[wplug] On the subject of wardriving...

[Alexandros Papadopoulos]

On Monday 28 March 2005 19:56, Michael P. O Connor wrote:
<snip>
> rely on it, I peronsonaly do 128bit encription, non-broadcasting
> ssid, and mac address filtering.  Yes I know all of them easy to over
> come, but with 5 open networks in the apartment complex I live in, a
> wardriver wanting free bandwidth is going to go for the open network.
>  Plus I done a bit of looking around, my signal does not make it to
> the road.
> but remember all of this is pointless, if some one wants into YOUR
> network, they will come after your network, and they will have the
> tools to do it.

I guess the validity of this statement depends on what you mean "I'm on 
your network".

If you want to keep people from using your router to anonymously surf 
the net, then MAC authentication and a non-broadcasting SSID seem 
*very* difficult to get around, assuming you keep your wireless router 
patched/flashed with the latest vendor fixes and the attacker is not an 
insider (i.e. has physical access, information about your hardware, 
configuration, etc etc).

Now, making your own legitimate use of your network tamper-proof (i.e. 
stopping people from eavesdropping), is also quite easy to do with 
strong cryptography. Since WEP doesn't seem to fit the bill, one can 
choose an improved alternative (WAP?) and/or an application-layer 
encryption scheme like SSL (implemented for instance with an OpenVPN 
gateway on the router, should one have the luxury) , which is again 
non-trivial[0] to break.

All in all I'd say the situation is not so hopeless, although I 
certainly agree with you that you only have to be a tad more secure 
than the next guy.

-A

[0] Was it Heisenberg who used to refer to anything even barely 
theoretically doable as "trivial"?