Picking up someone else's internet????

darrenoneill33

Have heard talk about people being able to tap into a neighbours internet? How does this work.
I'm ok, got my own but was wondering could a neighbour be using mine.
I thought you would need some type of password or code to get into someone elses connection.

Enright

i assume that its wireless broadband you are talking about! when a user sets up their wireless router they often for expiedency sake and because it takes a bit of time to set up they omit to secure their network, ie they do not encrypt it. That means that anyone within range with a wireless modem can see and connect to the internet using that connection. If a password is uded, whilst they can still see the broadband connection, they will not be prevented from using it.

nava

darrenoneill33 wrote:

Have heard talk about people being able to tap into a neighbours internet? How does this work.
I'm ok, got my own but was wondering could a neighbour be using mine.
I thought you would need some type of password or code to get into someone elses connection.

Hi

they can pick-up your internet if you have a wireless connection that's not secure, if you have a wireless router make sure you have the Security Mode enable with WPA if available or WEP also enable "MAC Address Filtering" so only the specifed MAC addresses can access your connection.


Regards

Sandwich

It seems quite common to be able to connect to a neighbors router if its a combined broadband/WiFi router. So many people are using no encription at all. How hard it is to break into their connection if they have it protected I dont know.

Also, I think it is illegal to connect to someone else's connection without their knowledge.


I use WEP and and have my router set to only connect to the MAC address of my PC. Is this completely secure as far as someone else using my router?

AFIK "WPA is more secure than WEP" but how much more secure that does mean in practice? My PC WiFi adapter does not a facility to limit it only to connect to the router MAC address so I guess thats less secure. Could someone access my bb connection through my PC's WiFi adapter?

Foxwood

Sandwich wrote:

I use WEP and and have my router set to only connect to the MAC address of my PC. Is this completely secure as far as someone else using my router?

By all accounts, WEP can be cracked in 10 or 15 minutes. You're broadcasting your MAC address all the time, and it's trivial to clone a MAC address, so MAC filtering is not worth the trouble of looking up your MAC address.

AFIK "WPA is more secure than WEP" but how much more secure that does mean in practice?

A lot. WEP is cracked by simply by listening to the traffic being transmitted, and working backwards to recover the key. (a very simplistic description, I know). WPA isn't known to be vulnerable to such an attack. Wikipedia has a good description of the difference.

My PC WiFi adapter does not a facility to limit it only to connect to the router MAC address so I guess thats less secure. Could someone access my bb connection through my PC's WiFi adapter?

Not unless you set your adapter up in ad-hoc mode and allow inbound connections.

Sandwich

Thanks v much. Will switch to WPA. Surprising WEP still seems to be the first option offered when setting up a Wifi component.

Foxwood

Sandwich wrote:

Thanks v much. Will switch to WPA. Surprising WEP still seems to be the first option offered when setting up a Wifi component.

Unfortunately, devices like games consoles often only support WEP, even after all this time. Despite the fact that interoperability and setup is easier for WPA than for WEP. That is only a problem because wireless encryption is either/or - you can't have some devices using WEP and some using WPA.

watty

Mac addresses can be sniffed via ARP packets and then later faked. It is an illusion of security.

128bit shared key WEP is a bit harder to crack. Open key bad. If you can't do WPA, (and incorrectly setup it is worse than WEP correctly set), then WEP is better than nothing.

Also make sure no anonymous shares on any PC and all PCs have good passwords, especially on any administrator accounts and then at least they can only pinch your Internet bandwidth.

Saruman

Lets face it though.. how many people out there know how to crack encryption let alone can be arsed???

I use WEP for no real reason. I just cant be arsed changing it as i do not forsee anyone trying to crack the key!!

Definatly encrypt though.. its more than being able to access your internet... They will also be able to access your computer/s files etc unless you also have that secure.

Maybe if i notice a few more wireless systems in the area but for now im the only one in range.

Smoggy

A freind went on a wifi course and came back saying that WEP is useless , they used 2 programs and with in a matter of minutes they had captured the data and used another program to extract all the info needed such as keys and mac address.

The moral of the story is that any amatuer hacker or someone with limited IT knowledge can bypass WEP quickly making it useless. WPA is the only real solution.

zAbbo

Takes around 10-15mins for me to crack 64bit WEP, 128 slightly harder, as it requires more Unique IV's (over a million should do it)

Usually undetectable passive scanning

Surprisingly easy, and all the information can be found with some google searches.

As said, some devices don't support WPA, so people use WEP instead, those eircom modems are 128bit WEP.

Personally I use 64bit WEP + Mac filtering + Intrusion detection, I know it's not 100% safe, nowhere near it.

