Forgot your password?
typodupeerror

Neighborhood WiFi Security 328

Posted by ScuttleMonkey
from the put-out-an-electronic-welcome-mat dept.
picaro writes to tell us the New York Times has an interesting piece about the abundance of open wireless connections available due to the lack of the average user's knowledge. The article also takes a look at how the prevalent attitude is that tapping in to these connections does not equate to stealing and why still other may disagree. From the article: "Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture."
This discussion has been archived. No new comments can be posted.

Neighborhood WiFi Security

Comments Filter:
  • RTFM (Score:5, Interesting)

    by xgadflyx (828530) * <james,montgomery&gmail,com> on Monday March 06, 2006 @07:25AM (#14856728) Homepage Journal
    Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access.
    That would be the category I fall under. I think everyone should follow the sharing principle, lock your box, and open the AP. No matter what deviant may come around and use your access, you can always prove it wasn't you. Now it may be a hassle and even cost a bit of cash..., which we all know sucks, but I've been sharing my wifi for nearly 3 years now and have had no problems. Plus, I've always appreciated the neighborhood open-ness eg. when cable modem users go down and the DSL subscribers are still kicking it, just hop right over and keep on keeping on.
    "I'm sticking it to the man," said Elaine Ball, an Internet subscriber who lives in Chicago.
    "Whoa sweetheart, slow down. We're just talking about sharing internet connections, nothing more" -me, an internet subscriber who lives in Columbus First post?
    • Re:RTFM (Score:4, Insightful)

      by jonv (2423) on Monday March 06, 2006 @07:43AM (#14856786)
      The problem with securing your machines and opening the AP is that certain ISP services (mainly SMTP servers for outgoing mail) don't require any authentication as the ISP assumes that who ever has physical access to the connection is the authorized user. Someone 'sharing' the connection could be using it to borrow the ISP SMTP server for sending out spam or other unwelcome email.
      Of course this can be resolved by putting the access point on the right side of well configured firewall, just pointing out there is more to consider than just securing your machine.
    • Just out of interest what does your contract with your ISP have to say about sharing your connection ?
      In the UK all the ISPs I have ever dealt with have stipulated no sharing, not even a home network with two plus computers.
      Not something I keep to mind, but worth bearing in mind if things ever do get nasty.
      • In the UK all the ISPs I have ever dealt with have stipulated no sharing, not even a home network with two plus computers.

        Really? Who? And how can they tell if you use an NAT layer?

        Many of them object to you running an "open gateway". I don't see why they'd be bothered by free-for-all wireless, so long as you take the rap for anything bad that happens with your connection (such as AUP breaches).

      • by lga (172042) * on Monday March 06, 2006 @08:11AM (#14856869) Homepage Journal

        Many ISPs in the UK now actually give out free wireless routers with a new broadband connection - it is seen as an extra draw for new customers and a marketing advantage to get them to sign up for more expensive packages. And no, most are not encrypted by default.

        BT Broadband [bt.com] give away a wireless modem with their more expensive connections and Wannadoo [wanadoo.co.uk] include a wireless router and claim that it is secure, although I haven't tried it.

      • I suppose it would come down to whether users universally know how to secure a WiFi connection. From my observation the majority of users don't have the foggiest notion of how to secure anything on their computer. I wonder how many users have their own WiFi connection, but out of ignorance, accident, or screwy client software; are using somebody else's WiFi connection.
      • They don't mean that you CAN'T use more than one computer, just that they won't support such a setup. If you ring their tech supp and you're using anything but the standard hardware they sent you (usually a USB modem) they'll refuse to help.
    • Re:RTFM (Score:4, Interesting)

      by Steinfiend (700505) on Monday March 06, 2006 @07:50AM (#14856808)
      I'm sure I'm supposed to be more public spirited than this, but I can't really bring myself to open up my WiFi to other people. I don't think its the money aspect really, 40 bucks a month isn't so much as it would break me. However, I need my Internet connection to be available when I need to use it. I work from home quite regularly and have to either SSH or RDP into work, or sometimes even the reverse, SSH back home from work. If some wonderful neighbor of mine has picked that exact moment to download the latest IT Crowd episode (great show by the way!), then my ability to do the job for which I am paid would suffer.

      If I could be sure everyone would only use it for browsing, email, IM and the odd bit of downloading then I'd be for it, other than that, I would rather not risk it.

      As for being able to prove it wasn't you, should someone hop on and do some dastardly deed, I'd be interested to know how. Has anyone tested that theory? I'd hate to be the first person to go to court, try and prove it wasn't me, and find out the court wasn't having any of it!
      • Re:RTFM (Score:5, Insightful)

        by KiloByte (825081) on Monday March 06, 2006 @08:07AM (#14856858)
        Traffic shaping will do the trick just fine.

        Have two HTB branches: one for yourself, one for good-neighbour sharing. You can set it up so the latter will be starved or almost-starved whenever you need the bandwidth. And then you can fine-tune the branches to care about TOS, etc.

        Besides, traffic shaping is mandatory anyway if you want to even think about using ssh while you're downloading something.
      • As for being able to prove it wasn't you, should someone hop on and do some dastardly deed, I'd be interested to know how.

