Wi-Fi Moochers: Some Wireless Internet Fans 'Borrow' Access

The Wall Street Journal ^ | Thursday, July 31, 2003 | NICK WINGFIELD

[TroutStalker]

Nigel Ballard was hauling the trash out one night several months ago when he spotted a digital loiterer in front of his house.

A man was sitting in a car blocking Mr. Ballard's driveway, the soft glow of a laptop illuminating the vehicle's interior. The driver was checking his e-mail. Mr. Ballard had set up a wireless antenna to share his high-speed Internet connection with neighbors, but he hadn't expected to see strangers dallying after dark.

[js1138]

Then, in addition to the limitations of encryption, I observe a reduction in range and bandwidth when encryption is on. Without expensive add-on antennae, I see the range of consumer products to be about 75 feet (or less).

[Herodotus]

hehe...watch some broadband company execs with a hole in the head start going after WiFi stealers for violating the DMCA, like the RIAA....

[syriacus]

For my online purchases, I use a credit/debit card which is connected to an account in which I keep a minimum amount of money.

Most of my online purchases are small (books, cds, etc.)

[D-fendr]

Thanks for the link on the tech details of WEP cracking. As you likely know the theory has been implemented in kiddie-script fashion:

AirSnort, a program that runs on a Linux system with a 2.4 kernel and Prism-based NICS, takes advantage of the exploit outlined in the Fluherer, Mantin, Shamir paper, and can discover a WEP key after passively monitoring a wireless network. According to the site (http://airsnort.sourceforge.net), AirSnort can determine the WEP key in seconds after "listening" to 100MB-1GB of traffic.

WEP2, if I remember correctly, is overdue, and there's another consortium planning a 802.11i standard to fix some or most obvious holes.

[Spiff]

Using Kismet wireless scanner for Linux, an Orinoco wireless card, and a notebook with Linux loaded on it I can drive through my very small town and pick up dozens of wifi networks that are wide open for use and/or abuse. Hardly anyone is properly protecting their wife network and they don't realize how easy it is to sniff their traffic and/or use their network. Security-minded people think that by turning off their SSID broadcast they can't be seen. That is true for most wireless tools, but not for Kismet. It actively probes and just about every WAP or wireless card is more than happy to answer back will all kinds of info.

Using AirSnort wireless scanner for Linux, an Orinoco wireless card, and a notebook with Linux loaded on it - even if they DO have WEP turned on - eventually AirSnort can crack their WEP key. Once WEP is cracked, the network is wide open.

Of course, that doesn't get anyone past the firewalls built into most WAPs and Wireless Routers nowadays (yet), but it WILL get them onto the wireless network and be able to use it.

[Spiff]

Is it just me, or is the practical limit of these things closer to 100 feet than 300 feet?

With the right directional antennae, I can pick up your wireless network a mile away.

[js1138]

We're talking past each other here. To use encryption, I limit my own usable range -- barring the use of external antennas. I'm pretty sure, based on several installations, that range is reduced by encryption. That's aproblem for the legitimate user, not necessarily the hacker.

[Fiddlstix]

BTTT

[Brian S]

Check out the blurb I read just this morning on the new WiFi with 30 mile radius...

2. Move Over, Wi-Fi

The Buzz: Just as you get used to Wi-Fi (802.11), along comes WiMax (802.16), a new wireless standard with a 31-mile range and a peak data rate of 70 megabits per second. (Wi-Fi covers 300 feet at 11 mbps.)

It will initially be deployed across metro areas to extend wireless hot spots and bring high-speed access into homes and offices, but WiMax could eventually become your favorite way to get broadband. WiMax products from vendors like Intel should hit the market in 2004.

Bottom Line: Could WiMax eventually unseat Wi-Fi? Wi-Not?

[BlueMondaySkipper]

Hardly anyone is properly protecting their wife network and they don't realize how easy it is to sniff their traffic and/or use their network.

