In article <telecom23.513.9@telecom-digest.org>, monty@roscom.com
says:
> By Hiawatha Bray
> If you have wireless Internet access at home, your next-door neighbor
> could have it as well, without paying for it. He can just use yours.
> No problem if he's just shopping on Amazon.com or e-mailing Grandma.
> But what if he's sending spam messages or downloading kiddie porn?
> It happens, and that should surprise nobody. WiFi wireless networking
> systems can provide Internet service up to 300 feet away, with signals
> that can punch through brick walls. So anybody within range can get a
> taste of your bandwidth, and use it for any purpose, noble or
> malignant. It's up to them.
> Actually it's up to you. With a little effort, you can seal off your
> WiFi router from unwelcome guests. If you leave it unprotected, it
> could become a hangout for a variety of digital sleazebags.
> http://www.boston.com/business/technology/articles/2004/10/25/take_the_trouble_to_block_wifi_poachers/
> [TELECOM Digest Editor's Note: I have some comments and questions
> about this: On my Wi-fi card (Netgear MA-521, 32-bit cardbus) I was
> lucky for a while to get twenty feet away, in other words, my
> computer area and into the next room. But I could barely get outside
> my house, and certainly not into my parlor or my bedroom. A cheap
> piece of cardboard and tinfoil (serving as a reflector to push the
> signal around helped with that.) Now I can get my parlor/bedroom
> areas, my back porch/back yard and *most* of my front yard. I have
> noticed that when I get out to the sidewalk on the street in front
> of my house, when my signal is still there but mostly unuseable, on
> the 'site survey' tab on the MA-521 diagnostics, I see listed not
> only my base unit, but also the base unit of the guy directly across
> the street from me. I can move my mouse onto either of these locations
> (mine or his), click for connection and connect with either one.
> I assume this is how 'hackers' (i.e. spammers, kiddie-porn downloaders)
> work, am I correct? When I have clicked on his base-station (and like
> mine, he gets maybe a couple hundred feet, out into the street and
> onto the sidewalk on *my side* then his gives out also) I get a
> message on my screen saying 'to connect with this channel please enter
> the proper encryption.' I use 128-bit encryption, which I guess is
> what he uses also. Right or wrong? I have no idea what *he* uses for
> encryption and I surely have not told anyone what I use. I am not
> going to sit out on the sidewalk in front of my house, which the one
> place I can contact his station and try to hack out his encryption
> password, etc. I would not have the patience for it. But unlike him,
> I guess, I also told my base station 'do not broadcast your own name'.
> Tell me if I am correct: when I get to the one point on the sidewalk
> where I can pick him up, my 'site survey' not only lists me, but also
> lists him. I assume -- tell me if right or wrong -- if some other
> person with a WiFi card (other than *myself*) came to the same spot
> they would see his station -- 2WIRE895 -- waiting for someone to
> provide the proper encryption, but they would NOT see me. Right or
> wrong? I see myself listed, because it is me, but having it set to
> 'not broadcast your own name' keeps others from seeing me. Right or wrong?
> Now what else should I do, or can I do within reason, to stay protected?
> The house next door to me, across the alley to the west is vacant. But
> let's say tomorrow it got rented to 'hackers', spammers and kiddie-
> pornography downloaders; yes, unlikely, but still ... unlike the house
> across the street where distance separates us, the house across the alley
> from me *is* within radio range; a warm, comfortable, off-the-street,
> out of your car hiding place. Is there anything I can do other
> than 'do not broadcast your name' and 128-bit encryption for protection?
> Or is it a needless worry? PAT]
Yes. If supported by your wireless access point or router, enable
MAC authentication. Then, connections will only be accepted from
wireless adapters (such as your Netgear card) that you specify to the
router by their MAC address, which is printed directly on the card,
usually near the FCC label. Of course, the MAC address can be spoofed,
so this one isn't perfect either.
You can disable DHCP, and use a static address. Why let your router
hand out addresses to anything that asks?
The SSID (2WIRE895) may not be regularly broadcast, but it can still be
found in sniffed packets. By disabling SSID broadcast, you are hiding
from casual users, but a more determined individual may be lured by the
presence of the signal; finding no SSID, he migt just start sniffing,
wondering what you're hiding.
Encryption (either 40- or 128-bit) is simply used to prevent
eavesdropping. The appropriate key is required (26 hex digits for
a 128-bit key). Unfortunately, the WEP encryption used with 802.11b
(11 mb/s) wireless has a flaw that permits the key to be derived
simply be collecting enough packets (passive receive). If the usage
is low, this might takes weeks. If the traffic is high enough, like
at a corporation or university, it might take less than an hour.
I change keys every few weeks.
--Gene
[TELECOM Digest Editor's Note: I found that my NetGear does allow
for what it calls 'access control' which means for it to answer only
to *my card*, *my MAC address*, so I turned that on also. I think
however, there is a limit to the return on my investment in making
things secure. Reason is, if anyone was parking in the alley next to
my house, I would hear them soon, and in my usual snoopy way (like
all my neighbors) peer out the window to see who was there. Sometimes
I go most of a day without having *any car at all* drive down Poplar
Street, let alone drive in our alley way and sit there for a period
of time. If anyone moved in the vacant house next door to the west,
I would find out about it same day, just as I did when the folks
moved in on the other side of the street and down one house to the
east. And I am *not* interested in improving my signal to the point
I could walk even four or five blocks away and pick it up. Blame that
perhaps on my brain aneurysm, but I get so tired of walking around
the area, so far, particularly carrying a laptop; I really don't see
anyone around the immediate (four or five block area) who would appear
to me to even know what computers are about, let alone have a radio-
transmission from one. I think WiFi is only practical if you have a
laptop anyway, is that correct? PAT]