        Chances are, if they hop onto your protected network, they've been sniffing packets for a while. Everyone here should know that mac address spoofing is trivial. If they spoof their mac address to be yours, chances are you won't be able to prove that you didn't do it...
        • Re:RTFM (Score:2, Flamebait)

          by 1u3hr (530656)
          If they spoof their mac address to be yours, chances are you won't be able to prove that you didn't do it...

          Fortunately, normally* you don't have to prove you are innocent of a criminal charge, the prosecutor has to prove you are guilty. And if anyone could have been using the IP in question, then unless you have something incriminating on your hard disk, this makes any evidence no more than circumstantial.

          *Unless you're a Muslim.

      • As the other post said, traffic shaping is the way to go. I have an OpenBSD box set up as a firewall. Any bandwidth I need, I get. If I'm not using 100% of it, whatever is left is open for folks visiting the little-old-lady next door. She doesn't use a computer herself, so it would be silly for her to buy a line. When her kids or grandkids come over to visit her and bring their laptop, I don't have a problem with letting them tap into my line for a few hours using the excess bandwidth.
      • I'm in your camp. The last thing I need is for all the people around me surf/downloading pron on my dime. And I don't exactly want to waste my time "proving it wasn't me" if the RIAA/MPAA/Childporn_Police come knocking on my door because somebody decided to do something on my connection they wouldn't dare do on theirs.

        I honestly don't understand all the openess hype in this instance. Just because it's wireless? When I was in college a few years back, everybody shared their broadband with ethernet cables
    • Open Access Points (Score:5, Insightful)

      by TPS Report (632684) on Monday March 06, 2006 @08:52AM (#14857024) Homepage
      That would be the category I fall under. I think everyone should follow the sharing principle, lock your box, and open the AP. No matter what deviant may come around and use your access, you can always prove it wasn't you. Now it may be a hassle and even cost a bit of cash..., which we all know sucks, but I've been sharing my wifi for nearly 3 years now and have had no problems.


      At first I was thinking - whoa, you're very open minded. Then I realized you wrote wifi instead of wife. I need some coffee.

      I understand what you're saying about the open access, and it's a nice thing to do - but there's no way in hell I'm going to go through the federal investigation process or even chance the possibility of going to prison, for my neighbors kiddie porn habit. Sorry. My life and the potential hassle is worth way more than him saving $39.95 on his cable bill. You're being nice, and that's applaudable, but if anything does happen - you're going to have a tough time proving it was not you.

      You: but I have logs!
      Them: How convenient. The accused has evidence pointing to someone else. Is it unaltered proof?
      You: Of course! These are the raw server logs!
      Them: Logs, from your firewall?
      You: Yes!
      Them: A firewall which you have administrative access to, and can change the logs at will?
      You: Uh, yeah. But I didn't change them.
      Them: So the logs very well could be altered. And it would be in your best interest for that to happen?
      You: WTF man... I didn't do it.

      Don't expect your freeloader neighbor to step up and take a federal sentence when it comes down to it, and don't put your life in a position where it depends on the justice system to "get it right". Ken Lay, OJ, and lots of others are walking around free men today..
      • by DrSkwid (118965)
        That would suggest I have the burden of innocence.
        • by Syberghost (10557) <.syberghost. .at. .syberghost.com.> on Monday March 06, 2006 @12:26PM (#14858557) Homepage
          That would suggest I have the burden of innocence.

          No, you're right, the government has to prove to the satisfaction of a jury that you did it.

          To the satisfaction of 12 people who were too stupid to get out of jury duty. Using their effectively-unlimited resources.

          But, I'm sure your esoteric technical arguments will convince a jury of non-technical people that you're right, in contrast to the government's arguments, which will consist of blown-up pictures of sex with barn animals that were accessed from your internet connection. Eventually.

          There are many fights in life that I am quite confident I could win. I don't go around trying to get into them.
      • by Kjella (173770)
        don't put your life in a position where it depends on the justice system to "get it right". Ken Lay, OJ, and lots of others are walking around free men today..

        If you tried a couple of wrongfully convicted people who has later been cleared your case would be stronger. "Guilty beyond reasonable doubt" means we're letting people that are probably guilty go free. At times that can be very offensive because the victim was certainly killed / raped / beaten / defrauded / whatever, and noone got convicted. We could
      • by Lumpy (12016)
        I have open access and help support a community wifi. you MUST login via a nocatauth login and your mac addressis logged for the duration. If the federalies come looking I simply say, yup: this mac address wasusing it during that time. I would look around the neighborhood or I can notify you the instant that MAC address is back onthe network.

        works great and shuts up the cops fast.

        if you do not have the technical know how to share your wifi correctly with nocatauth then you deserve to reap the results of
    • you can always prove it wasn't you

