Neighborhood WiFi Security

picaro writes to tell us the New York Times has an interesting piece about the abundance of open wireless connections available due to the lack of the average user's knowledge. The article also takes a look at how the prevalent attitude is that tapping in to these connections does not equate to stealing and why still other may disagree. From the article: "Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture."

RTFM

[xgadflyx]

Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access.

That would be the category I fall under. I think everyone should follow the sharing principle, lock your box, and open the AP. No matter what deviant may come around and use your access, you can always prove it wasn't you. Now it may be a hassle and even cost a bit of cash..., which we all know sucks, but I've been sharing my wifi for nearly 3 years now and have had no problems. Plus, I've always appreciated the neighborhood open-ness eg. when cable modem users go down and the DSL subscribers are still kicking it, just hop right over and keep on keeping on.

"I'm sticking it to the man," said Elaine Ball, an Internet subscriber who lives in Chicago.

"Whoa sweetheart, slow down. We're just talking about sharing internet connections, nothing more" -me, an internet subscriber who lives in Columbus First post?

Re:RTFM

[jonv]

The problem with securing your machines and opening the AP is that certain ISP services (mainly SMTP servers for outgoing mail) don't require any authentication as the ISP assumes that who ever has physical access to the connection is the authorized user. Someone 'sharing' the connection could be using it to borrow the ISP SMTP server for sending out spam or other unwelcome email.
Of course this can be resolved by putting the access point on the right side of well configured firewall, just pointing out there is more to consider than just securing your machine.

Re:RTFM

[KiloByte]

Traffic shaping will do the trick just fine.

Have two HTB branches: one for yourself, one for good-neighbour sharing. You can set it up so the latter will be starved or almost-starved whenever you need the bandwidth. And then you can fine-tune the branches to care about TOS, etc.

Besides, traffic shaping is mandatory anyway if you want to even think about using ssh while you're downloading something.

Take a bike, leave a bike

[BadAnalogyGuy]

Some cities have implemented systems where you can borrow one of the public bicycles that are painted with an ugly colorscheme and use it to go where you need to go. Someone can then, in turn, borrow that bike from you after you've parked it. It's an interesting system because the bikes are just community property and everyone has the right to ride them.

New occurences in American culture...

[necro2607]

Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture.

Yeah, like computer users getting sued by the RIAA when they have never used any P2P software on their machine, for example...

I have WiFi access!

[Opportunist]

My neighbour bought an access point!

Old joke, I know. But so true. And why? Because without fault, ALL APs are configured to accept any and all connections by default. And why? Because otherwise, clueless people would swarm the manufacturer's call center asking how to connect.

When it's configured in nymphomaniac mode (i.e. do it with everyone you can get), people can connect, they're happy and won't even bother thinking about securing their 'net. At least until the feds knock at their door, asking a few dumb questions about movies and pron.

But that's no problem either, because in our legislative, being clueless on the net is appearantly an excuse for committing any crime. You participated in a DDoS because your computer contains more malware than other programs? No worries, you didn't know, you're not to blame. Your connection was used to run an illegal server? No worries, it wasn't your fault, your computer was abused as a server.

Usually not knowing it's a crime is no get outta jail card. When it comes to the 'net, it is. Maybe 'cause legislators and judges are predominantly clueless in respect to the net as well.

Hey, self interest!

But as long as it's an excuse to shrug your shoulders and claim you didn't know what you're doing, people won't get wiser.

Re:I have WiFi access!

[Tim+C]

Usually not knowing it's a crime is no get outta jail card.

Usually not knowing that what you are doing is not a crime is no defence, true. Generally though, not knowing that you're not doing something is, unless the prosecution can prove negligence.

Until and unless there's a crime of failing to take reasonable steps to secure a PC or similar, people are going to "get away" with it.

Note that if you claim that it wasn't you, it was someone else using your connection without your knowledge, but the prosecution can demonstrate that actually it most likely was you and that you left your connection unsecured in order to provide yourself with that excuse, you'll likely not be believed.

*gasp*

[scenestar]

As they do, new sets of Internet behaviors are creeping into America's popular culture.

you mean "SHARING" something?

Semi-related story

[necro2607]

In a semi-related story... I was at a friend's place last week and I wanted to transfer to him some audio-recordings of my band's recent practice. I asked him, "Do you have a wireless network or anything set up here?" ... He said how he didn't want to "get into that wireless stuff" because there are apparently so many people who would hack into his wifi network or whatever. That, and there are people who drive around in vans with gear to hijack peoples' wireless networks.

During the minute or so that he was going on about this stuff, I found about 3 open wireless networks in range. I connected to one of them, logged into MSN Messenger and laughed as he saw a little notification pop up on his PC screen that indicated that I had just come online.

I love open wifi..

[brxndxn]

I was sitting at a McDonald's with my laptop during a road trip. There were two wifi networks available. One was titled 'McDonald's' and the other was titled 'BetterThanMcDonald's.' I used the latter. I love when people do that..

Trajedy of the Commons

[Bad+to+the+Ben]

I've often thought about openning my AP, but I just know that after a week or two some jerk is going to use my DSL connection as his own personal torrent link. If I was using someone's DSL connection I'd limit myself to just normal browsing and light email. Those morons ruin it for everyone else.

With regard to securing access points, I've thought of a better way of setting things up properly (someone may already have thought of it). You plug your computer in to the AP for the first time via an Ethernet cable. You go into the settings, and click an option to setup the AP. The AP creates a secure WPA key using random characters. It then spits out a small script for you to download. You execute the script as Administrator or root, and it automatically configures your OS for the AP, with the right key and everything. After this you can use the AP wirelessly.