Foxwood

Saruman wrote:

Lets face it though.. how many people out there know how to crack encryption let alone can be arsed???

I can think of a 4 word google query that will give you 38,700 web pages that discuss how to crack WEP.

Foxwood

zabbo wrote:

As said, some devices don't support WPA, so people use WEP instead, those eircom modems are 128bit WEP.

I thought eircom gave out the Netopia 3347? The manuall says that the 3347 support WPA-PSK.

watty

I was discussing an expensive security solution about 6 years ago with an IT college. The Administrator claimed the students were not generally clever enough to hack anything. I asked if there was at least one able to do Internet searches and install Linux. He admitted at least half a dozen and bought the system.

Living in an Urban area suburbs greatly increases WiFi risks. ANY form of WiFi should not be used on a network that needs real security. Some people claim WPA can be cracked easier than WEP shared key. WEP "open key" is madness.

You only need a two word search on Google

Watch out for guys in cars pointing Pringle cans at your house

The security problem is exacerbated by the fact that early attempts at encryption were flawed. Wired Equivalent Privacy (WEP) was found to be vulnerable to various statistical weaknesses in the encryption algorithm it employed to scramble data passed over the WLAN. While attempts were made to correct the problem, it's still a relatively simple feat to crack WEP and essentially pull the password right out of the air. In addition, WEP suffers from other problems that make it unacceptable for use in any secure environment.

The wireless community knew early on that these problems existed. However, they also realized that it would take years until the standardized correction was designed and implemented into new hardware. In the meantime, millions of users needed reliable protection. The Wi-Fi Alliance stepped up to the challenge and created an interim "standard" called Wi-Fi Protected Access (WPA).

WPA did an excellent job of patching the problems in WEP. With only a software upgrade, it corrected almost every security problem either created or ignored by WEP. However, WPA also created new problems:

* One flaw allowed an attacker to cause a denial-of-service attack, if the attacker could bypass several other layers of protection.
* A second flaw exists in the method with which WPA initializes its encryption scheme. Consequently, it's actually easier to crack WPA than it is to crack WEP. This flaw is the subject of this article.

WEP with a "shared key", not "open key" *IS* better than nothing or badly setup WPA. But make sure if Wifi is breached every PC etc AND ROUTER needs a non default decent password.

Esel

Is it possible to upgrade a WEP-only router modem to WPA?

aidan_walsh

esel wrote:

Is it possible to upgrade a WEP-only router modem to WPA?

If there is a firmware upgrade that supports it, yes. The encryptions are generally all software based, not hardware.

Esel

Thanks for the quick reply! Will check my model for upgrade possibilities. Are you really 'The Master'?

Sarsfield

watty wrote:

WEP with a "shared key", not "open key" *IS* better than nothing or badly setup WPA.

My router is set to Authentication Type "Automatic" (from a choice of "open system", "shared key", "automatic")

Good? Bad?

Also, if I change my router settings, do I need to change the settings on my laptop & pda?

aidan_walsh

Are you really 'The Master'?

Merely a pretender to the throne.

vimak

if you knew how to secure your wlans i wouldn't be typing this post WPA can also be cracked, so best option for securing the WLAN is to use VPN. However not all boxes support that.

regedit

Hm, my Netgear DG 83G was configured by me to utilise a WEP with an encryption strength of 128 bit! After reading through these posts, it is not very pleasant having to think that someone can hack into the router settings and the PC!
I can see that my router supports VPN so I might give it a go. Partner often works at home from her laptop and she always has to use VPN so it must be the most secure mode out there at the moment!

watty

VPN is only for connecting to a specific server/LAN elsewhere. Not usable to browse internet, nor does it stop someone accessing the Internet via your WiFi/Modem.

I use VPN and simulanously my other WiFi and LAN users can access the Internet in ordinary way. My Internet IP of course changes to that of the remote Network, but the other Wireless & LAN users see no change.

watty

vimak wrote:

if you knew how to secure your wlans i wouldn't be typing this post WPA can also be cracked, so best option for securing the WLAN is to use VPN. However not all boxes support that.

VPN only secures point to point data. It does not affect the WiFi base unit security at all. (Virtual Private Network).

Enterprise WPA is secure, it is doubtful if a consumer WiFi base unit without a Radius server is any more secure in WPA, than in WEP 128bit with a "SHARED KEY"

Ensure the base is in "Infrastructure Mode"/"Airpoint" not Auto
or Ad Hoc.
Ensure you use SHARED key and 128bit if using WEP, and that you actually write down and input the correct length random HEX key (not ASCII).