      Is this really true though? Are there any precedents in court? I wouldn't like to be the first who had to test that particular claim. In other words, it's my connection, keep off. This altrustic act of keeping points open because of high cost sounds ridiculous to me. Invariably, the APs that are open are also the ones with IDs like "belkin", "54g", "MrPimp" etc. i.e. they are maintained by idiots. Same goes for those APs that are protected with a default password. It's no
  • by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Monday March 06, 2006 @07:26AM (#14856730)
    Some cities have implemented systems where you can borrow one of the public bicycles that are painted with an ugly colorscheme and use it to go where you need to go. Someone can then, in turn, borrow that bike from you after you've parked it. It's an interesting system because the bikes are just community property and everyone has the right to ride them.
    • That's pretty cool. I've heard of people proposing the same thing regarding cars or motorcycles.. of course the potential for abuse is plainly obvious - what is to stop someone from borrowing one of the cars and totally trashing it? heh... A new avenue for aimless destructive rebellion, or whatever...
      • When you have potential for community property, there will always be the potential for individuals to abuse this, and some will. I'm not quite sure if I feel that tapping into nearby unprotected WiFi is actually immoral or even "stealing" in this case. The average user does not come close to using their full bandwidth potential. These same average users, however, are then paying for things they are not using, and those tapping in are merely using the excess in most cases that will never be missed. Above ave
        • For sure, I definitely agree. Actually, a small amount of wireless-network-piggybacking is probably acceptable in essentially all cases. I know very very few people who actually hit their ISP's bandwidth limits - actually, just one family. They are using the absolute lowest & cheapest broadband connection, which only offers them something like 10gb/month up & down. They actually get calls all the time from the ISP telling them to either stop going over the limit, or move up to the next higher price
    • Can see one rather obvious drawback - I cycle to a place, I come out later expecting to cycle back from that place and...

      Oh dear. My mode of transportation has gone. Taxi time...

      Cheers,
      Ian

    • The difference between your comment and the story at hand is you mention community property, the story mentions personal property.

      If city governments were to simply create free WiFi, and someday WiMax, then people piggybacking on other people's connections may become moot.
    • by grimJester (890090) on Monday March 06, 2006 @08:49AM (#14857003)
      It works fine in Helsinki, Finland. The bikes are just bad enough that no one would seriously consider stealing one, but they still beat walking.

      It didn't work out in Turku, Finland. They all eventually ended up in the river.
    • Yeah, some group at my university did that for about 9 months, but so many were stolen or trashed that it stopped.
    • I saw a documentary on this topic some number of years ago. They tried this same project in New York. Within one day all stickers had been removed and all of the bikes had been stolen. The project was considered a failure after a single day. Many bikes were found in area pawn shops. When interviewed, some of the less scummy people were asked why they refused to use the bikes. Their statements were something like, "if I fall, who do I sue?" And still others were, "if the bike fails to get me where I n
    • Japan does that for umbrellas in many train stations.
  • by necro2607 (771790) on Monday March 06, 2006 @07:28AM (#14856737)
    Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture.

    Yeah, like computer users getting sued by the RIAA when they have never used any P2P software on their machine, for example...
  • I have WiFi access! (Score:5, Interesting)

    by Opportunist (166417) on Monday March 06, 2006 @07:35AM (#14856754)
    My neighbour bought an access point!

    Old joke, I know. But so true. And why? Because without fault, ALL APs are configured to accept any and all connections by default. And why? Because otherwise, clueless people would swarm the manufacturer's call center asking how to connect.

    When it's configured in nymphomaniac mode (i.e. do it with everyone you can get), people can connect, they're happy and won't even bother thinking about securing their 'net. At least until the feds knock at their door, asking a few dumb questions about movies and pron.

    But that's no problem either, because in our legislative, being clueless on the net is appearantly an excuse for committing any crime. You participated in a DDoS because your computer contains more malware than other programs? No worries, you didn't know, you're not to blame. Your connection was used to run an illegal server? No worries, it wasn't your fault, your computer was abused as a server.

    Usually not knowing it's a crime is no get outta jail card. When it comes to the 'net, it is. Maybe 'cause legislators and judges are predominantly clueless in respect to the net as well.

    Hey, self interest!

    But as long as it's an excuse to shrug your shoulders and claim you didn't know what you're doing, people won't get wiser.
    • by Tim C (15259) on Monday March 06, 2006 @07:41AM (#14856776)
      Usually not knowing it's a crime is no get outta jail card.

      Usually not knowing that what you are doing is not a crime is no defence, true. Generally though, not knowing that you're not doing something is, unless the prosecution can prove negligence.

      Until and unless there's a crime of failing to take reasonable steps to secure a PC or similar, people are going to "get away" with it.

      Note that if you claim that it wasn't you, it was someone else using your connection without your knowledge, but the prosecution can demonstrate that actually it most likely was you and that you left your connection unsecured in order to provide yourself with that excuse, you'll likely not be believed.
      • Whether you are guilty or innocent, loss of all your computer hardware for a few months, whilst the investigation is under way, seems like quite a severe punishment,especially for those that cannot afford a temporary replacement.

        The accusations can also be quite damaging all on their own if you consider terrorism and child pornography, especially as both crimes now seeming to fall into the category of guilty until proven innocent, in the public eye.

      • by Opportunist (166417) on Monday March 06, 2006 @08:38AM (#14856966)
        In other words, everyone except IT-techs have a carte blanche? Because you can't expect the ordinary user to know or even have a firewall, virus utilities or packet filters?

