Re: [PLUG] Experience with Verizon FIOS & wireless installation

On 10/1/07, Brian Stempin <brian.stempin@gmail.com> wrote:

Being open (and neighborly) is not mutually exclusive with keeping
your own systems secure.

In a case like this, it's a question of liability and not of security.

Once upon a time while I was in High School, a group of peers approached me and asked me how to make certain transactions totally anonymous. The first thing that came to mind was to (a) fake my MAC address, and (b) War-Drive until I found someone with an open WAP that I could leech off of. This means that if I were to cause some sort of trouble (ie, downloading kidde porn, hacking, etc) the logs would show the IP address of the open WAP. Sure, they probably will most likely escape some sort of conviction, but being charged with something like that is a huge burden. Even being investigated for something like that without being charged is still a pain. They just went from an open neighbor to a victim over-night.

Sorry, but I'm not open enough to allow someone to expose me to that type of hardship.

On 10/1/07, gabriel rosenkoetter < gr@eclipsed.net> wrote:
At 2007-10-01 00:55 -0400, Brian Vagnoni < bvagnoni@v-system.net> wrote:
> It's all broken WEP, WPA ..etc. I've seen hack videos for both,
> and cracked both myself. Aircrack-ng can crack wep and wpa in
> minutes. Non-broadcasting SSID's are a joke. You still transmit
> beacon frames and if you listen long enough you will get the SSID.

Um. Or you could choose to leave the wireless network open
(potentially, segregated from internal systems you'd rather not
have facing the outside world) as a friendly neighbor.

I don't understand when it became a bad idea to share ones Internet
connection on purpose. I do understand why it's inadvisable for the
technically less-literate, but folks around here ought to be able to
secure their networks sufficiently and even rate-limit unknown
wireless users. Forward-thinking ISPs (Speakeasy, for example) even
encourage their users to do this and help them publicize the location
of their wireless access points to other customers.

If you're concerned that someone will funnel spam through your
connection, then don't permit SMTP outbound except through your mail
server and configure SMTP/TLS. If you're concerned that people will
kill your bandwidth with large downloads, I've found that it's
actually reasonable to be reactive, rather than proactive, and ban
abusive MAC addresses explicitly rather than limit connectivity.

I've always maintained a publicly accessible access point, and I've
only had a problem a couple of times (solved by banning the MAC
address). Most people just want to check their mail and so forth,
and even regular-user neighbors tend to ask (eventually).

Being open (and neighborly) is not mutually exclusive with keeping
your own systems secure.

--
gabriel rosenkoetter
gr@eclipsed.net

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug