Wi[r]eless security (was: Suspend bug)

Cris Rhea crhea at mayo.edu
Sun Feb 4 17:39:57 UTC 2007 

> Message: 6
> From: "David G. Miller" <dave at davenjudy.org>
> One reason I ended up running network cable to most of the rooms of our 
> house was the trouble I had trying to get a friend's laptop to connect 
> to my AP (it's also nice to have a gigabit LAN through the house).  If I 
> have trouble getting a system to connect and I have full access and know 
> "everything", it should at least be fairly difficult for someone who 
> doesn't have such access and knowledge.
> 
> I run WEP (will probably go to WPA when I find time to diddle with 
> setting it up), filter MACs and don't broadcast ESSID.  I know that 
> theoretically this set up isn't absolutely secure but I'm guessing I've 
> raised the bar high enough that I'll keep the script kiddies, access 
> scofflaws and all but the really serious crackers out.  Also, a quick 
> scan of the APs in the neighborhood indicates there are several that are 
> much easier to crack (or just use).
> 
> Cheers,
> Dave

Not long ago, I shared similar view-- for home use, minimal security should be 
"Good enough".

Two things changed my mind:

First, I was doing research for a paper on the current state of wireless security and
was shocked at how many security flaws existed in the early wireless protocols. 
For example, I can determine your WEP key and SSID by passively listening to your network.
This can be done with freely downloaded code.  Changing one's MAC address (to match 
your filters) has been available for years and doesn't require any additional software.

Second, we were talking about this topic and one of my friends told me his neighbor had
been named in a lawsuit over theft of digital music (Sony was suing him). Turns out that
the neighbor hadn't done anything illegal, but someone had been using (stealing) his 
home WiFi network to download music.... took him a while (and $$$) to prove he was innocent.

Do a Google search on "War driving"-- it's becoming a popular hobby...

--- Cris

-- 
 Cristopher J. Rhea                     Mayo Foundation
 Research Computing Facility             Pavilion 2-25
 crhea at Mayo.EDU                        Rochester, MN 55905
 (507) 284-0587                        Fax: (507) 284-5231

More information about the fedora-list mailing list