War Flying & Network Secuity

A week or so ago we did a little war flying project over Kelowna and found 741 or so 802.11x networks from 1100-2000’ AGL. An interesting little venture to say the least. It appears almost nobody uses WEP, or even renames the SSID of their router from the default (ie: Linksys, SMC, Dlink, Netgear etc. etc. )… Do these people even know about WEP or MAC filtering? Do you think outlets such as Futureshop, Staples and Office Depot should be pushed to give out detailed documentation with their products to warn people of the risks associated with unprotected wireless networks, or should the buyer be-ware? I’ll bet just about anywhere in town you could tap into a neighbours network and scam a free Telus or Shaw high speed connection for the cost of the hardware. I don’t use WEP… it’s a pain in the ass, neither my Netgear or Linksys routers came with any usefull information on how to set it up and use it anyway… Why should I bother? I do use MAC filtering though, and my SSID broadcast is turned off, not that it helps all that much against delinquent geeks like myself… Are we as dumb consumers, expected to surf the web in search of instructions or facts about this stuff? I’m just kinda curious what you all think.

Here’s a somewhat ugly image of the city with the APs plastered in Green and Red. Green meaning WEP enabled (with or without a password), Red meaning not WEP enabled.

http://www.topgungamers.com/misc/warfly.jpg

And as always, I have this stuff posted on my lonely website, Topgungamers.com

Direct link to the thread is RIGHT HERE.

If you are going to use this technology, than you have to know how to use it safely and properly. Don’t expect the people selling it to know how to use it. And this goes for buying any piece of technology. For example, when I buy a new car, I don’t expect the dealer to teach me how to drive, nor should they, that isn’t their job.

I wish I had that map when I was driving around Kelowna at midnight with a desperate need to check my email and not a clue where I could go.

And no, I don’t think that there should be any extra warning, becuase then where would I get my free internet???

[quote=“alistair”]I wish I had that map when I was driving around Kelowna at midnight with a desperate need to check my email and not a clue where I could go.

And no, I don’t think that there should be any extra warning, becuase then where would I get my free internet???[/quote]

LOL why not just drive around and try instead of havnig a place you have to go to. Would probably take you like 5 min or less to find a open spot. : O )

[quote=“Dave”]

If you are going to use this technology, than you have to know how to use it safely and properly. Don’t expect the people selling it to know how to use it. And this goes for buying any piece of technology. For example, when I buy a new car, I don’t expect the dealer to teach me how to drive, nor should they, that isn’t their job.[/quote]

It may not be their job, but it is someones job. Who is going to take the fall for the wireless dangers. It goes Supplier -> Retailer -> Consumer, so either the retailer or supplier must do it. Someone should. To countercase the car situation, there is an intermediate that WILL teach you to drive, whether it be a driving instructor/parent, someone else is teaching you the ropes.

I can think of countless products that go from Supplier -> Retailer -> Consumer (I used cars as my first example) but let’s look at another popular piece of technology - the condum. The proper use of condums is taught in most high schools. However, we still have people who either don’t use them or use them incorrectly. Does this mean that the people who make them or sell them are to blame? No. Society as a whole, I suppose takes the fall for this. We pay taxes, etc. in supporting unplanned babies (if the parents don’t). Or if that example is to abstract consider a virus filled PC. Does the owner of this PC have an obligation to disconnect their computer from the net? (One might make many enemies from passing viruses along, but does an obligation exist?)
Now, does society have an obligation to take the fall when a person goes out, buys and sets up a piece of technology without first understanding the power of it? No, my quality of life is just fine without having WiFi. I think most people would have a wonderful quality of life without it. It’s great to have but it comes with risks. Educate yourself about the risks. Try to reduce your risk - through education. Don’t expect society to bail you out.

[quote=“Dave”]I can think of countless products that go from Supplier -> Retailer -> Consumer (I used cars as my first example) but let’s look at another popular piece of technology - the condum. The proper use of condums is taught in most high schools. However, we still have people who either don’t use them or use them incorrectly. Does this mean that the people who make them or sell them are to blame? No. Society as a whole, I suppose takes the fall for this. We pay taxes, etc. in supporting unplanned babies (if the parents don’t). Or if that example is to abstract consider a virus filled PC. Does the owner of this PC have an obligation to disconnect their computer from the net? (One might make many enemies from passing viruses along, but does an obligation exist?)
Now, does society have an obligation to take the fall when a person goes out, buys and sets up a piece of technology without first understanding the power of it? No, my quality of life is just fine without having WiFi. I think most people would have a wonderful quality of life without it. It’s great to have but it comes with risks. Educate yourself about the risks. Try to reduce your risk - through education. Don’t expect society to bail you out.[/quote]

Okay, well, If you have looked in a box on condoms they normally have neat little graphic pamphlets on how to use them. If you can’t follow those, you got a few problems.
With PC virii, half the time the user doesn’t know that their computer is infected. If they do, there is software to recover/remove infected information. It’s not a matter of forcing the user to abide by the rules and recommendation of the supplier/retailer, its the users end decision to plan their course of action.
I am not arguing that WiFi is risk free, but it isn’t a thing that society should “bail you out of”. If the manufacturers simply put a warning or a few step instructions on enabling WEP/MAC protection, many will follow. So many end users are so closed minded that they don’t realize that someone else can access their internet and do malicious activities.

Fuck… its called a manual read it or you get fucked up.

I’m amazed at the number of greens. That many people read the stuff on their screen? I run into 2 or 3 a week that bought a Dlink of Linksys and put it in their house and want to know ‘why it doesn’t work’.
One guy (a teacher!) just sat one on top of his new Dell and thought it would pick up our mountaintop wireless and miraculously transmit it into his new desktop. I had to drive 30 mins to his house, explain it was a transmitter not a receiver, that you had to have internet and plug it into it and then plug in the dekstop and run software. He was pissed off at me because he thought he could steal internet access (told me I have no right to charge for it), and ripped up the bill for the service call and is currently being harangued at 3 am by the nastiest collection agency I could sign up with…
It’s almost funny, but I run into at least 1 person a week that bought one thinking they just take ‘free internet’ out of thin air and make it work on your computer.
When I was in Vancouver there were 6 APs in the apartment, 5 wide open, on channel 6 with SSID “default”. All 5 had the default password still in them (I checked) and two had file & printer sharing, so I sent the one with an HP6 like mine a “thank you for the free Internet” note… :laughing:

Even the manuals don’t really tell you what to do or what things are… They just show you how to install drivers, flash the router, and use the webconfig. That is with my Netgear and Linksys…

Anyhow, maybe the cable/DSL companies should provide assistance with this stuff. The guys at Woods Lake Cable here are excellent. We decided we wanted a new wall outlet in the hallway and they sent a guy down within an hour, had the line and jack installed, he installed new firmware for the linksys and even setup email account for everyone while he was here.

Not a fan of the Netgear, the older style ones looked really good but a lot of out of box failures. Telus also dumped a lot of low end Linksys stuff around, but I was impressed with the dual 2.4 -5.8 model.
The DLink’s seem to be cheap and pretty reliable, sold hundreds RMA’d just one.
We feed the outdoor wireless radio into the DLink, code it’s MAC & private IP to the system and set the Dlink WEP and channel to repeat about the yard. Also set the ssid to ‘smith’s’ or ‘jones’s’ so when mr smith calls in and says what one do I associate with we can say DUH…

We installed alinksys at home that we got off eBay and I like it better then the D-Link 614+ we had. The AirPlus software wouldn’t allow for the WiFi card on the iPaq to connect. Although me and my neighbour at university split costs on a DL-624, I havn’t looked back on this one yet.

I use the signals on McKay street.

HAHAHAHAHAHAHAAAAAAAAAAAAAAAAAAA HAH!

Humour was intended?

[quote=“orangetang”]

Anyhow, maybe the cable/DSL companies should provide assistance with this stuff. The guys at Woods Lake Cable here are excellent. We decided we wanted a new wall outlet in the hallway and they sent a guy down within an hour, had the line and jack installed, he installed new firmware for the linksys and even setup email account for everyone while he was here.[/quote]

SCREW THAT. you know how hard it is to walk some one on the phone how to connect and setup a adsl is. let alone walking them through setting up a router SCREW THAT. We dont support routers here at work and shal stay that way. The company that makes them should provide better manual’s or better support.

It’s like buying a car and have it break down do you call the car manufacturer or the person that sold you the gas. : O )

J’

That’s a completely different situation. To drive, you need to get a license and insurance by law. That means there are two companies helping you to use the car if you don’t include the dealership who is going to fix anything that breaks and change your oil for you. Not only are you already trained to use the equipment, but you’re also backed if anything goes wrong. Gas has nothing to do with it… I’m not saying we go after BC Hydro becuase they power the router.

I guess if we compared cars and routers, (since it seems to be a popular comparison…) we would be required to take a course and write an exam, or challenge an exam to become ‘licensed’ to use the internet. That would solve a lot of tech support problems, aswell as help prevent worm/trojan/virus outbreaks caused by n00b users. After all, if you’re too stupid to drive, you just don’t drive. Right? What do you think?

I think you are onto something now. I wouldn’t go as far as a license for using the internet, but perhaps some kind of license for using specialized “equipment or technology” such as servers and routers. For example, a few months ago I downloaded and successfully installed OpenBSD. I set up an Apache webserver (currently down) as well as other stuff. I have a little experience but I certainly need to know a lot more info before I consider doing it again (at least reading a book on webservers). I think a better example would be the world of amature radio. One needs a license before they can broadcast. Host a webserver is like broadcasting.

That’s how I see it, kinda. I once installed Apache on a windows machine I had sitting around, fired up php, mysql… etc etc. I didnt’ have a clue what any of the stuff was, I just followed a step by step posting on the web… Anyhow, all was fine & dandy until I decided having a webserver would be neat. Ooops! Apparently I sent something like 1,500,000 SPAM mails in the period of a day. Citytel promptly called, told me to fix it or they’de shut me down. Fair enough right? I didnt’ know any better though, and had no idea what kinda of trouble that might cause. I can hardly blame anyone but myself, but there should be someone… :smiley:

It was not your webserver, it was probably an unsecured Sendmail that did it. It was probably setup by default to allow anyone on the internet to relay mail through your machine.

Open Relay…not good.

Yea on this router business…there are too many of them out there that are unsecured. I took a wardrive downtown a few weeks back. Up third to overwaitea, down second, and down where the Elizebeth apts were and found 13 AP’s. 3 of which were WEP’d, the rest were open.

Its too bad that many of them just work out of the box. There should be something that is setup so the first time someone hooks up a wireless router and tries to get online through it the router will redirect them to a setup page to FORCE the user into changing the defaults. At least to change basic stuff like SSID and turn off the SSID broadcasts.