Firewall Wizards mailing list archives
RE: Interlopers on the WLAN
From: "Frank O'Dwyer" <fod () brd ie>
Date: 09 Nov 2002 12:42:40 +0000
On Sat, 2002-11-09 at 10:26, Philip J. Koenig wrote:
On 9 Nov 2002 at 9:10, Frank O'Dwyer boldly uttered:
[...]
Basically the point I am trying to make here is that these sorts of networks are not useful only to hackers etc, they are also just plain useful.I think you're stating the obvious. Of course they're useful, just like open SMTP relay hosts are "useful"..
No. MUCH more useful than that. That's the problem really. A mobile user could download their email at something like modem speeds using a mobile phone, and pay through the nose for it, or they could receive broadband access on the move for nothing. Which of these models do you think is going to prevail? And when users, and corporates for that matter, figure out that they can effectively get an 11M LES circuit to their buddies without paying a telco for it, what do you think they will do with that information?
but they also happen to be a widely frowned-upon attractive nuisance on the internet these days. Almost every security problem on the net starts out because someone stuck some host or device online to do something "useful".. but simultaneously overlooked the security implications.
The net itself started out that way and has been a basket of security holes ever since. Why is it still here? Because it is compellingly useful and users are either ignorant of the risks or have evaluated the risks and taken them anyway. That doesn't mean everyone on the net is stupid. Sometimes not taking a risk is a more of a risk. As security people we too often do risk analysis while normal people and business people do risk/benefit tradeoffs, which is actually more rational. Human beings also have an appetite for risk - give them a safety belt or an airbag and they will drive faster. Also just like IPSEC won't fix the net's issues, nor will any fixed version of WEP address the above or change the economic advantages of doing it anyway. Those measures solve a different problem.
I remember the days when running an open SMTP relay was considered neighborly - and convenient if for example your normal ISPs MTA(s) were having temporary problems. But the current situation makes it an extremely bad idea to run such hosts any more.
Agreed - but the current situation makes it an absolutely irresistable and mouth watering idea to run widely interconnected and even open WLANs. That's the difference. Indeed it's happening already, despite the known issues.
Disconnecting them would be a really draconian response, and the underlying issue would remain (these attacks occurred before WLAN even existed).I have never advocated "disconnecting" open WLANs. I have pointed out that A) those who deign to hop on them for a "free ride" may find themselves the subject of criminal proceedings, B) I hope to make people aware of the need for vendors to ship products in a secure configuration by default (and fix the WEP problems) and C) I hope to make people aware of the serious security implications of (intentionally or unintentionally) running open WLANs.
OK, but what's the solution for these people? It sounds very much like you're saying "don't run open WLANs" and "don't use open WLANs (even if the owner wants you to)" and "sue open WLANs out of existence" to me. How do you suggest someone sets up an open access point so that their users don't have to worry about winding up in court? How do users tell an intentionally open access point from an accidentally created one? What could open access points do to improve security, short of ceasing to be open? [..]
What would be more useful here is some kind of mitigation - e.g. the ability to perform some kind of 'egress filtering' - that could be a standard firewall operated in reverse, to filter certain protocols, or to drop signs of misuse, or to shape traffic. It might be more appropriate for ISPs to do that however, than to expect end users to do it. A useful feature for any developer of personal firewalls though - zonealarm could easily do some of this. This would also start to address wired abuses.I personally am not a great fan of ISPs acting as "Big Brother" by scrutinizing every packet their users send/receive, and I do think the issues in question can be addressed without dumping that responsibility on them. (and subjecting us all to constant surveillance)
No, I don't mean surveillance. I mean security measures such as dropping HTTP requests that look like attempts to exercise buffer overruns, discarding proxy CONNECT requests on port 25 and other silly ports, shaping traffic that looks like DDoS, etc. These are things that would be helpful and could be done to outbound traffic by ISP firewalls (or even zonealarm) without affecting legitimate traffic or subjecting anyone to big brother. No, it wouldn't solve every problem, but it would help. [...]
The question of "anonymous strangers" using someone's network is a bone of contention for anyone who runs an ISP or backbone and those who are impacted by the resulting security issues - and I really don't think WLANs are any different than any other potentially anonymizing access-point in that respect. They're just a relatively new, popular (and particularly appealing for a hacker, I'd surmise) option at this point.
I appreciate that this is your concern, and I understand why. However I think it's going to happen anyway, simply because the benefits are compelling (hence the popularity) and the "solutions" that forgo the benefits demonstrably do not solve the problem. To stop it will take very draconian measures, which no doubt will also be attempted. There are legitimate uses for anonymity too, by the way, and in some cases they are (thankfully) protected by law, at least in these parts :) Cheers, Frank. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Interlopers on the WLAN, (continued)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 09)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)
- RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
- RE: Interlopers on the WLAN Marcus J. Ranum (Nov 06)
- RE: Interlopers on the WLAN Paul Robertson (Nov 06)
- RE: Interlopers on the WLAN Jim Leo (Nov 06)
- RE: Interlopers on the WLAN R. DuFresne (Nov 06)
- Re: Interlopers on the WLAN Kyle R. Hofmann (Nov 05)
- RE: Interlopers on the WLAN Paul Robertson (Nov 05)