RE: [fw-wiz] Interlopers on the WLAN

From: R. DuFresne (
Date: 11/06/02

From: "R. DuFresne" <>
To: "Philip J. Koenig" <>
Date: Wed Nov  6 11:58:55 2002

On Wed, 6 Nov 2002, Philip J. Koenig wrote:


> Personally when I started the thread I was thinking more in terms of
> the whole practice of "wardriving" and whether it's defensible from a
> legal standpoint or not.

Yu've changed the context of the argument, which I'd suspected from the
begining that this was more the context meant in the original post. But,
passive sniffing is at present apparently not illegal, in fact the secret
service is actively 'wardriving' in various pasrts of the US to ascertain
the weak default setus that might be infringing security of various gov
and mill sites exposed to wireless toys.

> I was not referring to clueful individuals and organizations/
> institutions that properly take care of the security issues on their
> WLANs. I was referencing the very clear fact that a huge amount of
> these WLANs are operated by non-technical consumers who, in my view,
> cannot really be expected to understand all the technical/security
> issues at play, particularly if the vendors not only ship the product
> with an insecure default configuration, but also do a poor job of
> educating the consumer about the issues at hand.
> Given that there are so many WLANs out there that are owned/operated
> by these types of users, it makes me think that to assume a WLAN is
> "public" simply because a non-technical user set it up in it's most
> likely configuration is a stretch to say the least.
> Further on the legal/abuse front: I predict the next wave of spammers
> will be heavily exploiting open WLANs to anonymize themselves while
> sending out spam, and I wouldn't be a bit surprised to see DNS-based
> blacklists of open WLANs pop up, just like the various ones that are
> now operating to flag open SMTP relays and other potential spam
> sources.

Spammers might well take this route, and might already have taken this
route. They are the less hideous of the security risks one should be
envisioning here. As you hinted at with the Mitnick ordeal <which if
folks recall, required Tsutomu Shimonura's use of illegal equipment to
trace Mitnick down>. I'd certainly use a route such as this to base any
attacks upon a private corporate of gov sites these days. The annonimity
makes it far too easy a place to hide ones presence from.

The free.nets of the past are perhaps a dying breed, soon to be over
shadowed by the free wireless routes available for access. And there are
many ventures to provide such access advertised weekly in various
locations around the globe. I've collected a few examples from various
media over the past year or so. The problem gets even messier as to
insecure default settings though when one looks at all the new laptops and
desktops hipping with wireless trinkets imbedded in the new equipment,
turned on with totally insecure default settings. I'm just wondering how
long it takes before some of the larger systems are shipped as AP's as
well as clients <it might already have been done and I've just missed it>.
The point being, this is a nightmare that's already been unleshed and soon
to be exposed to big time security issues, if it hasn't already raised
it's ugly head. And the focus needs to be pushed ba k towards the vendors
to do something about the awful default settings they provide. Until the
vendors are forced to take responsibility, it's the end users that will be
the ones to share the financial costs of their toys being used for nasty

And let's not even reopen the old dead thread on the wireless video
equipment being shipped as 'security devices' and the exposure they


Ron DuFresne
<broadcast at your own risk>

        admin & senior security consultant:
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!