        And is it not negligence when I see my computer slow to a crawl (because it's filled with trojans that hook every single API in the system) and ignore it? Is it not negligence when I see sexpages pop up even if I surf towards Disney (because my machine is filled with adware bombers)? Is it not negligence when my connection is noticably slowing to a crawl (when my computer is spewing out torrents of spam)?

        When I leave my door unlocked (just closed, but unlocked), I'm considered negligent when someone breaks into my house and steals my possessions, my insurance will brush it off and I'll sit here alone in my empty home. Worse, when I leave my car keys in the car and someone steals it, committing a crime in the process far worse than stealing my car (like, say, withdraw some money from the local bank using his iron mastercard...), I'm probably guilty of aiding a criminal.

        Why is that different when it comes to computers and computer criminality?
      • So If I have a secured access point (using term loosely) and someone gains unauthorized access to it would it be okay for me to poke around on his computer he is using to access it ?

        And if it is okay what about an unsecured access point for my personal use with no encryption or security ?

        Just because it's not secured doesn't imply that it is free for anyone to use ?

        I leave the front door of my house unlocked sometimes does that mean it's okay for someone to come in and use my milk/heat/tv ?

        If someone did en
        • I leave the front door of my house unlocked sometimes does that mean it's okay for someone to come in and use my milk/heat/tv ?

          You tell me. I get phonecalls all the time on my cell that say "Home". I answer, and ask who is in my house.

          I'm anal about keeping my WAP closed though.

      • This is true. I'm not a lawyer, but I think most people don't realize is that good lawyers practice an art. Yes, they have a large set of rules to follow, but it's basically artistry in a courtroom.

        It's kinda like boxers - Your lawyer has an objective, the opposing lawyer has an alternate objective, and the judge is there to make sure both sides don't punch each other in the nuts too often. The truth is usually NOT the focus of the "game" (I call it a game because really, that's what court in general se

    • > Usually not knowing it's a crime is no get outta jail card.

      It is not about knowing if it is a crime. It is about who is acutally committing a crime.

      Just because the traffic was routed through your AP and you ISP does not mean that you or your ISP committed the crime.
      • Perhaps not, but the burden of proof is beginning to shift. And I suspect a bit of an inconvenience will be in order after the feds grab all of your computers looking for the download childed porn, mass-mail spam lists, terrorist bomb plans, and/or infringed music and movies.
      • So not securing your AP automaticly gives you Common Carrier status?

        IANAL, but I think you'll still be responsible for any data being sent by your modem. Maybe you'll get off the hook if you can prove beyond doubt that it was someone else who downloaded the kiddy pron, but the feds will still be knocking on *your* door to take you and all your computer equipment downtown.

        Personally, that's not a risk I'm willing to take.

        • I do not live in the US (from you login I guess neither do you), so the feds will not be knocking on my door.

          In Denmark you do not have to prove your innocense. There are no laws that makes you automatically responsible for traffic on you network, phone lines, etc.

          Of course you can still get sued for anything, and the police might ask you questions.

          There is a danish equivalent of the "Common Carrier" concept in the law on electronic trading etc. http://www.ft.dk/Samling/20012/lovforslag_som_vedt aget/L61.ht [www.ft.dk]
          • You are right offcource. I'm from the Netherlands myself, so in my case it would be the AIVD. However, /. is a USA based site, so I picked the American equivalance.

            Anyway, as I said: IANAL.

    • by kyrre (197103)
      Usually not knowing it's a crime is no get outta jail card. When it comes to the 'net, it is.

      Since when was it illegal to share your network connection with someone? Last I have heard there was an entire industry devoted to the service. They are called Internet Service Provider.

      But that's no problem either, because in our legislative, being clueless on the net is appearantly an excuse for committing any crime. You participated in a DDoS because your computer contains more malware than other programs? No wor
      • "Since when was it illegal to share your network connection with someone? Last I have heard there was an entire industry devoted to the service. They are called Internet Service Provider."
        You are confusing technically possible and legal. Chances are, your ISP made you agree to a contract where you don't sublet your connection. Otherwise, blocks of flats would have one guy paying the bill and everyone else piggybacking on it. It's illegal as in you-signed-a-contract-saying-you-wouldn't-do-it, not illegal
    • But that's no problem either, because in our legislative, being clueless on the net is appearantly an excuse for committing any crime. You participated in a DDoS because your computer contains more malware than other programs? No worries, you didn't know, you're not to blame. Your connection was used to run an illegal server? No worries, it wasn't your fault, your computer was abused as a server.

      So somebody steals my car and uses it in a bankrobery. Am I now a criminal all of a sudden?

      As for the malware; if
      • If said car is not locked and the keys are lying visibly on the dashboard (equivalent of the usual PC on the 'net) then yes, you're in for "forwarding a crime".
        • How about if I install special locks on the car which keep most thiefs out, yet one manages to bypass the locks and use the car in a bankrobery?

          Even with aVast, AdAware, a port-blocking router, regular SpyBot scans and windows XP's firewall running, malware managed to find it's way through. Only Ewido later managed to catch it and with Ewido now running along with the others, my only way of knowing my system is safe is by trusting those three will keep it clean.

