When people buy Wap/Routers, to increase sales, they are sold with
absolutely *NO* security and wide open. (sales went up 78% when they started
selling them wide open).
Current legislation makes it illegal for THEM (unless they have a biz
account and can have multiple users), but not for you to use it.
If you want to be a nice guy, offer to set it up with security for them, and
add yourself as an authorized user. That would probably be a win-win.
Surely you jest. At no time were wireless routers ever sold secure by
default. In order to do that, the router would have to have:
1. The wireless portion temporarily disabled.
2. Ask for a router password on initialization.
3. Ask for an SSID on initialization.
4. Ask for a WEP type and WEP key on initialization.
5. Disable UPnP by default.
6. Close all port redirection, DMZ host, and port triggering by
7. Whatever else I forgot to nail down.
Basically, EVERYTHING needs to be turned off by default, and enabled
or configured during the initial setup. No cheapo router manufacturer
has ever done that. Some routers would ask for a router password
during the initial setup wizard, but it could be bypassed by using a
The closest approximation to secure out of the box were the 2-wire
wireless routers shipped by various ISP's. These arrive from the ISP
with the router password, SSID, and WEP key pre-configured and
plastered on a label on the bottom of the router. This is good.
The only concession to security that I've seen on wireless routers is
Linksys finally deciding that turning on UPnP by default was a bad
idea. Current firmware defaults to off. Woooopie.
All the manufacturers make wireless configuration difficult by
splattering wireless settings onto at least 3 different menu pages and
burying WEP key configuration under 2-3 layers of "advanced" menus.
Superficially, one might suspect that users aren't suppose to play in
the "advanced" settings. So much for wireless security.
Where did you get the 78% increase in sales (over what period, what
product line, dollars or units, using who's numbers, as reported
where, etc...)? Sales statistics are so much fun.
First, you'll have to explain what security means, why they need to be
secure, what they have to do to stay secure, what will happen if they
continue to run an unsecured system, wireless sniffing, wardriving,
router firmware updates, and such. Best of luck.
I am vacationing in a resort condo where there are rental units and
also fulltime residents. Today I fired up my laptop with every intent
of hooking up my remote dialup access, and I found that I was
connected to a wireless broadband network. Upon checking I found that
I am receiving signals from four such networks -- three of which are
unsecured. What is the protocol for using such access? Does my use
in any compromise the owner? My thought is that if they objected to
others' use they would simply secure the account. However, I want to
do the right thing and not piss anyone off so I'd appreciate any
guidance. I do have a network at home and specified that it be
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
Got started in computahs in college with the 1620, 1401, and 7090.
Actually, we had most of a 709 in high skool, but never could get the
tube infested 36 bit monster to count. On graduation in 1971 and
after a few military adventures, I did RF design and ran several RF
related businesses until about 1983, when I cleverly decided that
computers were the hot ticket. I still do quite a bit of RF
consulting but the main emphasis is on computing.
In 1998, 802.11 appeared and I was bribed into getting involved in a
wireless venture. I was involved in some proprietary radio link
design, and figured that 802.11 would unify the industry. At that
time, the only commodity 802.11 hardware available was from Eumitcom,
Teletronics, Zcomax, Raylink, and perhaps Breezecom. A bit later,
Linksys, SMC, and DLink appeared. Netgear eventually left their Bay
Networks legacy behind and joined the bottom of the line vendors.
Wavelan became Orinoco, Lucent, Agere, Avaya, and finally Proxim.
Cisco was busy buying companies, killing wireless products that people
wanted to buy, and selling overpriced and underpowered wireless
bridges and access points.
Between 1998 and 2000, everything was junk. During this time, I
played with, tested, or helped design, just about every piece of
wireless hardware that appeared on the market. Almost all the boxes
were bridges or access points. Wireless routers didn't appear until
about 2000 (not sure) and were just the same ethernet routers sold by
the vendors with wireless bridge tacked on. I don't recall which one
was first, but I do recall that absolutely none of them had the
wireless disabled by default. Setup by serial port or telnet was
Well, could I trouble you for the manufacturers name and model number
of such a wireless router? I probably have one either in the junk
pile or in stock. My memory isn't as good as it once was and I'll
admit that I might be mistaken.
I beg to differ.
Sigh. Yes, you do need to do everything I mentioned. Just turning on
the wireless does not magically insure security. You have to go
through all the various steps and chose the proper settings. I
suppose the setup "wizard" might offer a good random value for the WEP
key, but the SSID shouldn't really be random garbage.
I checked that out and it probably is not. I checked with the owner
of the condo and he does not know anything about the issue. Also, the
resort does not advertise it, and would undoubtedly charge for it.
They have a device in their lobby where they charge .25/minute to
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
The point is that if wireless is OFF, then your other stuff doesn't matter.
I liken it to turning of the main breaker for your house, doesn't much
matter if a light switch is turned off too.
At the stores I own, the first WAP/Routers we sold, had that WAP part turned
*OFF* by default. Used to make some good bucks having our techs turn it on
after the people bought em and found out they couldn't use em.
Of course if you turn it on, that's a different animal, and then you have to
set things, but the statement was based on the first part of the sentence
*if wireless doesn't work at all*... Think about it.. if you have *NO*
wireless at all, what difference do the wep etc settings make? It's like
turning off a light switch when the lamp is unplugged.
Haven't heard of any sucessful prosections (YET) of people using left open
networks, but I have heard of people being targeted for breaking the
agreement to only allow personal use of an internet connection instead of
paying extra for a biz account that can have multiple users.
Make and model?
Normally, a customer buys a wireless router so they can use it
wirelessly. Leaving the wireless off is a waste. Might as well have
bought an ethernet router, with no wireless. So, the first thing a
customer would do with such a router is turn on the wireless part.
Then they get to figure out the details. My guess(tm) is that if you
just turn on the wireless part of your unspecified wireless router,
the SSID will default to something stupid, WEP will be off, and the
router will work wirelessly in a rather insecure manner. Might as
well have left the wireless on by default.
I track FCC enforcement actions
find very little activity of any type involving 2.4GHz. However,
these don't record warnings which is usually all that's necessary to
insure compliance. Besides, there's no money in issuing fines to the
average wireless user.
These were previously posted to alt.internet.wireless. Kinda marginal
examples but certainly applicable.
I haven't hear of that recently. There were some cable ISP's
(Comcast) that were sniffing traffic and trying to guess how many PC's
were hidden behind an NAT firewall. Then, some telemarketting
organization was tasked with calling the customers and informing them
that they have violated the terms of service which do not allow
multiple computers, and that they retroactively owe the cable ISP
about $8/month extra per PC. You can kinda predict how far treating
your customers as criminals went. These days, I hear about users
getting "fined" or unplugged for excessive traffic, usually caused by
a trojaned PC, worm, or because they're running a porno server. A few
ISP's are blocking VPN ports and sometimes SMTP mail on the assumption
that such services require the overpriced business account. The
satellite ISP's throttle traffic after about 150MBytes/hr to give
everyone their "fair share" of the pipe. I can't speak for the rest
of the country, but busting custmers for anything other than gross
abuse just isn't practiced by any of the local (Northern Calif) ISP's
that I know and deal with.
I've been called a curmudgeon, which methinks is more appropriate. I
have a nifty pen and ink sketch of myself as Ebineezer Scrooge on the
Methinks I've discovered the secret to eternal youth. No kids or
dependents (that I know of).
I forgot about that one:
Move the mouse around the screen after it's done loading. (Remind me
to retouch the bald spot).
Oh swell, I can't find a resume that goes back that far. From my
1965 Graduated Hamilton High Skool, Smog Angeles
1971 Graduated Cal Politic, Pomona BSEE.
Yes, it took 6 years to make it through college due to some travel and
diversions. I was born in 1948 so I was 17 when I graduated High
Skool, and 23 when they graduated me from college.
Well, that explains why I've never seen that one. I was recovering
from a triple bypass and was in no condition to do any work after Feb
2001 for about 6 months. I missed that one.
Normally, I would check the firmware release notes from the Linksys
support web pile,
they seem to be having a Y2.005K problem:
Microsoft OLE DB Provider for ODBC Drivers error '80040e31'
[Microsoft][ODBC SQL Server Driver]Timeout expired
/support/TrafficReport.asp, line 48
Traffic report? Sigh. Maybe later...
Yup.. Sorrry, looked at my sent file and my apology didn't get sent...so my
apologies for the young whippersnapper remark. All I can say is that it was
worded and meant as a joke...(that's what the smiley face was for, and the
stuff in parends "(been doing computer stuff since 1969, bet I'm older than
you and can say that! :)" Both were meant/supposed to mean sarcasm, no
offense was intended. However.... Since I am 51 (over the age of 50, when
you magically become eccentric instead of rude or wierd...) I think I can
now safely use the term that is used for me once in a while.. Old Fart....:)
I almost fell off the couch laughing when I read that one.
Not that I thought you were old... just beyond the "whipppersnapper" age.
That's older than I thought.
That was cute. It popped up behind my terminal screen, where I could only
see a portion of it, and I thought it was morphing from high school student
to old fart. At first, I thought it would be the spinning chair jscript.
Ah, that's where I messed up. What did you do between 1971 graduation and
now to gain the extra years? If 17.9 years old is a good median high
school graduation, 40 years ago would have you graduating from high school
in 1964. Earlier references to 1997 - 49 would be 1950, so maybe the high
skool reference sentence was blurred, and you graduated from college in
1971. That doesn't match 2005-58. Neither does 1950+57.9.
Oops. It's a sure sign of old age when I don't know how old I am and
have to use a calculator to do the arithmetic. I'm only 56.9 years
I don't really know what whippersnapper means.
that's fairly accurate. I'm not terribly important and
really do have a gigantic inflated ego. Yeah, I guess I deserve that.
However, it's no problem and no apology is required. If you read any
of my postings, you'll probably notice that diplomacy, tact,
sensitivity, and etiquette are not my best points. I'm sure you would
be entertained by the hate mail that I erratically receive when I
tactlessly trample on someone's illusions. That's balanced by my
easily admitting that I screwed up or am in error, which happens all
Well, you can now say that you're over half a century old. My being
about 6 years older only means that I've had 6 more years of mistakes
and about 10% more that I've either forgotten or has become useless
The Linksys BEFW11S4 V1 that I bought in the summer of 2001 was delivered
with wireless disabled, and pg.18 of the user guide explicitly says that
wireless must be enabled to make it work. That unit had 1.37.2 firmware;
I do not recall if any of the firmware upgrades enabled wireless by default.
Your question really boils down to "What can I infer about the
intentions of the owner of a wireless network from the fact that he has
left it unencrypted?" From that fact alone, nothing. Too many people who
use wireless networking are ignorant of wireless security. They probably
installed their wireless access points themselves, with only a glance at
the "Quick Install" card.
If any of those wireless networks you see has the manufacturer's default
name -- "linksys", for example -- you can assume that the owner is
fairly clueless and has not made an informed, deliberate choice to leave
his network unsecured. If the network name (SSID) itself gives a good
indication that it is intended for public use, I can't see how anybody
could fault you for using it. Otherwise, you're not entitled to play
Goldilocks just because the door was left open.