There would be some problems though, mostly checking the OS type and having to write scripts for Windows, OS X and Linux. But I reckon it could be done.

Bizarre attitudes

[caffeination]

I got into this article without signing up yesterday. Can't today, so I'm quoting from memory.

...I thought "Oh my God! People could be using my connection too!".
Six months later, however, $Person still hasn't secured her wireless network.

My parents were the same. I took my laptop into the garden, showed them that I could get onto their connection from at least 50m from the house, then I connected to the neighbours' connections and changed their essids to demonstrate how easy such things are. Then I opened ethereal and demonstrated to them how easy it was to read peoples' internet traffic.

All I got was "That shouldn't be allowed".

Under my own initiative, I then put a fairly long encryption key on their network and password protected the router config. I know it's weak security, but it's better than none at all.

That is how much people care about security. I explained to my uncle the other day about how spyware can log your key presses and report them back to a server. He was shocked and outraged, for about 1 second. Once his computer was clean enough to be usable, he was satisfied (this is a home & business computer, used for EBAY).

Nobody gives a shit about anything to do with computers. It seems that the current parent generation was lead to believe that technology would make life easier and do all the work for them, when the reality is that it's actually replaced much of the work. God knows what long term effects this will have on computing.

Bandwidth shaping with Linux

[necro2607]

Actually, it is 100% possible for you to set up traffic bandwidth shaping so that any particular IP is only allowed a certain amount of bandwidth, for example.

Use a UNIX-like machine as a router/firewall for your network, and you suddenly have amazingly detailed networking possibilities within your reach. I strongly suggest reading the Linux Network Administrator's Guide. Even though it's getting a little outdated it has some downright cool-ass information within.

Of course, few users are technically adept enough to actually set up a router like this, but I'm sure it has been used a lot for people who want to keep their wifi access "open", but safely limited.

On a related note there are pre-built linux firewall packages out there which will surprisingly easily allow you to do what I was just talking about.

Also, here is the Linux Advanced Routing & Traffic Control HOWTO ... It's a bit technical but a useful resource nonetheless.

Wi-Fi Honeypots?

[ROOK*CA]

I wonder when/if we're going to start seeing stories about people setting up open WAP's as honeypots? In other words, set up an open AP, for the sole purpose of comprimising hapless piggybackers that connect to it with relatively unsecured machines -- I think it would be hilarious and a nice little piece of payback for those folks that thinks it's okay to piggyback off resources that someone else if paying for (with a little publicity might make people think twice about piggybacking).

Of course if you're too clueless (or too lazy) to take any steps to secure your wireless network then you probably shouldn't be complaining when someone else takes it upon themselves to utilize the resources that you've basically left laying around in public, I mean it's akin to putting a wad of money out on the sidewalk in front of your house and expecting it to be there next week.

Securing your WAP isn't any great task, the OEM's producing these devices for home/small business networks have made it very easy to do, have for the most part documented it well and there are a plethora of resources on-line to supplement the OEM documentation. No excuse not to do it, unless of course you really don't care that any Tom, Dick or Harry can connect to your home LAN and basically do whatever they want with that connection, including poking around on every machine you have connected to it as well utilize your Internet connection for whatever they feel like doing with it.

Open Wireless connections? No way!

[MaxPowerDJ]

I have read about other people's posts abot leaving your access point open and sharing the connection. Around here (Puerto Rico), people would just mess your resources up. I have a 1024 Kb down/ 512Kb up cable connection that I distribute among my two computers (one for light e-mail and downloading and another that I connect through the net from work). and I personally took care of security (MAC address filtering + best encryption supported by the AP).

The things is, people have attempted to get in and disable my equipment. People can and will use the wireless connection to do mischievous things. They get no access from me.

Open access is fine if you have an agreement with your neighbohrs and/or you have a common wifi provider (many new housing development are now including wifi from the get go). Otherwise, is just asking for trouble.

Open Access Points

[TPS+Report]

That would be the category I fall under. I think everyone should follow the sharing principle, lock your box, and open the AP. No matter what deviant may come around and use your access, you can always prove it wasn't you. Now it may be a hassle and even cost a bit of cash..., which we all know sucks, but I've been sharing my wifi for nearly 3 years now and have had no problems.

At first I was thinking - whoa, you're very open minded. Then I realized you wrote wifi instead of wife. I need some coffee.

I understand what you're saying about the open access, and it's a nice thing to do - but there's no way in hell I'm going to go through the federal investigation process or even chance the possibility of going to prison, for my neighbors kiddie porn habit. Sorry. My life and the potential hassle is worth way more than him saving $39.95 on his cable bill. You're being nice, and that's applaudable, but if anything does happen - you're going to have a tough time proving it was not you.

You: but I have logs!
Them: How convenient. The accused has evidence pointing to someone else. Is it unaltered proof?
You: Of course! These are the raw server logs!
Them: Logs, from your firewall?
You: Yes!
Them: A firewall which you have administrative access to, and can change the logs at will?
You: Uh, yeah. But I didn't change them.
Them: So the logs very well could be altered. And it would be in your best interest for that to happen?
You: WTF man... I didn't do it.

Don't expect your freeloader neighbor to step up and take a federal sentence when it comes down to it, and don't put your life in a position where it depends on the justice system to "get it right". Ken Lay, OJ, and lots of others are walking around free men today..