I'm getting some fantastic mental images over this one :-)

[justlurking]

As you likely know the theory has been implemented in kiddie-script fashion

Yes, I did. But, I chose to not publicize the "turn-key" applications, which were developed from the research that I referenced.

[bc2]

I just installed a LinkSys wireless network in my house. It's on the 3rd floor and my dad can connect out in the back yard. I would say the 300 feet is just a CYA move for the companies.

As far as encryption, I have 128 bit installed and don't see a huge decrease in speed as they said would happen.
You can restrict by MAC address as well but the 128bit should be OK.

But, thanks for the script kiddie info, I wish I could smack the crap out of these punks. I'm only 23 and still remember the good old days when you actually had to spend hours and hours and hours pouring over RFC's and other white papers to figure out how to work exploits.

Scripts and worms etc take half the fun out of hacking!

[bc2]

hacking purely in a "white hat" sense, I should have clarified that before I get flamed to death by people who don't know the 2 sides to the hacker world!!!

[HAL9000]

I'm aware of the existence of commercial, high powered wi-fi devices, but I'm speaking of the over-the-counter boxes sold in CompUSA, some of which suggest a range of 300 feet. I've never seen this range achieved.

I don't think the power is greater for long-range WiFi - instead, the antenna is directional and has more gain.

I've noticed that Macs generally have much better range than PCs for WiFi - probably because the Mac WiFi antenna is built into the case and it's larger. The antennas on those PC Cards are not very good. I've used access points where a PC laptop barely works if you set the computer at a certain angle, but a Mac iBook works great at any orientation.

[justlurking]

You can restrict by MAC address as well but the 128bit should be OK.

You should be aware that 128-bit encryption increases the time it takes to crack a WEP key only slightly, due to the weaknesses in the implementation.

However, more recent WiFi cards and access points may do better. I haven't keep up with the changes.

[MatthewViti]

I'm still hlding off on wi-fi even though my powerbook has it. I still feel wired is faster and safer (at the moment). When in public (American Airlines clubs, Airports, Hotels) I'll use it, but not at home.

[houstonian]

...bump...

[Astronaut]

I've got the Airport Extreme card in my PowerBook (54Mbps). The Airport transmits faster than the broadband signal, so there is no loss of speed. My internet is just as fast on Airport as it is when the ethernet cable is plugged into the PowerBook.

I'm not terribly worried about security. I think the built in security is good. A determined cracker is just as much a threat to your wired connection, but to each his own.

[AFreeBird]

I just upgraded the firmware in My LinkSys WAP(802.11G), that updated the encryption to WPA. Here are the current options.

Security Settings

The router supports four different types of security settings for your network. Wi-Fi Protected Access (WPA) Pre-Shared key, WPA Remote Access Dial In User Service (RADIUS), RADIUS, and Wire Equivalence Protection (WEP).

To enable Security Settings, click the Enable radio button. Then click the Edit Security Settings button to configure the security settings. To disable security settings, keep the default setting, Disable.

WPA Pre-Shared Key: There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.

To use WPA Pre-Shared Key, enter a password in the WPA Shared Key field between 8 and 63 characters long. You may also enter a Group Key Renewal Interval time between 0 and 99,999 seconds.

WPA RADIUS: WPA RADIUS uses an external RADIUS server to perform user authentication. To use WPA RADIUS, enter the IP address of the RADIUS server, the RADIUS Port (default is 1812) and the shared secret from the RADIUS server.

RADIUS: RADIUS utilizes either a RADIUS server for authentication or WEP for data encryption. To utilize RADIUS, enter the IP address of the RADIUS server and its shared secret. Select the desired encryption bit (64 or 128) for WEP and enter either a passphrase or a manual WEP key.

WEP: There are two levels of WEP encryption, 64-bit and 128-bit. The higher the encryption bit, the more secure your network, however, speed is sacrificed at higher bit levels. To utilize WEP, select the desired encryption bit, and enter a passphrase or a WEP key in hexadecimal format.

[Spiff]

Cool. But is WPA backwards compatible with standard 802.11b devices? Or are you locked into buying and using only new devices that support WPA?