          I dare bet most of the people, who claim owner
          • I've seen malware get past MS Antispyware & Spybot (the worst being Spy Sherrif, which actually deletes MS Antispyware if it sees it), but it's usually caught on the next scan if it doesn't make itself obvious immediately.

            What does Ewido do that's different to the others?
          • You don't need "special locks", all you have to do is to "apply security to a reasonable extent". Lock the door, take the keys with you. If your car is STILL opened because your car cannot be secured sensibly (i.e. when your locks are so old that you can undo them with a hanger) or because the thief is simply a professional, you're out of liability.

            The key word in it all is "reasonable". You cannot keep a true hacker out of your system. Likewise, if someone wants your car, you have no chance to keep him fro
    • by grand_it (949276)
      Because without fault, ALL APs are configured to accept any and all connections by default.

      I've tested and reviewed about 20 APs and wireless routers in the last two years. I've found only one that had WPA ebabled by default: Netgear's WGU624 [netgear.com].

    • Because without fault, ALL APs are configured to accept any and all connections by default.

      I have just the opposite experience. Ameritech.. err SBC.. err AT&T offers DSL in my area and sold a very popular line of 2Wire wireless routers for home networking as part of their install and I can find at least 12 of these around my neighborhood and they're all locked down with a semi-unique SSID (usually 2Wire_???) and the WEP or WPA key is a number written on the underside of the router. So, by default, t

      • Probably when an ISP offers WiFi access they shut down the APs by default to avoid freeloading. Probably because it's cheaper to handle the setup difficulties their users may experience than the additional traffic their neighbors would create.

        As a sidenote, ISPs here don't do it. Probably because we have to pay for traffic anyway, so they have someone to pay for the traffic...
  • by Linker3000 (626634) on Monday March 06, 2006 @07:37AM (#14856762) Journal
    Is Ric Romero writing for the NYT now!?

    Can we borrow an 'obvious' tag from our friends at Fark.com?
  • *gasp* (Score:5, Funny)

    by scenestar (828656) on Monday March 06, 2006 @07:38AM (#14856765) Homepage Journal
    As they do, new sets of Internet behaviors are creeping into America's popular culture.

    you mean "SHARING" something?
    • Most Americans are christians.

      Quoting St. Augustine: "For if a thing is not diminished by being shared with others, it is not rightly owned if it is only owned and not shared".

      Thus, those sinners from RIAA/MPAA will burn in hell.
  • by necro2607 (771790) on Monday March 06, 2006 @07:38AM (#14856766)
    In a semi-related story... I was at a friend's place last week and I wanted to transfer to him some audio-recordings of my band's recent practice. I asked him, "Do you have a wireless network or anything set up here?" ... He said how he didn't want to "get into that wireless stuff" because there are apparently so many people who would hack into his wifi network or whatever. That, and there are people who drive around in vans with gear to hijack peoples' wireless networks.

    During the minute or so that he was going on about this stuff, I found about 3 open wireless networks in range. I connected to one of them, logged into MSN Messenger and laughed as he saw a little notification pop up on his PC screen that indicated that I had just come online.
  • by putko (753330) on Monday March 06, 2006 @07:39AM (#14856768) Homepage Journal
    If you had to pay for bandwidth based on how much you used, people wouldn't do share. Also, telco companies wouldn't be floating the concept of charging more for various services (e.g. VOIP, or VOD).

    Does anyone know why it is that companies don't just charge for bandwidth, the way they do with a colo? Is it really so complicated?

    That would be nice to for mom-and-pop -- they wouldn't have big fixed-fees due to heavy users like myself.
    • I think it's probably because the fairly large percentage of low-bandwidth users (simply email & minimal surfing, no mp3s/videos/p2p) would be a total loss of profit to the ISPs, if they started charging based on actual bandwidth usage.

      They can make an unbelievable amount of money because while the ISP might pay for their connection by bandwidth used, their users (you and I) are paying a flat-rate (and probably artificially large) monthly fee regardless of bandwidth usage.

      What I'm trying to get across i
    • A lot of ISPs here in the UK do indeed offer plans with a monthly bandwidth usage cap. If you exceed the cap, you pay for the extra you use, generally in 1GB chunks. I beleive that some ISPs offer the user the choice to have their access cut off if they exceed the cap, rather than be charged for more.

      Those plans tend to be a little cheaper than the uncapped ones, but not by as much as you might expect. For example, I have an uncapped plan, which is only a couple of pounds more per month than my parents' cap
      • In the UK I believe that they do that because of the way that the pricing from BT works (where most get the wholesale ADSL connections / connectivity from). Those that don't are paying for bandwidth directly somewhere along the line.

        The problem is that customers LIKE fixed costs and don't necessarily know how much "X Gb" is. Some ISPs in the UK (like mine) are going away from fixed limits and using traffic shaping to limit the speed of e.g. P2P connections. They also restrict the use of "servers open to
  • by brxndxn (461473) on Monday March 06, 2006 @07:39AM (#14856769)
    I was sitting at a McDonald's with my laptop during a road trip. There were two wifi networks available. One was titled 'McDonald's' and the other was titled 'BetterThanMcDonald's.' I used the latter. I love when people do that..

    • ... I can't stand when summaries read stuff like "available due to the lack of the average user's knowledge".

