Exploiting and Protecting 802.11b Networks

iforgotmyfirstlogon writes: "A couple of guys from Extreme Tech drove around New York, New Jersey, Boston, and Silicon Valley with a high gain antenna to see how many (secure and) unsecure wireless networks they could tap into. They used NetStumbler and Linux AirSnort to help them search. Results? They came across over 800 networks and less than 40% had any sort of security."

Networks for and by the people...

[Zergwyn]

There has been a lot of talk about people deploying many 802.11b connections privately, thus building non-corporate owned, cooperative wireless access to the net around cities and such. This might put a bit of a damper on that, but IMO it should not stop it by any means. While people might not be able to order stuff for now, there are a great many things to do that don't require security, and such nets really seem to be the ultimate expression of a free internet. If/when firmware updates become available, the access would just be that much better. It would also put more pressure on commercial interests.

Long distance 802.11b

[Hypnos7787]

The article's completely right about wireless exceeding their advertised range, i've just got home from the LBW [slashdot.org] where we had a single flat panel antenna connected to a regular base station transmitting over about 1 1/2 miles up to the campsite, to another relatively small antenna connected to a wavelan card in a laptop. Sure the link went down at the slightest hint of bad weather, and we got about 30% packet loss, but we were still getting about 500mbits. :)

Linuxworld APs

[xwred1]

There were a few APs at Linuxworld, about 11 or 12 networks when I scanned, I think only a couple had an real security.

The OSDN booth had a wide open AP that I was able to use to get net access while I was hanging around nearby.

I was checking Slashdot, almost caught a breaking story for First Post, while I was in the audience listening to CmdrTaco's Q&A session.

Hopefully, from now on there will be more and more open APs at conventions so I can get net access at random places on the floor.

(Im)practical applications of this fact

[Sagarian]

I was in a Starbucks here in Austin, TX which offers 802.11b access (for a fee). Instead of winding up on the provider's network, I was on the Safeway network (the Starbuck's is inside a Randall's / Safeway supermarket). This allowed my Win2000 laptop to browse the supermarket network, which has many shared [and unsecured] systems probably used for re-ordering / EDI, etc. The real issue is about education of network professionals about wireless security and how to implment it, whether or not they use WEP (Safeway clearly did NOT). I for one just wanted my 'net access via Starbucks and not Safeway's ultra-slow (probably frame relay) network.

Traceable?

[sdo1]

I can just imagine some poor network admin trying to figure out who the heck is using their network to surf for pr0n (and imagine the PHB trying to figure out who they need to fire).

But seriously, with wireless it seems like it would be incredibly difficult to trace the unauthorized user. Land based hacks are usually done over the internet rather than by physically connecting to their network. As a result, there's usually logs to help track down the person(s) using the network.

But this seems incredibly tough... if the cracker didn't go anywhere on the network that would give themselves away (such as logging into hotmail to check their mail), I would guess that it would damn near impossible to find out who was sneaking into the network... even if/when they were actually connected. I would guess that the wireless network might get the MAC address of the card being used to get into the network, but even that likely wouldn't get you anywhere.

Is that true, or am I missing something here?

-S

Question on home security

[wareadams]

With all the stories on how bad WEP is and how most 802.11 networks aren't secured, I haven't found an answer to this question about securing a home 802.11 network (I'm not claiming to be an expert on this, so maybe this is a simple question).

I'm assuming most home users don't have the equipment/skills to set up the access point outside of a firewall and use VPN/SSH. Given that, how risky is the following:

1) Consumer base station (Airport)
2) WEP password enabled
3) Access restricted to specific MAC addresses (not possible w/Apple's configurator, but doable with the 3rd party Java version)
4) Airport plugged into home LAN, no other machines running any servers or file sharing (none are Windows boxes, 2 OS X, 2 OS 9.2)

I understand all the actual 802.11 traffic is basically open. I assume if the web site I'm using has effective encryption then that data is safe, but my POP3 password could be grabbed assuming it isn't encrypted by something other than WEP.

What I'm wondering is would this setup effectively prevent someone from setting up a laptop outside my house and getting at the files on my LAN.

This seems to me a reasonable set up for a home user, but if it leaves the family Quicken file vulnerable to any kid on the block then 802.11 seems to be destined to never be mainstream. If on the other hand a home user can put at least basic security in place (e.g. they can see your web pages but they can't trash your entire drive) then it has a chance.

Thanks.

New Zealand

[Anonymous Coward]

We tried this stunt from an office window in the centre of New Zealand's largest city, Auckland. Even with only the laptop's wireless card, we were able to tap into 13 networks, and gain external internet access through 10 of these. The main security risk this poses, is that most highspeed business connections here are MB capped, and therefore, any kid with a laptop and wireless LAN card can use any local retailer's high-speed connection to download his warez, or even worse, to carry out even more highly illegal activity and it is traced back to.. the kid? No. The retailer. And this was only with a 5 inch steel aerial! Imagine what we could tap into with the kind of reciever power used in that article. Ironically, one of the internal networks we were able to enter completely anonymously, was that of a major NZ bank. Cash anyone?

Securing wireless networks with IPSec

[John Whorfin]

Ok, here it is in a nutshell. You can put an Open Source-based IPSec gateway immediatly upstream of your wireless AP... or better yet, simply put a wireless card in a Linux box... and secure your wireless with an IPSec tunnel.

This protects your network, your traffic and if the hosts are configured properly... your clients. Way better than the mess that Nasa came up with.

I am currently setting up a Linux/FreeSwan device for my employer's wireless and I have a similar OpenBSD IPSec setup at home.

I also have a floppy-based Linux "access-point" that I'm trying to integrate FreeSwan with that will offer the same thing for anyone.

Anyone interested?