of 2Wire wireless routers for home networking as part of their install and I can find at least 12 of these around my neighborhood and they're all locked down with a semi-unique SSID (usually 2Wire_???) and the WEP or WPA key is a number written on the underside of the router. So, by default, these come with encryption enabled. Not that I was up to anything nefarious, I just got one of those 802.11b sniffing handheld gadgets for Christmas and I was driving around wondering how many people around me had computers and wireless. Turns out the only open place was a coffee shop down the street.

Bandwidth-based pricing would stop this, and other

[putko]

If you had to pay for bandwidth based on how much you used, people wouldn't do share. Also, telco companies wouldn't be floating the concept of charging more for various services (e.g. VOIP, or VOD).

Does anyone know why it is that companies don't just charge for bandwidth, the way they do with a colo? Is it really so complicated?

That would be nice to for mom-and-pop -- they wouldn't have big fixed-fees due to heavy users like myself.

Trajedy of the Commons

[Bad+to+the+Ben]

I've often thought about openning my AP, but I just know that after a week or two some jerk is going to use my DSL connection as his own personal torrent link. If I was using someone's DSL connection I'd limit myself to just normal browsing and light email. Those morons ruin it for everyone else.

With regard to securing access points, I've thought of a better way of setting things up properly (someone may already have thought of it). You plug your computer in to the AP for the first time via an Ethernet cable. You go into the settings, and click an option to setup the AP. The AP creates a secure WPA key using random characters. It then spits out a small script for you to download. You execute the script as Administrator or root, and it automatically configures your OS for the AP, with the right key and everything. After this you can use the AP wirelessly.

There would be some problems though, mostly checking the OS type and having to write scripts for Windows, OS X and Linux. But I reckon it could be done.

Re:Trajedy of the Commons

[bogd]

Linksys has had this for quite a while now - they call it "SES" (Secure Easy Setup). Details here or here .

What does your ISP have to say ?

[rednuhter]

Just out of interest what does your contract with your ISP have to say about sharing your connection ?
In the UK all the ISPs I have ever dealt with have stipulated no sharing, not even a home network with two plus computers.
Not something I keep to mind, but worth bearing in mind if things ever do get nasty.

Wardriving not for the 'geek' anymore

[brohan]

This article reminds me of what happened to me last weekend.

I was on my way to Toronto, stopped in a Tim Horton's, and because I was working on something rather important and there was a heavy wind/snowstorm going on I whipped out my laptop. I couple sitting at the table over from me wanted to check their email, but was unsure of how I was getting internet. I explained that I was getting internet from some generous local person, they tried to get wireless working, though their laptop's card wasn't powerful enough. So I gave them Netstumbeler and taught them how to use it. I'll bet they're going to be wardriving alot more now ;P

The thing was, these guys had an open mind about security, they didn't mind trotting into other people's wireless network any more than I did. It is because of the generosity of the people who left the access points open.

I leave mine open on a another network, just on principle. I limit the bandwidth to un-filtered addresses, just due to the generosity I've received in connecting to others.

Re:Wardriving not for the 'geek' anymore

[drewzhrodague]

This is true. Even my mom is using Netstumbler when she visits places. Of course, I got her to also use my pet project to find places to get connected.

Wi-Fi is now a part of most of our daily lives. Some folks have their peeves, convictions, and styles, which give shape to a localized wireless space. In densely populated areas, if one of your neighbors has their AP encrypted, there will be at least 2 APs which are completely unconfigured, and two APs that are obviously configured for use by whomever (with an SSID of "free" or something).

The Internet wants to be everywhere, and the information wants to flow. The {spice|oil|net} must flow.

Wi-Fi Honeypots?

[ROOK*CA]

I wonder when/if we're going to start seeing stories about people setting up open WAP's as honeypots? In other words, set up an open AP, for the sole purpose of comprimising hapless piggybackers that connect to it with relatively unsecured machines -- I think it would be hilarious and a nice little piece of payback for those folks that thinks it's okay to piggyback off resources that someone else if paying for (with a little publicity might make people think twice about piggybacking).

Of course if you're too clueless (or too lazy) to take any steps to secure your wireless network then you probably shouldn't be complaining when someone else takes it upon themselves to utilize the resources that you've basically left laying around in public, I mean it's akin to putting a wad of money out on the sidewalk in front of your house and expecting it to be there next week.

Securing your WAP isn't any great task, the OEM's producing these devices for home/small business networks have made it very easy to do, have for the most part documented it well and there are a plethora of resources on-line to supplement the OEM documentation. No excuse not to do it, unless of course you really don't care that any Tom, Dick or Harry can connect to your home LAN and basically do whatever they want with that connection, including poking around on every machine you have connected to it as well utilize your Internet connection for whatever they feel like doing with it.