      Lots of APs are open not because the user doesn't know how to secure them, but because they don't give a crap. I personally have run an open AP for years. It is more convient (any device someone brings into my house has access, they don't need to get any keys), and the odds of any of my non-techie neighbours having WiFi are slim to none, so I really don't give a hoot about someone stealing my connect
    • One was titled 'McDonald's' and the other was titled 'BetterThanMcDonald's.' I used the latter. I love when people do that..

      Anybody working on an 802.11 tipping extension? I've seen this situation before and I'd love to have paypal'ed the guy a buck for bailing me out of a sticky situation.
  • by Bad to the Ben (871357) on Monday March 06, 2006 @07:42AM (#14856783)
    I've often thought about openning my AP, but I just know that after a week or two some jerk is going to use my DSL connection as his own personal torrent link. If I was using someone's DSL connection I'd limit myself to just normal browsing and light email. Those morons ruin it for everyone else.

    With regard to securing access points, I've thought of a better way of setting things up properly (someone may already have thought of it). You plug your computer in to the AP for the first time via an Ethernet cable. You go into the settings, and click an option to setup the AP. The AP creates a secure WPA key using random characters. It then spits out a small script for you to download. You execute the script as Administrator or root, and it automatically configures your OS for the AP, with the right key and everything. After this you can use the AP wirelessly.

    There would be some problems though, mostly checking the OS type and having to write scripts for Windows, OS X and Linux. But I reckon it could be done.
    • set_post_tone('non-aggressive');

      Man, if only network traffic was divided up into loads of different types. That way you could block certain types of traffic from passing through your network by configuring your router...

      Not that this would stop http downloads of isos or anything, but most Average Joe heavy bandwidth use is via the likes of bittorrent.

      We could call these types "ports", and there should be at least... pulls random number out of ass... 60000 of them!

    • by necro2607 (771790) on Monday March 06, 2006 @08:07AM (#14856857)
      Actually, it is 100% possible for you to set up traffic bandwidth shaping so that any particular IP is only allowed a certain amount of bandwidth, for example.

      Use a UNIX-like machine as a router/firewall for your network, and you suddenly have amazingly detailed networking possibilities within your reach. I strongly suggest reading the Linux Network Administrator's Guide [faqs.org]. Even though it's getting a little outdated it has some downright cool-ass information within.

      Of course, few users are technically adept enough to actually set up a router like this, but I'm sure it has been used a lot for people who want to keep their wifi access "open", but safely limited.

      On a related note there are pre-built linux firewall packages out there [google.ca] which will surprisingly easily allow you to do what I was just talking about.

      Also, here is the Linux Advanced Routing & Traffic Control HOWTO [lartc.org] ... It's a bit technical but a useful resource nonetheless.
    • I've often thought about openning my AP, but I just know that after a week or two some jerk is going to use my DSL connection as his own personal torrent link. If I was using someone's DSL connection I'd limit myself to just normal browsing and light email. Those morons ruin it for everyone else.

      So you're saying you don't share because you assume someone would abuse your connection and, even though no one ever has abused it because you've never actually shared it, you blame "morons" who ruin it for everyo

    • by bogd (912084)
      Linksys has had this for quite a while now - they call it "SES" (Secure Easy Setup). Details here [cnet.com.au] or here [tomsnetworking.com].
    • by steve_l (109732) on Monday March 06, 2006 @08:44AM (#14856989) Homepage
      You are right, the only person who should bring the network to is knees is me.I do this by configuring my router so the bittorrent ports go to my machine, and not to any of those evil piggybackers.

      I actually run an open network for a number of reasons
        -I cant be bothered to set up access for overnight guests and other visitors
        -I explicitly allow a neighbour to share
        -I dont think classic WEP, that some of my hardware is, is at all secure.
        -Knowing the net is open forces me to lock down the boxes better. All firewalled, no SMB connectivity (SSH/SCP to the server only).

      And finally: I like it when I get free networks when I travel, and want to share the joy. Saturday: father in law's house, public network "linksys". Last summer -stuck at my mother's house for a few days. Public network from a neighbour. I dont care whether these people did it on purpose or through ignorance, I benefit, and their cost is minimal.

      I believe that you can get firmware for the linksys WRT54G boxes that let you throttle guests...

      -steve

  • Personally, (Score:3, Funny)

    by hungrygrue (872970) on Monday March 06, 2006 @07:52AM (#14856815) Homepage
    I not only run an open node, but make sure that my neighbors know that it's there. Failing to secure an access point isn't a lack of user knowledge, it is common courtesy.
  • Bizarre attitudes (Score:5, Insightful)

    by caffeination (947825) on Monday March 06, 2006 @07:52AM (#14856818)
    I got into this article without signing up yesterday. Can't today, so I'm quoting from memory.
    ...I thought "Oh my God! People could be using my connection too!".
    Six months later, however, $Person still hasn't secured her wireless network.
    My parents were the same. I took my laptop into the garden, showed them that I could get onto their connection from at least 50m from the house, then I connected to the neighbours' connections and changed their essids to demonstrate how easy such things are. Then I opened ethereal and demonstrated to them how easy it was to read peoples' internet traffic.

    All I got was "That shouldn't be allowed".

    Under my own initiative, I then put a fairly long encryption key on their network and password protected the router config. I know it's weak security, but it's better than none at all.

    That is how much people care about security. I explained to my uncle the other day about how spyware can log your key presses and report them back to a server. He was shocked and outraged, for about 1 second. Once his computer was clean enough to be usable, he was satisfied (this is a home & business computer, used for EBAY).

    Nobody gives a shit about anything to do with computers. It seems that the current parent generation was lead to believe that technology would make life easier and do all the work for them, when the reality is that it's actually replaced much of the work. God knows what long term effects this will have on computing.

  • by brohan (773443) on Monday March 06, 2006 @07:55AM (#14856821) Homepage
    This article reminds me of what happened to me last weekend.

    I was on my way to Toronto, stopped in a Tim Horton's, and because I was working on something rather important and there was a heavy wind/snowstorm going on I whipped out my laptop. I couple sitting at the table over from me wanted to check their email, but was unsure of how I was getting internet. I explained that I was getting internet from some generous local person, they tried to get wireless working, though their laptop's card wasn't powerful enough. So I gave them Netstumbeler and taught them how to use it. I'll bet they're going to be wardriving alot more now ;P

    The thing was, these guys had an open mind about security, they didn't mind trotting into other people's wireless network any more than I did. It is because of the generosity of the people who left the access points open.

    I leave mine open on a another network, just on principle. I limit the bandwidth to un-filtered addresses, just due to the generosity I've received in connecting to others.

    • This is true. Even my mom is using Netstumbler [stumbler.net] when she visits places. Of course, I got her to also use my pet project [wifimaps.com] to find places to get connected.

      Wi-Fi is now a part of most of our daily lives. Some folks have their peeves, convictions, and styles, which give shape to a localized wireless space. In densely populated areas, if one of your neighbors has their AP encrypted, there will be at least 2 APs which are completely unconfigured, and two APs that are obviously configured for use by whomever (with
  • Open access (Score:2, Insightful)

    by suntac (252438)

    "Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access."

    I think a lot of people have an open WiFi connection for the rest of the world to use. This however is not only because they want to give some protest but also to simply add a other node to the ever growing number of open "uplinks".

    As more and more people are doing so at the moment it becomes easy for traveling laptop users to get

  • Wi-Fi Honeypots? (Score:4, Interesting)

    by ROOK*CA (703602) * on Monday March 06, 2006 @08:18AM (#14856898)
    I wonder when/if we're going to start seeing stories about people setting up open WAP's as honeypots? In other words, set up an open AP, for the sole purpose of comprimising hapless piggybackers that connect to it with relatively unsecured machines -- I think it would be hilarious and a nice little piece of payback for those folks that thinks it's okay to piggyback off resources that someone else if paying for (with a little publicity might make people think twice about piggybacking).

    Of course if you're too clueless (or too lazy) to take any steps to secure your wireless network then you probably shouldn't be complaining when someone else takes it upon themselves to utilize the resources that you've basically left laying around in public, I mean it's akin to putting a wad of money out on the sidewalk in front of your house and expecting it to be there next week.

    Securing your WAP isn't any great task, the OEM's producing these devices for home/small business networks have made it very easy to do, have for the most part documented it well and there are a plethora of resources on-line to supplement the OEM documentation. No excuse not to do it, unless of course you really don't care that any Tom, Dick or Harry can connect to your home LAN and basically do whatever they want with that connection, including poking around on every machine you have connected to it as well utilize your Internet connection for whatever they feel like doing with it.
    • I've thought of this so many times... it is why I don't use plaintext protocols unless I really need to, when I am on some random person's wireless network.

      Even then, imagine someone having some really advanced software that will pick up on me trying to establish an SSL (or otherwise encrypted) session, and execute a MITM (man-in-the-middle) attack, entirely automatically?

      Man, that would be a damned cool piece of software to have on my network router...
    • Re:Wi-Fi Honeypots? (Score:3, Interesting)

      by Sam Nitzberg (242911)
      My experiences (and links to a few of my papers)... I realized that (while reconfiguring and dropping my crypto) that a neighbor came onto my wireless network. The obvious thing to do would have been to shup him out, and secure the network. Since I maintain data on a seperate drive (with its own power supply), I cut the drive out, and decided that I had a great opportunity to practice with my security tools. I did a paper on what I found (was published in 2600: The Hacker Quarterly): http://iamsam.com/ [iamsam.com]
  • Tor (Score:3, Interesting)

    by quokkapox (847798) <quokkapox@gmail.com> on Monday March 06, 2006 @08:28AM (#14856927)
    If you're going to offer a free wifi access point then please also run a Tor exit node.
  • by HawkingMattress (588824) on Monday March 06, 2006 @08:32AM (#14856941)
    I have two routers, both running openwrt.

    One is connected to my cable modem, and is linked to the second one through a vlan. The second one's wifi card is in client mode, and connects itself to the AP of a little shop under my flat, using it as its default gateway. Add a little script on the first one which will change the routing tables to use the second router as gateway if my cable provider's gateway is unaccessible, and there you have it: totally transparent, free redundant connection for the whole network. Even the machines without wifi since their gateway is still the first router...
    I'm going to shape the traffic on the second one to limit p2p use on that connection since the purpose is not to suck their bandwith to death though...

