RE: [fw-wiz] Interlopers on the WLAN

From: Frank O'Dwyer (fod@brd.ie)
Date: 11/09/02


From: "Frank O'Dwyer" <fod@brd.ie>
To: pjklist@ekahuna.com
Date: Sat Nov  9 11:01:02 2002

On Wed, 2002-11-06 at 22:25, Philip J. Koenig wrote:
> On 6 Nov 2002 at 21:41, Frank O'Dwyer boldly uttered:
[...] Firstly, you're assuming the WLAN is "insecure" simply
> > because it lets anyone connect without asking who they are.
> > Maybe that's what the owner and users of the WLAN want. His
> > network, his policy. If you don't like his policy, maybe
> > you need make sure your network isn't connected to his in
> > any way that matters to you.
>
> Once you connect a network to the internet, your security problems
> often become everyone else's security problems.

Absolutely, but you're still prejudging the issue by using loaded terms
like "insecure" and "interloper". An open access point is not
necessarily "insecure", it's just open. Someone connected to an open
access point may not be an "interloper" but may in fact be using it
exactly as intended by its owner. In this case the appropriate term is
"user" not "interloper". In this sense it is rather like a public access
web site, which don't authenticate users either, and are also a risk to
the Internet. We could demand that all of those be shut down too using a
similar argument, but actually they are pretty useful so we don't.

Also note that these people are not particularly *likely* to be
DDoS'ing, spamming, or hacking anyone. Certainly these abuses are
possible and a real problem, but I'd hazard a guess that to three
significant figures, 100% of such users simply want to surf and read
their email. As far as providing open access goes, the security features
of WLAN simply wouldn't apply even if they worked. (Except in so far as
the current default installations make it far too likely that someone
will *unwittingly* set up an open access point.)

Basically the point I am trying to make here is that these sorts of
networks are not useful only to hackers etc, they are also just plain
useful. Disconnecting them would be a really draconian response, and the
underlying issue would remain (these attacks occurred before WLAN even
existed).

[...]
> Bear in mind my main original point was about the legality or ethics
> of hopping onto an open WLAN. But beyond that, there is this concept
> of an "attractive nuisance" when someone connected to the internet
> does something to encourage hacking activity from systems under their
> control.

Merely setting up an open access point hardly constitutes encouragement
of that kind. If I lend you my mobile phone, am I encouraging you to
make an illegal call? Or if someone uses a cab as a getaway vehicle does
that mean there shouldn't be cabs, or cab drivers should ask for ID?

What would be more useful here is some kind of mitigation - e.g. the
ability to perform some kind of 'egress filtering' - that could be a
standard firewall operated in reverse, to filter certain protocols, or
to drop signs of misuse, or to shape traffic. It might be more
appropriate for ISPs to do that however, than to expect end users to do
it. A useful feature for any developer of personal firewalls though -
zonealarm could easily do some of this. This would also start to address
wired abuses.
 
> The term commonly used is that it's a "rogue" network or
> system.

Again this is a loaded term that doesn't necessarily fit the facts.
Other terms that are commonly used for the same thing are "internet
cafe", "open access point", and "wow, you mean I can get broadband
access when on the road, how handy!". :)

[...]

Cheers,
Frank