Re: RE: Wireless Security

• Previous message: Alloishus BeauMains: "Re: Hard drives v. CF/Smart media/etc."
• In reply to: Dave Bush: "Re: RE: Wireless Security"
• Next in thread: Herman Frederick Ebeling, Jr.: "RE: Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Oct 2005 09:34:24 -0500
To: Dave Bush <hockeystatman@gmail.com>

There are some recent court cases prosecuting folks for using
unsecured networks. Not alleged, but actually found guilty.

As far as I read from those cases, and much to the dismay of the
computer security community as a whole, security of the actual network
did not matter.

Attractive nuisance has not been upheld in court, as far as computer
security goes.

On 10/18/05, Dave Bush <hockeystatman@gmail.com> wrote:
> On 10/17/05, Herman Frederick Ebeling, Jr. <hfebelingjr@lycos.com> wrote:
> > Yep, which is why I was thinking that one should be able to use Network
> > Neighborhood to glean any and all information
> > about who they are.
>
> If something happens that an attacker doesn't show up in Network
> Neighborhood, remember the benefits of the command line tools that are
> out there. (Yes, even for Windows!)
>
> nbtstat -A <ip address of rogue system>
>
> That'll give you output similar to this:
>
> U:\>nbtstat -A 10.1.58.56
>
> Local Area Connection:
> Node IpAddress: [10.1.58.56] Scope Id: []
>
> NetBIOS Remote Machine Name Table
>
> Name Type Status
> ---------------------------------------------
> DBUSH-XPNB <00> UNIQUE Registered
> [REMOVED] <00> GROUP Registered
> DBUSH-XPNB <20> UNIQUE Registered
> [REMOVED] <1E> GROUP Registered
>
> MAC Address = 00-0F-1F-C8-DD-51
>
>
> Under type, 00 UNIQUE is the workstation service and 00 GROUP is the
> domain name. (Not that it really matters, but I removed the domain
> name references above.) Type 20 UNIQUE is the file server service.
> Here's a good reference I found by Googling:
>
> http://is-it-true.org/nt/atips/atips274.shtml
>
> As for the questions that originally started this - I'M NOT A LAWYER
> - but I'd think that leaving a wireless access point unconfigured so
> that anyone could connect to it could be considered an attractive
> nuisance. (Let's go back to Business Law from undergrad, shall we?)
>
> An attractive nuisance is defined as something that attracts children
> but also endangers their safety. I'd think that the legal definition
> is more along the lines of physical safety, like an unfenced swimming
> pool. I'm guessing that some lawyer could extend an open wireless
> access point to be an attractive nuisance though.
>
> Let's guess that little Joey connects to an access point that Martha
> was too inexperienced or lazy to properly configure. Joey goes online,
> buys some veterinarian grade Viagra, and manages to turn his leg into
> solid concrete thus ruining his potential football career. An
> ambulance chasing lawyer would love to argue the fact that Joey
> couldn't have done that if Martha had taken the steps necessary to
> prevent Joey from accessing her network.
>
> Now, if Martha could prove that she'd at a minimum encrypted her
> network with WEP then it's going to be much, much more difficult for
> that lawyer to prove his point. Martha did put up a "fence" to protect
> her network by implementing WEP. Joey had to bring his fence cutters
> (in the form of AirSnort) in order to get into a place he should have
> reasonably known he wasn't supposed to be in.
>
> Could Martha shoot Joey for being in her pool? Not unless he was
> threatening Martha in such a way as she felt she had to protect
> herself. Along the same lines, sorry - you can't legally retaliate
> against someone using your wide open wireless access point. The best
> you can do is lock them out in some way (MAC filtering, WEP, etc.) to
> tell them to stay out.
>
> This is for active connections folks. Anyone can passively monitor
> traffic on your network as long as they can pick up your signal. I'm
> taking a class that's basically a wireless hacking class as part of my
> Masters, and I've already had a nice conversation with the police when
> they were wondering what I was doing outside of Home Depot at 10:45 PM
> on a Saturday night. (Sitting far back in their parking lot,
> monitoring their broadcast beacons with AiroPeek, and guessing that
> they're using a Cisco proprietary encryption protocol to protect
> themselves.) When the cops asked what I was doing, I told them
> homework and explained exactly what I was doing. Because I was
> passively monitoring signals that were being sent all over the area,
> there was nothing they could do. The second I start trying to break
> into the network though it's, "Hello Mr. Handcuffs."
>
> Again, I'm not a lawyer, but I'd think that leaving an access point
> wide open is an invitation not only to be hacked, but to also possibly
> find yourself in court because some dumb kid got in trouble via your
> connection.
>
> CYA folks!
>
> --
> Dave Bush <hockeystatman@gmail.com>
>
> There are two seasons in my world - Hockey and Construction
>

• Previous message: Alloishus BeauMains: "Re: Hard drives v. CF/Smart media/etc."
• In reply to: Dave Bush: "Re: RE: Wireless Security"
• Next in thread: Herman Frederick Ebeling, Jr.: "RE: Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]