[peeb]

You find it surprising that you can see people's shared folders, and vice versa? What did you think a shared folder was?

[Tesselator]

Well I find a few ummm "mistakes" (probably not the right word but let's go with it) in
your logic here. Everything you just said is 100% right on the money... IF... it's a land
line network we're talking about here. But this is wireless. You saw where I live - it's
major crowded - and I bet there are less than 1,000 people who can get a good enough
signal to maintain a connection. Probably more like 50... even in my crowded space.
Of those (let's shoot for the middle) 500 people let's say 10% have computers though
I feel both numbers are WAY WAY too big. That's 50 people. Let's say one in 25 have
enough understanding to even try to get in to my LAN via the wireless. And remember
they have another 49 hypothetical people to choose from besides me slimming the odds
that I'll be chosen tremendously. That's two people who "could". But I'm willing to bet
(literally) that not one of them would. So the result in my model and in my experience
is actually zero.

Remember in my area I can see about 7 wireless networks so I guess that means there
are only 7 other households (actually 6 and one business) who even have the equipment
to connect to me. So if I were being totally fair I would start with 7 not 500.

The other thing that doesn't make sense to me is this idea that there are 16-year-olds
out there who could or would do such a thing. Yeah there were at one time back when
modems were 300 baud, plugged into the back of your C=64 and everyone was sharing
information about how to cause BIX, CompuServe, Genie, GEOS, or the local University a
little bit of trouble. That's before TCP/IP stacks were in wide use and everything was still
a Command Line Interface - oh, say from 1978 to about 1985. Those days are now long
gone. Even back then no one hacked private computers except maybe to look around. As
it is today as well, it just wasn't interesting and no one wanted to cause an individual any
trouble.

The hacker profile that cause single station or home systems any amount of worry is a
relatively new breed. They're usually looking for free bandwidth and they want to steel
yours and mine to distribute file-segments of whatever illegal thing they're up to. Almost
all those guys are in Russia or Africa. My wireless range is 200 meters at best - a little
short to reach the Ukraine or Zambia.

I think your points are great for land-line networks but to my understanding of what wireless
is and how it works they don't seem to apply. I also think that it's a very good idea to have
two like you suggested though if it's feasible. That would be optimal if the resources were
available. If not, I still contend that leaving your home network open for the occasional Cell
phone, PSP, DS, or laptop user won't hurt anything. The vast majority of people in the world
are good decent responsible folks not out cause any trouble and the days of the zit-faced,
basement-dwelling, teen-ager, hacking away on a CLI tryig to figure out how to crash Kermit
are long gone.

[themacjedicali]

Hey toeknee you should know that the mac address and the packet headers ARE NOT encrypted so just using wpa/wpa2 will NOT hide your mac addresses. They are clearly visible in every packet to and orm the computer to the router (sans beacons and such). The router has to be able to see the header in cleartext in order to route it correctly and know if its just other clients on a different network, or authenticated clients on its own.

[themacjedicali]

Excellent post. Changing the mac address literally takes seconds so its not even really that useful to filtering on a the router, but I am a firm believer in doing everything possible since someone who doesn't have filtering turned on is a greater target statistically than I would be. Basically most settings just apply to the software out there that follows that rules. If the software doesn't follow the rules, then the implementation is flawed. It would be like having a sign on a door that says locked as opposed t having it actually locked. Honest people would avoid the door, but those who ignore the design get in free and easy!

[themacjedicali]

If you want to set up a good system, you can have your main network secured via wpa/2 and have an open router on the same line with limited access to the internet ONLY, and no access to the main computers on the network. This is generally known as a type of AP Isolation and is used widely when people want protection but want to allow untrusted clients to connect as well. Subnets are great in that whole ranges can be isolated form other ranges when you know what your doing. Check your router manual for setup!

[Simon]

Originally Posted by ghporter 

Not to get political here, but it's not tyranny I'm talking about. It's the fact that, given the chance, bad people will do bad things and not care that they may hurt other people in the process. I just don't want to help them out. Securing my network means that I control it, I decide who benefits from it, and that's that. If I wanted to share my bandwidth, I'd set up a completely separate wireless network, one that didn't connect in any way to my home network. Different subnet, only sharing the Internet connection, that sort of thing.

I agree completely with you here, Glenn.

But let's assume I have an old AP Express lying around and tons of extra bandwidth. So I'd like to share that with anybody who happens to need it. I hook up my broadband connection to a hub, plug the Express in one port and my regular router in the other (I get two IPs from my provider so that should work). The router will do DHCP/NAT and close off my own LAN form the rest of the world. The Express will offer an 802.11b connection to anybody who needs it. The only sharing going on will be the actual broadband line. Every client on the public 802.11b network will be on the WAN and hence outside of my LAN just as any other computer somewhere else on the internet.

Now with such a scenario in mind, what kind of legal trouble could you encounter if somebody decides to use that public network for mischief? And I'm not talking about a power tripping DA going nuts within the US legal system. Let's assume we have a fairly reasonable DA and EU law. If I have the AP Express' log files at hand, would that be sufficient to show that it came from an unknown 'outsider' as opposed to one of my machines? Any lawyers here who could comment on that?

[ghporter]

You'd probably be ok, since you'd be able to demonstrate (not "show" your logs-that sort of thing is suspect because logs are editable) that outside connections through the old AE are both external and outside your control. This is just what I was talking about above.

[Tesselator]

Ah, now that it's defined it makes more sense. So basically just a second router assuming
your ISP will give ya the IPs you need and you already have an extra hub? Mine says it's do
five for me. This seems like the best solution yet.

[peeb]

I completely fail to see how this helps at all.

[Cold Warrior]

If you have the logs on hand, it'd demonstrate to an attorney that you know what you're doing and should have been reviewing your logs for illegal activity. That you didn't makes you more suspicious.

[peeb]

So, wait. Let me review your logic.
Situation A: Open wireless connection. Suspicious use leads to a warrant to examine your computer gear.
Situation B: One open connect, one closed. Suspicious use of the open connection somehow is fine because it would 'demonstrate to an attorney that you know what you're doing'?

I don't follow.

[Cold Warrior]

Originally Posted by peeb 

So, wait. Let me review your logic.
Situation A: Open wireless connection. Suspicious use leads to a warrant to examine your computer gear.
Situation B: One open connect, one closed. Suspicious use of the open connection somehow is fine because it would 'demonstrate to an attorney that you know what you're doing'?

I don't follow.

No on B. I was sort of agreeing with your previous statement that you don't see how an open side helps matters. My post was meant to also illustrate that point by saying a person who is knowledgeable enough to split his connection between private and public, and savvy enough to store logs in the event something attracts attention, should be savvy enough to review the logs for bad activity, and that not doing so would also attract a prosecutor's attention.

[peeb]

Wouldn't such a person also be savvy enough to use the open side of his connection for anything dubious, or simply falsify the logs?

[Cold Warrior]

Originally Posted by peeb 

Wouldn't such a person also be savvy enough to use the open side of his connection for anything dubious, or simply falsify the logs?

He could, but if the activity has already attracted attention, law enforcement should have enough of a profile to ID the user as the one running the connection. Also, falsified logs should also be easy to spot, as law enforcement and the ISP would have the correct logs to check against the falsified ones.

He'd just be digging himself into a deeper hole.

[peeb]

Right, but my point is that, since what Glenn seems to be worried about is having a warrant served, having any open connection at all will lay the owner open to that.

[Tesselator]

I was thinking it was a better solution for the security issue. I personally think
the only solution for any kind of legal situation you get yourself into is a very
expensive lawyer. The exact same thing can happen open or not. Criminals are
steeling bandwidth to do illegal things all the time wireless or not. If some law
enforcement agency wants to point their finger at you for it there is no legitimate
recourse in today's judicial system. You just need to hire someone on the same
level of corruption as they are on - or leave the country.

I seriously believe that. I've followed some 20 or 30 court cases that I thought
might be telling about the state of affairs in the federal judicial system over the
past 5 years or so and almost all of them showed a very corrupt court system.
And in some cases out-of-control corrupt law enforcement agencies. The idea
of innocent until proven guilty and "fair trials" are all gone now - at least at the
federal level. State and county are probably a case by case (area by area) deal.

[Simon]

Do the log files created by for example the AEBS contain the MAC addresses?

[Athens]

Has any one setup and used a Radius Server for wireless protection?

[Big Mac]

We had a thread identical to this one a while back that got closed because the OP was trying to gather information on people's setups in order to hax0r them. Not saying that Tesselator's doing that though - it's just funny that a member would create such a similar thread.

[Tesselator]

Hehehe! All your mac addresses belonged to us!

[paduck]

A couple of observations.

1. From my house, I can see four other networks. This is a normal suburban street. One of those wireless networks is unsecure. First guess is that my secured setup (perhaps not the most secure) isn't going to be as attractive with an open connection just sitting there.

2. How many people who live here/are willing to park on my cul-de-sac within range of my wireless signal, hack through the limited security, and take my signal? Not many. There is an element of risk management here. I periodically change my passwords, so that makes it a little less risky as well.

There have been some observations here that people want to take their connection and share it with the world. They see nothing wrong or illegal about this. However, they should probably read their ISP's terms of service. Most of those will indicate that the ISP is providing you Internet for your own personal use and that of those within your residence. Not for random people along the entire street. The ISP could legitimately say that the people who are hijacking your wireless are engaging in "theft of service." They probably have a tier of service that they will sell you is you want to engage in that activity. However, it will be more expensive.

Also, if someone uses your open network to do something nefarious, you may or may not be liable, but you will have to go through the hassle of removing yourself from the attention of the authorities. If you have a closed network and someone steals your service for something nefarious, you will have the same problem. In some respects worse, since the closed network might make the argument that anyone could have done it more difficult to sell. However, the closed network will be significantly less likely to be hacked in the first place.

I would be interested in the number of court cases where secured networks were hacked for illegal purposes and the owner got stuck/charged. Even if they tried to use that defense.