Security Basics mailing list archives
RE: Wireless Security
From: "Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>
Date: Fri, 14 Oct 2005 23:01:36 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G. Allen, Using your analogy of someone putting their outgoing snail mail into "your" mailbox and how their return address is personal information that they've released into the public. Then couldn't a person (or their lawyer) who has had their wireless network (or even a wired network) hacked make the same claim about the information that their computer is providing to Windows explorer? I mean we all know that there is a certain amount of information that can be gleaned from a computer hooked to the network without actually opening said computer. And as I am sure as we all know now all "hackers" are bad. As we would not have a lot of the admin/security tools that we now enjoy IF it weren't for "hackers." Nor would people know about the security problems that are present in some systems/software. But sadly the media (at present) "likes" to call anyone and everyone who commits a crime with a computer a "hacker" whether they are or not. All that matters to the media is that a crime was committed and that a computer was used to commit that crime, so ergo the person who committed said crime "MUST" be a "hacker. . ." I mean using the way the media uses the term hacker the dumpster diver who compiles a database of names and CC numbers and mail order catalogs that they've ordered from is also a "hacker." Even though s/he could do the same thing with a notebook and a pen/pencil. . . Using your own analogy admin/security tools are just admin/security tools until someone uses them to gain unauthorized access to a computer that they wouldn't normally have access to. . . Correct? Herman - - - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Friday, 14 October, 2005 21:53 To: hfebelingjr () lycos com Subject: RE: Wireless Security You're going to get into the fuzzy area again here. In order to use your wireless network, the unauthorized user has to connect to your AP. To my knowledge, connecting to an AP will create an IP for that user w/ their MAC address associated to that IP. Having said that, time for a quick analogy reference: let's assume someone is, for whatever reason, putting their postal mail in your mail box for the purposes of having their mail sent out, but leaves their real return address on said piece of mail. Now using that MAC addy to ID your perp should be as legal as reading the return address someone puts on that postal mail, i.e. it is considered personal information that you knowingly disseminate to the public and at that point becomes public information. However, you're still not allowed to open that guy's postal mail, and you are still not allowed to hack into an unauthorized user's computer. To sum up, one person's illegal activities do not legitimize the commission of illegal activities by you. Cyber-retaliation would be interpreted as cyber-terrorism. And if you've been keeping up w/ the news, you know what a hot topic cyber-terrorism is. I agree w/ you Herman, it isn't fair. But it is the politics of the dominant paradigm. Oh, and as far as your question about is it hacking if you're not using any hacking tools? A command prompt is hacking tool Herman. So, for that matter, is Google. To wander off on another analogy; a hammer is just a tool so long as you're pounding nails with it. But the moment you take a swing at someone with it, it's a weapon. Hackers are not classified or defined by the tools that they use, but by the knowledge that they have and the way that they use it as perceived by the dominant paradigm. G. Allen Johnson. - - - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Friday, October 14, 2005 10:35 AM To: G. Allen Johnson; security-basics () securityfocus com Subject: RE: Wireless Security *** PGP SIGNATURE VERIFICATION *** *** Status: Bad Signature *** Alert: Signature did not verify. Message has been altered. *** Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com> (0xDB13DBD3) *** Signed: 14-Oct-05 1:11:35 PM *** Verified: 14-Oct-05 10:09:16 PM *** BEGIN PGP VERIFIED MESSAGE *** G. Allen, I'll do that thanks. It's not that I'm doubting you, it's just that it doesn't seem right that even though they were the ones who were illegally accessing someone else's network that the owner of the network can't look at their box to find out who they are. Would that also apply to just looking at what comes up in Windows Explorer under the network icon? I mean by using what that they are not "hacking" the other persons box parse, correct? I mean they're just using what is already being shown on their own box/system. And not using any "hacking" tools to do so. Herman - - - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Friday, 14 October, 2005 02:01 To: hfebelingjr () lycos com Subject: RE: Wireless Security Google using the parameters tsunami and hacker. You will get multiple hits. A couple should point you to ZD Net, among many others. The story is in fact legit. Regardless of the fact that someone is making unauthorized use of your wireless network, it is against the law to hack into that person's system. Now I would have to imagine that there is no reason you couldn't trap and analyze packets going across your wireless network, it belongs to you. And it's likely that some identifying data could be derived from such. Just bear in mind, the moment you SCAN that person's system w/out authorization, but w/ the intent of getting into it, you can be brought up on criminal charges. I've read the other replies you've gotten on this question Herman, and from what I've seen, ALL of them back me up. That alone should be telling you something. G. Allen Johnson. - - - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Thursday, October 13, 2005 9:58 PM To: G. Allen Johnson; security-basics () securityfocus com Subject: RE: Wireless Security
PGP SIGNATURE VERIFICATION *** Status: Bad Signature Alert: Signature did not verify. Message has been altered. Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
Signed: 14-Oct-05 12:48:07 AM Verified: 14-Oct-05 1:06:25 PM BEGIN PGP VERIFIED MESSAGE ***
G. Allen, But if they're getting an IP from your AP/Wi-Fi enabled router wouldn't a trace on their IP address show as being in that "private" pool of IP addresses? What about trapping and analyzing the packets that are going across their network? Would it be legal for the person who setup the network to intercept and analyze them? That doesn't sound quite fair to me. That they can illegally attach themselves to someone else' Wi-Fi network and that the owner of said network isn't allowed to investigate by looking at their computer to at least try and find out their identity. I've read just the article that you directly linked to, was the site a legit site, or was it a scam? Herman - - - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Thursday, 13 October, 2005 22:18 To: hfebelingjr () lycos com Subject: RE: Wireless Security "C) Can the person who initially setup the Wi-Fi network ***legally go in and look around>>> his/her neighbors computers?" "C) ***I'd think that it is possibly a gray area***. I would think that IF a person discovers that they uninvited guest(s) and s/he is trying to find out who they are, and where they are I would think that lawyer would argue that the person who setup the Wi-Fi network was just investigating those who were illegally accessing his/her system." Negative, no gray area here. Unless you have written permission &/or some other manner of consent to enter a system not owned by you, you may not legally enter that system. In regards to identifying the culprit however, the wireless AP should give the IP's of the devices connected to it. Once the IP address of the offender is acquired, there are a number of ways to pursue and resolve the problem. Even law enforcement has prerequisite requirements that must be fulfilled before entering/hacking into someone's system. Taking the law into your own hands, so to speak, will net you a similar result to the UK fellow who "investigated" the Tsunami relief website. http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/ 1 to 2 years ago I would have agreed w/ you Herman. But the power of the individual to investigate such things has decreased while the power of the gov't to perform such activities has increased. The war on terror, much like the war on drugs, is really nothing more than a war on civil liberties. G. Allen Johnson. - - - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Wednesday, October 12, 2005 8:25 PM To: G. Allen Johnson Subject: RE: Wireless Security
PGP SIGNATURE VERIFICATION *** Status: Bad Signature Alert: Signature did not verify. Message has been altered. Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
Signed: 12-Oct-05 11:00:43 PM Verified: 13-Oct-05 10:57:20 PM BEGIN PGP VERIFIED MESSAGE ***
G. Allen, On A) I have to agree with ya. I would also have to agree with ya on B). As for C) I'd think that it is possibly a gray area. I would think that IF a person discovers that they uninvited guest(s) and s/he is trying to find out who they are, and where they are I would think that lawyer would argue that the person who setup the Wi-Fi network was just investigating those who were illegally accessing his/her system. As for d) I'd have to agree with ya again, IF a person is dumb enough these days NOT to be running some kind of anti-virus PRG on their system, they are the one who is to blame for any and all virus' that they get. As far as e) I would agree that a person's E-Mails/files are the property of the owner. However I would have to think that the packets being sent illegally over another person's WLAN are the property of the owner of the network. Herman - - - -----Original Message----- From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net] Sent: Wednesday, 12 October, 2005 22:15 To: hfebelingjr () lycos com Subject: RE: Wireless Security Assuming the person in question is setting up a wireless AP for his/her own personal use: A) None. Establishing a wireless network does not automatically add every wireless device in the area to its network. The neighbors have to opt in to use it, and they have to have the SSID and pass key to do so. Assuming a default SSID and no pass key present, the neighbors in question still have to choose to join the unsecured wireless network and have to take responsibility for what nasty things may happen to their computer for connecting to someone's personal wireless network w/out that person's consent. B) No. The person who set up the Wi-Fi isn't responsible, the person who deleted the files is. C) No. That would be considered hacking into someone else's system and last I checked, that's against the law. Just because someone accesses your wireless network, that doesn't give you the right to illegally enter another person's system. D) No. See A). E) The privacy I know they can expect is that which is attached to the system; i.e. the files on the hard drive. As far as the privacy of what packets their system is sending out or the privacy of their e-mails, I'm a little fuzzier on that. On one side, it is their e-mail, and it's against the law for some third party to intercept that e-mail. However, they are sending it through an unauthorized connection. So I'm not real solid on this one Herman. Hope that helps, G. Allen Johnson. - - - -----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Wednesday, October 12, 2005 12:17 PM To: security-basics () securityfocus com Subject: Wireless Security
PGP SIGNATURE VERIFICATION *** Status: Bad Signature Alert: Signature did not verify. Message has been altered. Signer: Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
Signed: 12-Oct-05 1:56:23 PM Verified: 12-Oct-05 10:31:52 PM BEGIN PGP VERIFIED MESSAGE ***
I've got a question (actually a few) along these lines. Let's say that a person has a Wi-Fi network setup at home. And they find out that some of their neighbors have accessed it. A) What if any obligation to the neighbors does the person who initially setup the Wi-Fi network have? B) What happens IF one neighbor goes in and reads/deletes msgs/files from another neighbor's computer is the person who initially setup the Wi-Fi network for their own use liable? C) Can the person who initially setup the Wi-Fi network legally go in and look around his/her neighbors computers? D) What if one the neighbors get a virus, is the person who initially setup the Wi-Fi network liable? E) What if any expectations to privacy do the unauthorized users have? Herman - - - -----Original Message----- From: Daryl Davis [mailto:daryl () ultbingo com] Sent: Tuesday, 04 October, 2005 12:56 To: security-basics () securityfocus com Subject: Wireless blocking I believe I have an unauthorized wireless router on my network. I have been unable to physically find it as of yet. Does anyone know how to find the hidden SSID and then Jam it? Thank you. Daryl R Davis Digital Game Media, Inc.
END PGP VERIFIED MESSAGE ***
END PGP VERIFIED MESSAGE ***
END PGP VERIFIED MESSAGE ***
*** END PGP VERIFIED MESSAGE *** -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQ1Bvkx/i52nbE9vTEQJVLACg/xpQBNo5vC8EHpllgu603vnQBb0AoOZm 9FlmN4XZ8vPpcnnRdHTLM9mn =2moc -----END PGP SIGNATURE-----
Current thread:
- RE: Wireless Security, (continued)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security David Gillett (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security David Gillett (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- RE: RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- Re: RE: Wireless Security Dave Bush (Oct 18)
- Re: RE: Wireless Security Alloishus BeauMains (Oct 21)
- Re: RE: Wireless Security Dave Bush (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 18)
- Re: Wireless Security Austin Murkland (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 21)
- RE: Wireless Security David Gillett (Oct 21)
- Re: Wireless Security Austin Murkland (Oct 18)
- RE: Wireless Security Drumm, Daniel (Oct 21)