Wireless Routers

[scribble]

I run WEP encryption and MAC allowances, and it isn't that difficult to set up. The pass keys are 10 characters long, or you can set up WPA access that uses a passkey you create. If you have rugrats with Nintendo DS's, then you'll be running the WEP protocol, since DS supports it.

I think most of us don't have to worry beyond WEP, but it's important for you to realize, these days, WEP is only a "keep out" sign. And if someone in your neighborhood needs an access point, and everyone else is WAP, your WEP is going to be his first choice.

You can crack an average WEP network in minutes. It's fun and educational; I suggest to everyone that you try it. Here's some places to start:

http://www.tomsnetworking.com/Sections-article118.php

Personally, I use a Linksys WRT54G, on which I have installed OpenWrt ( http://openwrt.org ) and for the technically inclined, it's the single coolest piece of hardware you can buy for under $100, bar none. If you have experience with iptables in linux, you *must* own one.

 

[scribble]

Best if you can set the MAC numbers that are permitted and stop the router broadcasting the network ID. That way it would take a serious hacker to get onto your system. It's more casual abusers of a totally open system we need to protect against, or the kids next door stealing our porn.

NetStumbler or Kismet means the kids next door can easily see your hidden ESSID, crack your WEP key, and access your WiFi. No experience necessary. Setting a MAC address is trivial. It's next to impossible to trust a mac address on WiFi - at least ona wired LAN you can hope the spoofer will be on another port on a switch or similar so you can detect the fakery. With WiFi validating on a mac is truly pointless.

 

[Trifikas]

It can get worse, too.

I was working on my Sister's network, and were picking up several wireless clouds with the same name as the router manufacturer. I renamed hers to be able to find it, but couldn't figure out why one computer connected and another of hers didn't.

So after a few tries, unplugged the power from her router...and still picked up the renamed wireless network...



You do have to be careful though. If they're that lax about security you may not WANT to put your computer onto their network.

Trif

 

[tkingdoll]

tk- I think you're fine unless you have a reason to suspect someone is out to get you- like you happen to have the serial numbers of £50 million in used fivers on your hard drive.

How did you know?

I should be OK then. I was hoping to abuse the range by allowing my sister in the apartment downstairs to use my connection, but it's a bit to far away, sadly.

 

[blutoski]

I sold internet connections for a telco for several years, and we had a home networking package that we preferred to set up (WEP) with our own field technicians to eliminate wardriving.

The biggest risk I'm aware of is that when a user links into a stranger's wireless internet connection, his computers are exposed, and his traffic is going through somebody else's router. If you have file sharing on, they can snoop your files. Even if file sharing is off, if you don't transmit webpages or email via ssh, they can packet-sniff and read your activity.

We have had cases where the routers were intentionally left open as a trap for criminals who sift packet logs for sensitive information.

This is absolutely becoming a bigger problem. Just in my own local range, I have sixteen home networks visible, ten of which are open.

 

[Chris Haynes]

....
Best if you can set the MAC numbers that are permitted and stop the router broadcasting the network ID. That way it would take a serious hacker to get onto your system. It's more casual abusers of a totally open system we need to protect against, or the kids next door stealing our porn.

We've just enabled the MAC number allowed system this weekend (along with the other protections). One child was spending too much time (like until 3 and 4 in the morning) playing World of Warcraft. After being told twice to turn it off and go to bed, his laptop was not allowed on the network for all of Sunday.

So it also works for the kids who live with us.

 

[kevin]

Using someone else's router isn't strictly illegal in the US. If you're ISP charges by the byte and extra for overages than it probably is. In the US most customers pay a flat per month rate for a particular speed but unlimited bytes.

It is frequently against an ISP's terms of service to share your wireless router with others.

My ISP on the other hand will help you bill neighbors for usage, so you can get a T1 and connect everyone wirelessly and they'll help you split the bill.

If you don't want split the bill but just be nice and share your connection, my ISP is all for that too -- perfectly ok in their terms of service. This is what I do. I have 2 wireless routers, one locked down for me, one open to the world. I let my neighbors know they can use it by setting the SSID to freewireless

 

[Dark Jaguar]

It's just that I don't see my next door neighbors as malicious hackers.