  • by MaxPowerDJ (888947) on Monday March 06, 2006 @08:39AM (#14856968) Journal
    I have read about other people's posts abot leaving your access point open and sharing the connection. Around here (Puerto Rico), people would just mess your resources up. I have a 1024 Kb down/ 512Kb up cable connection that I distribute among my two computers (one for light e-mail and downloading and another that I connect through the net from work). and I personally took care of security (MAC address filtering + best encryption supported by the AP).

    The things is, people have attempted to get in and disable my equipment. People can and will use the wireless connection to do mischievous things. They get no access from me.

    Open access is fine if you have an agreement with your neighbohrs and/or you have a common wifi provider (many new housing development are now including wifi from the get go). Otherwise, is just asking for trouble.
  • by 1u3hr (530656) on Monday March 06, 2006 @08:54AM (#14857034)
    The NYP can't resist: David Cole, ... for Symantec ...said savvy users could use the computer as a launching pad for identity theft or the uploading and downloading of child pornography.

    But at least they didn't play the TERRORIST card.

  • by abscissa (136568)
    I just found, during a firmware upgrade for my Linksys Wireless G VPN Router, that there is a new feature built in which allows you to configure your access point to use a paid, third party service through "Boingo" (dunno what that is, don't want to spend the 2 seconds it will take to find out) to charge for your access.

    Yes, folks, the Linksys router you bought can now be configured with one of those "Welcome" screens just like at McDonald's, so you can welcome your neighbours to your wireless access point
  • A good reason to run an open access point on your broadband connection is that if you're ever sued by RIAA/MPAA or suspected of anything, you've got the possible defense that it was someone else connected to your access point. Lock it down and it had to be you. Of course, running an open AP makes it more likely that someone else will get on and seed a torrent of Bambi or upload midget pron, but you take your chances.
  • I route all unknown traffic on my wireless to gay porn....
    (not that there is something wrong with that...)
  • Here's my wishlist for a Wireless AP hardware solution:

    1) the ability to easily set up a DMZ. I can firewall off my internal network easy enough, but if we want Joe User to do it, it needs to be easy and obvious to set up a free area that is distinct from the walled off internal network.

    2) Bandwidth throttling based on the above mentioned DMZ. If you are in the DMZ, you may use x% of the available bandwidth. If you are on the internal network, regular rules apply.

    3) Hot chicks in every box.

    4) Mesh networ
    • 1) the ability to easily set up a DMZ. I can firewall off my internal network easy enough, but if we want Joe User to do it, it needs to be easy and obvious to set up a free area that is distinct from the walled off internal network.

      Well, give 'em some time. It is easy enough with an industrial grade (IE: Cisco) router. The Linksys stuff will get there eventually. Actually, there is a DMZ option on my Linksys. It should be easy enough to set up a second router on its own subnet and plug the AP into it. But
  • Oh Yeah... (Score:3, Interesting)

    by Greyfox (87712) on Monday March 06, 2006 @09:47AM (#14857286) Homepage Journal
    My access point is completely open, but it won't take you anywhere unless you establish a VPN connection to my server and get routed out that way. I suppose it must be very disappointing to my neighbors to find what looks like a juicy open access point, only to discover that there's no internet connected to it...

    I don't do it to torment my neighbors though, I just happen to trust the swan guys a whole lot more than the WEP guys to design a network encryption setup that doesn't suck.

  • by CrazyWingman (683127) on Monday March 06, 2006 @09:55AM (#14857324) Journal

    I don't open my AP, and here's why: People still don't understand enough about how their computers and the networks that connect them work to be trusted in my environment. Having recently left college, I was around when my fraternity put in wired ethernet and later wireless APs. We told everyone when we put everything in, "We all share this $N k/sec. line. Do not hog bandwidth. Limit your downloads. This network is intended to allow brothers to do schoolwork in-house, rather than haul to campus." I must say that all of my fraternity brothers were pretty level-headed. None of them would have actively screwed over another brother. But, invariably, once a week or more the net would stop dead because one of them had Kazaa up, downloading seven seasons of anime and leaving their uploads unlimited. They weren't trying to be jerks, they just didn't understand how the network worked and how much bandwidth they were using.

    So, I keep my AP closed. If I knew that my neighbors were knowledgeable, I'd open it to them. I open the network to anyone who visits me in my home - where I can click them off if they do something stupid. Unknowns - never on my network.

  • by ch-chuck (9622) on Monday March 06, 2006 @11:21AM (#14857892) Homepage
    Just found out about this [georgetoft.com]. Pretty funny.

  • by DodgeRules (854165) on Monday March 06, 2006 @11:45AM (#14858158)
    The article also takes a look at how the prevalent attitude is that tapping in to these connections does not equate to stealing and why still other may disagree.

    Remember the Slashdot article [slashdot.org] about the man arrested in St Petersburg, Florida [sptimes.com] for stealing wireless internet access from another man?

"Love is an ideal thing, marriage a real thing; a confusion of the real with the ideal never goes unpunished." -- Goethe

Working...