WPA doesn't work on lots to things. If it is on all your WiFi Clients and WiFi base, ensure that it is setup correctly.

Never leave ANYTHING on "automatic" or with default keys etc.

Write down and change the default password to actually get in to your WiFi. If possible set it that only a LAN connection can change WiFi settings.

Foxwood

watty wrote:

it is doubtful if a consumer WiFi base unit without a Radius server is any more secure in WPA, than in WEP 128bit with a "SHARED KEY"

WEP (even 128bit) can be cracked in a relatively short period of time (minutes, not hours) because the technique used depends on statistical weaknesses in the way the WEP Initialization Vector is created.

The vulnerability in WPA is that it can be brute-forced - you can capture a small amount of header information and then try every possible password to see if you can find the one that matches that particular WPA setup. Even for the minimum 8 character (64-bit) WPA password, that's going to take a long time. For a long password, you're talking years.

Here's an article describing a demonstration by the FBI of cracking a 128-bit WEP session in 3 minutes.

watty

I wonder was that WEP system setup "open key" or "shared key". Shared Key should take hours.

Foxwood

watty wrote:

I wonder was that WEP system setup "open key" or "shared key". Shared Key should take hours.

"Open Key" is more secure than "Shared Key". That's why it was implemented.

(Shared Key uses the WEP key to set up the association between the client and the access point. Open key doesn't).

The attack on WEP is based on statistical weaknesses in the IV. It doesn't matter whether you're using Open-key or Shared Key.

Voipjunkie

vimak wrote:

if you knew how to secure your wlans i wouldn't be typing this post WPA can also be cracked, so best option for securing the WLAN is to use VPN. However not all boxes support that.

No WPA is only crackable by brute force on a weak password with a strong password WPA is perfectly secure in our lifetime.

Esel

Voipjunkie wrote:

No WPA is only crackable by brute force on a weak password with a strong password WPA is perfectly secure in our lifetime.

Define 'our lifetime'.

dub45

esel wrote:

Define 'our lifetime'.

More appropriate question here methinks?

http://www.boards.ie/vbulletin/forumdisplay.php?f=443

antoinolachtnai

Is using someone else's Internet always a bad thing? If it is done in a controlled, secure manner, with the consent of the broadband owner, sharing isn't necessarily a bad idea. That's what FON is about (http://www.fon.com/)

watty

And consent of the Broadband supplier may be needed too.

Moriarty

If it's done with the owners consent, it's fine (aslong as it's ok with their broadband suplier too, as watty says). If the owner hasn't given consent for you to connect to their wireless network, you're breaking the law.

jimmycrackcorm

Moriarty wrote:

If it's done with the owners consent, it's fine (aslong as it's ok with their broadband suplier too, as watty says). If the owner hasn't given consent for you to connect to their wireless network, you're breaking the law.

but which law?

watty

It's theft. Same as stealing someones gas, electric, or phone supply.

phil

Leave your wireless LAN open and have some fun:

http://ex-parrot.com/~pete/upside-down-ternet.html

Phil.

BendiBus

jimmycrackcorm wrote:

but which law?

And if I'm sitting in a cafe and I turn on my laptop & it finds an open connection, how am I to know if I'm allowed to use it or not? I'm not a wifi techie, I just turn on the computer and try to go to a website. It either works or it doesn't.

zoro

I found a pc on my wireless network recently. I had reset the router to default settings and forgotten about the wireless network completely for a couple of days.

Only after I saw the disco-light effect of constant network traffic did I think to check the security settings. Sure, I left the network wide open to anyone at all, but I also deleted all the music and "My documents" contents on the pc that was "stealing my megahurtz".

Dirty thieving robbing bastards. I should've done alot more to that pc.

phil

No, you shouldn't have. You're just as bad for touching his machine as you suspect he is.

If there are a number of strong connections in the area surrounding you, wireless cards will often pick the strongest one, or if the user doesn't know the difference between the SSID's being advertised he may have selected yours by accident. If you left your network without security, you may have invited someone to use it (by accident) without them knowing any better. That said, maybe not, it depends.

But what you did is still childish regardless.

Voipjunkie

esel wrote:

Define 'our lifetime'.

A couple of billion years

zoro

phil wrote:

But what you did is still childish regardless.

Yup. But it felt damn good.

John1000

zora,
How did you access the "My Documents" folder on his PC?
I use wireless access at uni. and I would hate to think anyone
could come along and delete my precious files while I was connected.

Isn't what you did more illegal than the guy/girl who may
have just accessed your wlan accidedely ?

zoro

Twas actually the Shared Documents now that I think about it. Sorry for the mixup

Peanut

watty wrote:

It's theft. Same as stealing someones gas, electric, or phone supply.