Re:Wi-Fi Honeypots?

[Sam+Nitzberg]

My experiences (and links to a few of my papers)... I realized that (while reconfiguring and dropping my crypto) that a neighbor came onto my wireless network. The obvious thing to do would have been to shup him out, and secure the network. Since I maintain data on a seperate drive (with its own power supply), I cut the drive out, and decided that I had a great opportunity to practice with my security tools. I did a paper on what I found (was published in 2600: The Hacker Quarterly): http://iamsam.com/papers/Tracking_Wireless_Neighbo rs.htm What's interesting is that if someone connects to your wireless access point, they can also put themselves at risk. Their network shares or shared drives can be exposed, their VPN or other simultaneous network connections may potentially be traversed by you, etc... So, this isn't truly a one-way-street I also did an earlier article on what I saw with my wireless PDA walking through Times Square. http://iamsam.com/papers/Warwalking_in_Times_Squar e.htm My other papers (http: // www . i am sam . com) (Remove Spaces) Sam Sam Nitzberg sam @ i am sam . com (remove spaces to e-mail)

Tor

[quokkapox]

If you're going to offer a free wifi access point then please also run a Tor exit node.

Using open APs to route the whole network

[HawkingMattress]

I have two routers, both running openwrt.

One is connected to my cable modem, and is linked to the second one through a vlan. The second one's wifi card is in client mode, and connects itself to the AP of a little shop under my flat, using it as its default gateway. Add a little script on the first one which will change the routing tables to use the second router as gateway if my cable provider's gateway is unaccessible, and there you have it: totally transparent, free redundant connection for the whole network. Even the machines without wifi since their gateway is still the first router...
I'm going to shape the traffic on the second one to limit p2p use on that connection since the purpose is not to suck their bandwith to death though...

Upgrade your firmware!

[abscissa]

I just found, during a firmware upgrade for my Linksys Wireless G VPN Router, that there is a new feature built in which allows you to configure your access point to use a paid, third party service through "Boingo" (dunno what that is, don't want to spend the 2 seconds it will take to find out) to charge for your access.

Yes, folks, the Linksys router you bought can now be configured with one of those "Welcome" screens just like at McDonald's, so you can welcome your neighbours to your wireless access point and start charging them by the hour to pay your monthly broadband bills!

Upgrade your firmware today and start making $$$ from your home!

Oh Yeah...

[Greyfox]

My access point is completely open, but it won't take you anywhere unless you establish a VPN connection to my server and get routed out that way. I suppose it must be very disappointing to my neighbors to find what looks like a juicy open access point, only to discover that there's no internet connected to it...

I don't do it to torment my neighbors though, I just happen to trust the swan guys a whole lot more than the WEP guys to design a network encryption setup that doesn't suck.

People don't understand yet

[CrazyWingman]

I don't open my AP, and here's why: People still don't understand enough about how their computers and the networks that connect them work to be trusted in my environment. Having recently left college, I was around when my fraternity put in wired ethernet and later wireless APs. We told everyone when we put everything in, "We all share this $N k/sec. line. Do not hog bandwidth. Limit your downloads. This network is intended to allow brothers to do schoolwork in-house, rather than haul to campus." I must say that all of my fraternity brothers were pretty level-headed. None of them would have actively screwed over another brother. But, invariably, once a week or more the net would stop dead because one of them had Kazaa up, downloading seven seasons of anime and leaving their uploads unlimited. They weren't trying to be jerks, they just didn't understand how the network worked and how much bandwidth they were using.

So, I keep my AP closed. If I knew that my neighbors were knowledgeable, I'd open it to them. I open the network to anyone who visits me in my home - where I can click them off if they do something stupid. Unknowns - never on my network.

And thank god there are open AP's

[Colourspace]

When I moved into my new place over new year I was told at the last minute by my ISP (who I had primed three weeks before about the move) that I would have to wait a further three weeks.. Now I work from home so this left me with a bit of a problem. Fortunately there were several people with completely unsecured connections, who saved my piggybackin' bacon in those three weeks. Now, I would have like to go and asked their permission, but its difficult to tell in such a densely populated area who the owner would be.. They were weak signals too so could've been anywhere in a wide radius. Perhaps the next generation of WiFi access protocols could allow you to add a name and address tag of sorts.. But maybe someone would present the downside of this to me? I can't think of one right now, but I'm sure there is something..

Re:I love open wifi..

[bill_mcgonigle]

One was titled 'McDonald's' and the other was titled 'BetterThanMcDonald's.' I used the latter. I love when people do that..

Anybody working on an 802.11 tipping extension? I've seen this situation before and I'd love to have paypal'ed the guy a buck for bailing me out of a sticky situation.