When people buy Wap/Routers, to increase sales, they are sold with absolutely *NO* security and wide open. (sales went up 78% when they started selling them wide open). Current legislation makes it illegal for THEM (unless they have a biz account and can have multiple users), but not for you to use it. If you want to be a nice guy, offer to set it up with security for them, and add yourself as an authorized user. That would probably be a win-win.
Surely you jest. At no time were wireless routers ever sold secure by default. In order to do that, the router would have to have: 1. The wireless portion temporarily disabled. 2. Ask for a router password on initialization. 3. Ask for an SSID on initialization. 4. Ask for a WEP type and WEP key on initialization. 5. Disable UPnP by default. 6. Close all port redirection, DMZ host, and port triggering by default. 7. Whatever else I forgot to nail down. Basically, EVERYTHING needs to be turned off by default, and enabled or configured during the initial setup. No cheapo router manufacturer has ever done that. Some routers would ask for a router password during the initial setup wizard, but it could be bypassed by using a blank password.
The closest approximation to secure out of the box were the 2-wire wireless routers shipped by various ISP's. These arrive from the ISP with the router password, SSID, and WEP key pre-configured and plastered on a label on the bottom of the router. This is good.
The only concession to security that I've seen on wireless routers is Linksys finally deciding that turning on UPnP by default was a bad idea. Current firmware defaults to off. Woooopie.
All the manufacturers make wireless configuration difficult by splattering wireless settings onto at least 3 different menu pages and burying WEP key configuration under 2-3 layers of "advanced" menus. Superficially, one might suspect that users aren't suppose to play in the "advanced" settings. So much for wireless security.
Where did you get the 78% increase in sales (over what period, what product line, dollars or units, using who's numbers, as reported where, etc...)? Sales statistics are so much fun.
First, you'll have to explain what security means, why they need to be secure, what they have to do to stay secure, what will happen if they continue to run an unsecured system, wireless sniffing, wardriving, router firmware updates, and such. Best of luck.
Nope.. Not kidding young whippersnapper
I am vacationing in a resort condo where there are rental units and also fulltime residents. Today I fired up my laptop with every intent of hooking up my remote dialup access, and I found that I was connected to a wireless broadband network. Upon checking I found that I am receiving signals from four such networks -- three of which are unsecured. What is the protocol for using such access? Does my use in any compromise the owner? My thought is that if they objected to others' use they would simply secure the account. However, I want to do the right thing and not piss anyone off so I'd appreciate any guidance. I do have a network at home and specified that it be installed secure.
_______________________________________________________________________________ Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
Young? I'm 57.9 years old.
In 1998, 802.11 appeared and I was bribed into getting involved in a wireless venture. I was involved in some proprietary radio link design, and figured that 802.11 would unify the industry. At that time, the only commodity 802.11 hardware available was from Eumitcom, Teletronics, Zcomax, Raylink, and perhaps Breezecom. A bit later, Linksys, SMC, and DLink appeared. Netgear eventually left their Bay Networks legacy behind and joined the bottom of the line vendors. Wavelan became Orinoco, Lucent, Agere, Avaya, and finally Proxim. Cisco was busy buying companies, killing wireless products that people wanted to buy, and selling overpriced and underpowered wireless bridges and access points.
Between 1998 and 2000, everything was junk. During this time, I played with, tested, or helped design, just about every piece of wireless hardware that appeared on the market. Almost all the boxes were bridges or access points. Wireless routers didn't appear until about 2000 (not sure) and were just the same ethernet routers sold by the vendors with wireless bridge tacked on. I don't recall which one was first, but I do recall that absolutely none of them had the wireless disabled by default. Setup by serial port or telnet was common.
Well, could I trouble you for the manufacturers name and model number of such a wireless router? I probably have one either in the junk pile or in stock. My memory isn't as good as it once was and I'll admit that I might be mistaken.
I beg to differ.
Sigh. Yes, you do need to do everything I mentioned. Just turning on the wireless does not magically insure security. You have to go through all the various steps and chose the proper settings. I suppose the setup "wizard" might offer a good random value for the WEP key, but the SSID shouldn't really be random garbage.
Is it possible that this is a service provided by the resort?
_______________________________________________________________________________ Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
The point is that if wireless is OFF, then your other stuff doesn't matter. I liken it to turning of the main breaker for your house, doesn't much matter if a light switch is turned off too.
At the stores I own, the first WAP/Routers we sold, had that WAP part turned
*OFF* by default. Used to make some good bucks having our techs turn it on after the people bought em and found out they couldn't use em.Of course if you turn it on, that's a different animal, and then you have to set things, but the statement was based on the first part of the sentence
*if wireless doesn't work at all*... Think about it.. if you have *NO* wireless at all, what difference do the wep etc settings make? It's like turning off a light switch when the lamp is unplugged.Haven't heard of any sucessful prosections (YET) of people using left open networks, but I have heard of people being targeted for breaking the agreement to only allow personal use of an internet connection instead of paying extra for a biz account that can have multiple users.
Make and model?
Normally, a customer buys a wireless router so they can use it wirelessly. Leaving the wireless off is a waste. Might as well have bought an ethernet router, with no wireless. So, the first thing a customer would do with such a router is turn on the wireless part. Then they get to figure out the details. My guess(tm) is that if you just turn on the wireless part of your unspecified wireless router, the SSID will default to something stupid, WEP will be off, and the router will work wirelessly in a rather insecure manner. Might as well have left the wireless on by default.
I track FCC enforcement actions
These were previously posted to alt.internet.wireless. Kinda marginal examples but certainly applicable.
I haven't hear of that recently. There were some cable ISP's (Comcast) that were sniffing traffic and trying to guess how many PC's were hidden behind an NAT firewall. Then, some telemarketting organization was tasked with calling the customers and informing them that they have violated the terms of service which do not allow multiple computers, and that they retroactively owe the cable ISP about $8/month extra per PC. You can kinda predict how far treating your customers as criminals went. These days, I hear about users getting "fined" or unplugged for excessive traffic, usually caused by a trojaned PC, worm, or because they're running a porno server. A few ISP's are blocking VPN ports and sometimes SMTP mail on the assumption that such services require the overpriced business account. The satellite ISP's throttle traffic after about 150MBytes/hr to give everyone their "fair share" of the pipe. I can't speak for the rest of the country, but busting custmers for anything other than gross abuse just isn't practiced by any of the local (Northern Calif) ISP's that I know and deal with.
On 2 Jan 2005 00:15:14 GMT, SBN spoketh
What's the policy on taking a ride in any convertible found in the parking lots at Disney?
Lars M. Hansen
What the heck does *stealing* cars have to do with using an open WAP?
I've been called a curmudgeon, which methinks is more appropriate. I have a nifty pen and ink sketch of myself as Ebineezer Scrooge on the bedroom wall.
Methinks I've discovered the secret to eternal youth. No kids or dependents (that I know of).
I forgot about that one:
Oh swell, I can't find a resume that goes back that far. From my fading memory: 1965 Graduated Hamilton High Skool, Smog Angeles 1971 Graduated Cal Politic, Pomona BSEE. Yes, it took 6 years to make it through college due to some travel and diversions. I was born in 1948 so I was 17 when I graduated High Skool, and 23 when they graduated me from college.
Well, that explains why I've never seen that one. I was recovering from a triple bypass and was in no condition to do any work after Feb
2001 for about 6 months. I missed that one.Normally, I would check the firmware release notes from the Linksys support web pile,
Microsoft OLE DB Provider for ODBC Drivers error '80040e31' [Microsoft][ODBC SQL Server Driver]Timeout expired /support/TrafficReport.asp, line 48
Traffic report? Sigh. Maybe later...
Yup.. Sorrry, looked at my sent file and my apology didn't get sent...so my apologies for the young whippersnapper remark. All I can say is that it was worded and meant as a joke...(that's what the smiley face was for, and the stuff in parends "(been doing computer stuff since 1969, bet I'm older than you and can say that! :)" Both were meant/supposed to mean sarcasm, no offense was intended. However.... Since I am 51 (over the age of 50, when you magically become eccentric instead of rude or wierd...) I think I can now safely use the term that is used for me once in a while.. Old Fart....:)
I almost fell off the couch laughing when I read that one. Not that I thought you were old... just beyond the "whipppersnapper" age.
That's older than I thought.
That was cute. It popped up behind my terminal screen, where I could only see a portion of it, and I thought it was morphing from high school student to old fart. At first, I thought it would be the spinning chair jscript.
Ah, that's where I messed up. What did you do between 1971 graduation and now to gain the extra years? If 17.9 years old is a good median high school graduation, 40 years ago would have you graduating from high school in 1964. Earlier references to 1997 - 49 would be 1950, so maybe the high skool reference sentence was blurred, and you graduated from college in
1971. That doesn't match 2005-58. Neither does 1950+57.9.
Oops. It's a sure sign of old age when I don't know how old I am and have to use a calculator to do the arithmetic. I'm only 56.9 years old.
I don't really know what whippersnapper means.
Well, you can now say that you're over half a century old. My being about 6 years older only means that I've had 6 more years of mistakes and about 10% more that I've either forgotten or has become useless knowledge.
The Linksys BEFW11S4 V1 that I bought in the summer of 2001 was delivered with wireless disabled, and pg.18 of the user guide explicitly says that wireless must be enabled to make it work. That unit had 1.37.2 firmware; I do not recall if any of the firmware upgrades enabled wireless by default.
Your question really boils down to "What can I infer about the intentions of the owner of a wireless network from the fact that he has left it unencrypted?" From that fact alone, nothing. Too many people who use wireless networking are ignorant of wireless security. They probably installed their wireless access points themselves, with only a glance at the "Quick Install" card.
If any of those wireless networks you see has the manufacturer's default name -- "linksys", for example -- you can assume that the owner is fairly clueless and has not made an informed, deliberate choice to leave his network unsecured. If the network name (SSID) itself gives a good indication that it is intended for public use, I can't see how anybody could fault you for using it. Otherwise, you're not entitled to play Goldilocks just because the door was left open.
I hop on those little trams all the time. Am I supposed to pay?
Excellent summary! I've got clients with security disabled on purpose, and in every case, they are not saying "Anyone welcome to do anything they want".
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.