Hijacking a broadband connection

Disabling the SSID broadcast has *no* security value. Enabling the SSID broadcast *does* allow others to easily notice that a given channel is being used and should be avoided.

It only means that the "casual" browsers might not see it /quickly/; but anyone who is intent on finding something to break into *can* find it... if it is turned on and absolutely so if it is actually being used.

It most certainly *does* make interference possible to avoid too. That is the purpose of having it "broadcast", which merely makes it available at regular (short) intervals. That way someone who is setting up a network *can* see it immediately, and realize that setting up on that channel will cause interference. If the broadcasts are disabled it is less likely that *your* network will be avoided!

Why would you feel uncomfortable? If you noticed your neighbour had left their car unsecured would you not tell them? I'm sure if you just let them know that *anybody* can access their network they would tighten security.

In article , The Todal writes

Why don't you just print off a copy of that article from the BBC website you referred to and show it to your neighbour saying something like "hey, have you seen this article about people hijacking wireless networks? I'll have to make sure *my* network is secure ..." etc, etc

In article , Fat Freddy's Cat writes

But for all Todal knows somebody could have been connecting to his network and trawling "dodgy" websites ...

Would explain the reason why the police might want to batter his door at

4.00am

In article , Alex Heney writes

If a wireless router can't "see" the SSID is there a danger it will plonk its carrier onto the same channel as the SSID it can't "see"? I think this is what the other poster is meaning.

Indeed. The configuration I use is a broadband 'modem', with *two* wireless routers hooked-up to it. One with site-specific SSID, WEP configured at 128 bits, for our 'private' LAN. The other with default SSID and no security, for guests who bring laptops, and as a useful public service.

By setting up an unsecure default network I consider I'm inviting J. Random Hacker to use it.

Mike

--

'As I walk along these shores I am the history within'

On 28 Jul 2005, The Todal wrote

Have you mentioned it to your neighbour, in case he's unaware of people using his unsecured network, or unaware that it should be secured? (Or is he likely to punch you out rather than thank you?)

FWIW, I set up a laptop for my sister-in-law this past spring which, out of the box, was set up to search for networks. It picked up 5, exactly *none* of which were secured. 4 of them were wireless Internet connections, but one of them was an unsecured wireless LAN for the local branch of Deloitte & Co -- the accountants/whatever firm.

I wasn't surprised to see the home networks, but an unsecured company LAN?

I often wondered whether it was legal to do so, having had neighbours hijack my connection, and having discovered that my own kids were sometimes inadvertently hijacking a neighbour's connection.

Yet another way for law abiding citizens to find themselves in breach of the law, then:

A recent court case, which saw a West London man fined £500 and sentenced to

12 months' conditional discharge for hijacking a wireless broadband connection, has implications for almost every user of wi-fi networks. It is believed to be the first case of its kind in the UK, but with an estimated one million wi-fi users around the country, it is unlikely to be the last. "There are a lot of implications and this could open the floodgates to many more such cases," said Phil Cracknell, chief technology officer of security firm NetSurity. Details in this particular case are sketchy although it is known that Gregory Straszkiewicz had "piggybacked" on a wireless broadband network of a local Ealing resident, using a laptop while sitting in his car.

On 28 Jul 2005, Chris S. wrote

True -- and I didn't try it, so I can't say if they were.

I was just surprised to see what looked like a potentially gaping hole, and would have thought their IT guys should have secured it -- and made it *look* secure -- from all angles.

I don't have a lot of sympathy - anyone who doesn't put security on their wireless network deserves all they get as far as I am concerned.

Paul.

About bloody time!

I have been arguing that this was against the law for years, and always get met with the response "where is the case law then".

And it isn't a way for law abiding citizens to find themselves in breach of the law. It has to be done knowingly before it is illegal.

When you are sitting in a car piggybacking on whatever open network you can find, that is obviously knowingly accessing without authorisation.

But when you accidentally pick up the neighbours' instead of your own, that is a different kettle of fish entirely.

But it is still a good idea to secure your own network - and change the SSID. If you don't change the SSID, then any neighbours with the same brand of router will have the same SSID, and your laptops won't usually know which one they are accessing.

Agreed. I now use security on my home wireless broadband. It does unfortunately mean that when my kids are trying to connect, their computers connect them to the neighbour's service and seemingly I can't prevent that. Or at least, if there is a way I'd like to know it.

The suggestion is, though, that if you go looking for free wireless connections you are likely to be breaking the law as soon as you make a connection to someone's service. Not a lot of people know that, I should think.

Agreed. And setting the router to not broadcast the SSID is good too.

Paul.

Quite easy.

All wireless routers I am aware of have the facility to change the SSID (it usually defaults to something like "NETGEAR", or "3COM").

If you change it to something unique to you, and then set the kids laptop to only connect to that network, rather than to "any network in range", then they should always use yours.

Just because they aren't using WEP/WPA or MAC Filterting doesn't mean there isn't any security. Its possible they are using some other security (ie. a VPN). The only way to find out is to connect.

no, its not a suggestion. It has been law for a wee while now.

Yup - ***IF YOU GO LOOKING***

I think you think wrong.

I also think you are making a mountain out of a molehill. The perp as reported in The Register 3 days ago was actively driving around the neighbours looking for open connections. Hardly the same as your kids linking inadvertently to your neighbours connection is it?

g.

Exactly. Methinks Todal has over-reacted a little to the reported case.

The police arent going to be banging down your door at 4am Todal.

g.

Hmmm. I'll have a go. I seem to remember that you can anyway ask your computer for a list of wireless services and can then ask it to connect to one, even if the default is your own one. I might be wrong. I would feel a bit uncomfortable asking the neighbour to use security in case my kids browse their network, because I don't know how the neighbour would react to that.

Simply having a visible SSID doesn't make it unsecure.