It's hardly that black & white.

dub45

Peanut wrote:

It's hardly that black & white.

Why is it not as clear as day? If its not your own network you have no right to access it. If a person leaves their hall door open is it ok to invite yourself in?

And if it happened to be your network that someone was accessing I presume you would be fine with it?

dub45

zoro wrote:

Yup. But it felt damn good.

So a couple of guys meet you in the street rob you kick the s*** out of you and walk away rubbing their hands and one says 'Maybe we shouldnt have done that?' and the others say 'No but it felt damn good' and you would be ok with that?:rolleyes:

dub45

BendiBus wrote:

And if I'm sitting in a cafe and I turn on my laptop & it finds an open connection, how am I to know if I'm allowed to use it or not? I'm not a wifi techie, I just turn on the computer and try to go to a website. It either works or it doesn't.

Presumably you are an intelligent moral human being who knows that a network like that is not for general use? Just the same as if you were sitting in this magic restaurant and found a credit card you would know it was not for your use?

And restauarants who provide internet facilities for their customers normally advertise that fact no?

Foxwood

dub45 wrote:

Presumably you are an intelligent moral human being who knows that a network like that is not for general use?

Presumably you are an intelligent moral human being who knows that a network that is not for general use is not accessibe to the public?

If you disable the default encryption on your wireless router, you'd find it very difficut to prove that you weren't making your network available for public use. It's not illegal to walk into a bank or a shopping centre, even though they are clearly "private property".

dub45

Foxwood wrote:

Presumably you are an intelligent moral human being who knows that a network that is not for general use is not accessibe to the public?

If you disable the default encryption on your wireless router, you'd find it very difficut to prove that you weren't making your network available for public use. It's not illegal to walk into a bank or a shopping centre, even though they are clearly "private property".

And you walk into the bank and have a look at the money lying around and sensibly walk out presumably?

But who is to say there was ever a default encryption in the first place? and as I asked earlier is it permissible to walk into a person's house who has left their front door open? steal an unlocked bike (or is that to be regarded as an invitation to take it maybe?

You would not see anything wrong then with a person driving off in car that has been left unlocked and with the key in the accelerator? (no matter how silly it may be for someone to leave a car like that?)

Foxwood

dub45 wrote:

And you walk into the bank and have a look at the money lying around and sensibly walk out presumably?

But who is to say there was ever a default encryption in the first place? and as I asked earlier is it permissible to walk into a person's house who has left their front door open?

You say it's like walking into someones house, I say it's like walking into a shopping centre. They are both private property. The difference is that most private homes have locked doors, and most shopping centres have open doors. Just as most private networks have need a key to access, whereas public networks don't.

steal an unlocked bike (or is that to be regarded as an invitation to take it maybe?

If you put a sign on it saying "Free bike, please take it!" then then there wouldn't be a problem, would there.

You would not see anything wrong then with a person driving off in car that has been left unlocked and with the key in the accelerator? (no matter how silly it may be for someone to leave a car like that?)

Would you see anything wrong with someone getting on a free bus and riding it to their destination?

The only unequivically illegal action described in this thread is the unathorized deletion of files on someone elses computer.

Voipjunkie

dub45 wrote:

Why is it not as clear as day? If its not your own network you have no right to access it. If a person leaves their hall door open is it ok to invite yourself in?

And if it happened to be your network that someone was accessing I presume you would be fine with it?

It is not as black and white as that it is more like overhearing someones radio if you dont want anyone to hear what you are listening to put some headphones on if you blast out the radio people are going to hear it.

If you choose not to secure your network people are going to access it either accidentally or on purpose but it is your property so if you dont want anyone to access it secure it.


yes you should be able to leave your hall door open but in the real world we know that if you do that the chances are your contents will be gone in the morning however with an unsecure network someone could be accessing it by mistake

dub45

Foxwood wrote:

You say it's like walking into someones house, I say it's like walking into a shopping centre. They are both private property. The difference is that most private homes have locked doors, and most shopping centres have open doors. Just as most private networks have need a key to access, whereas public networks don't.

If you put a sign on it saying "Free bike, please take it!" then then there wouldn't be a problem, would there.

Would you see anything wrong with someone getting on a free bus and riding it to their destination?

The only unequivically illegal action described in this thread is the unathorized deletion of files on someone elses computer.

Yes but if you walk into a shopping center by definiton you are there with permission no? thats unless you are there after hours of course.

Of course not if there is a sign saying please take me or please travel in me as the case may be but then open networks do not appear on pcs or laptops saying please join me and use my owners resources.