Further, anything beyond WEP, which is apparently about as secure as chewing gum, is just going to get in the way. I use my router to make things easier, so I don't need to string wires all over the house (which would be the most secure method of all). If I'm not able to use a lot of things just because they don't support WEP, then forget about it. I have a firewall blocking access from the wifi router to my wired router anyway, that should be sufficient.

 

[Soapy Sam]

They (your neighbours) probably are not. I have read a couple of magazine items about people driving around with a laptop , deliberately seeking unsecured networks and logging on , then using the networked pcs as forwarding routes for spam. All anecdotal.
How common this is was clearly unknown. I would think in most domestic neighbourhoods a man sitting in a car with a laptop would be noticed. Maybe not in a van though.

Still, I think from the info in this thread the main risk is the simple embarrassment of neighbours accidentally finding each others' networks and being able to access personal data. I think WEP and MAC restriction should be adequate to prevent that sort of problem. Serious hackers are another issue .

My main PC is linked to the router by ethernet cable anyway, having no wifi card. The data files are not shared to the network. I imagine that will be a pretty common setup.

 

[JOKER]

They (your neighbours) probably are not. I have read a couple of magazine items about people driving around with a laptop , deliberately seeking unsecured networks and logging on

I know DEFCON has war driving contests that cover all of the Las Vegas Area. Although it is from 2003, this link shows plenty of open AP's in Vegas and that's not even within neighborhoods, just using major arterial streets: http://www.worldwidewardrive.org/dc11drive/wardrive.html

How common this is was clearly unknown. I would think in most domestic neighbourhoods a man sitting in a car with a laptop would be noticed. Maybe not in a van though.

Very true, but with a powerful antenna, you can pickup plenty. Not saying a powerful antenna would pickup a weak AP signal, but I can pickup 6 AP's from my laptop, 3 unsecured. I am using WPA2 and labeled my AP the same as the Las Vegas Metropolitan Police. Some neighbors told me they found my AP and stayed away from it, but labeling it as such makes it a curious target to the local hackers. Now if they could only hack WPA2. I'm hoping not.


Just FYI, a team in 2005 went 125 miles with a 802.11B connection using a $30 PCMCIA card.....and plenty of other stuff too: http://www.unwiredadventures.com/unwire/2005/12/defcon_wifi_sho.html

 

[Tirdun]

Actually, the DS is aimed at adult gamers.
Rugrats indeed (mutter mutter)
Why else would I have gone wireless?
*goes and cuddles her DS*

Ah, now. No offense intended. MY personal set of rugrats and their friends have DSes, so my network allows (within certain timeframes) those DSes to connect to the world. I was running a different encryption prior to their informing me of its WiFi to the world capabilities.

 

[Dark Jaguar]

Just so you know, actually I don't bother with a chain on my door either. It's a pretty safe neighborhood, and someone parking in the street is not just frowned upon, tow trucks are called (our two lane street is still usable as a two lane street, unlike some neighborhoods).

I will say this. Someone with a wifi connection simply won't see any of my shared files. They will have to connect directly with a wire to be able to see any of the shares. It's a weakness really, as it prevents wireless printing, but it's not a big deal to me because while I want free net access for all who enter the door with no fuss, I don't want to let them print anything or access my wired computers.

To point, my security standards may be unbelievably low, but they do exist. Hence, I keep a firewall open, and though that has had some annoying problems, once I finally discovered the wonders of UPNP (the features of which I had always thought to myself "someone should do that", but never bothered looking into to see if someone DID do that until recently) those problems are solved.

Further, while I have an open gate policy, I am VERY strict about what I install on my computer. I do not worry about computer viruses... virii, viriati... whatever the plural of that is, because I have a good antivirus program and always download OS security updates, but also due to my standards. I never download something I see no real use for, for example a 6 gig program to sort my image files based on personal tastes, or a weathertracking program. I simply don't have any applications running in the background unless I am currently USING said application, save for the antivirus program.