War Driving To Be Protected In NH

AllMightyPaul writes "A big article on Wired.com talks about the new House Bill 495 that would legalize the innocent stumbling upon open wireless networks. Basically, it put the burden of securing a wireless network on the owner of the network and allows people to connect to open networks that they believe are supposed to be open. This is excellent news as I'm sure we've all tried to connect to one wireless network and ended up accidentally connecting to another one. Being from NH, now I can finally drive through Manchester and connect anywhere I want with little worry, but not until after January 2004, and that's if the bill passes the Senate."

war driving lessons

[ih8apple]

war driving lessons [nwfusion.com]

Re:Legalize it?

[sharekk]

From the article: "Like most state and federal computer crime laws, New Hampshire's existing statute says it is a crime to knowingly access any computer network without authorization"

Basically before if you were driving past a starbucks and picked up their connection you could be doing something illegal. I expect it's still illegal to crack WEP (easy as it may be) but using random open wireless is Ok.

Re:dumb technincal questions

[Aliencow]

The SSID is no protection, because you can use "any" as the ssid and you will get on most non-encrypted WiFi networks. And you'd be surprised at the amount of them not protected (around 75% in my area)

Re:dumb technincal questions

[neuph]

Answers:

• The identifier you are referring to is the SSID (Service Set Identifier).
• wardriving programs operate by putting the wlan card into promiscuous mode and sniffing all the wireless traffic passing through the air. I beleive that they also send out probes for SSIDs.
• If you are not using WEP (Wired Equivalent Privacy), then everything transmitted is cleartext. However, WEP has been proven insecure, and should not be relied on for any sensitive data.

And yes, there are alot of Linksys default SSIDs out there.

Kismet [kismetwireless.net] - Wardriving application for Linux
Airsnort [shmoo.com] - On-the-fly WEP cracking for Linux

Re:Its excellent news.....

[Tevye]

If I leave the my keys in my car and the door unlocked, does that mean that the person who steals my car is not guilty? The problem with notion of "reasonable" deterrence is what constitutes that? If I left my keys in the car, but locked the doors is that reasonable deterrence versus if instead I left the doors unlocked, but removed the keys? What if I left my locked car with no keys inside in a "bad" neighborhood or I own a car that is a prime target for thieves?

You're right in that stealing is stealing. But prosecution is not just prosecution. Perhaps the cars are a bad example, so let's look at houses. If you leave your house unlocked and someone enters, that's unlawful entry. If you lock your house and someone enters, that's breaking and entering which will impose a stiffer fine. There is a difference, and laws like these help to recognize them. Breaking into a network is still illegal. Wandering into it won't necessarily be illegal anymore, even though it's unauthorized (did they explicitly invite you in? it's unathorized)

Re:dumb technincal questions

[lactose99]

Unless you specifically disable it on the Linksys, your SSID (which you mention was "Linksys") is broadcasted. Anyone with a wireless card and the right software (which WinXP includes) can see the SSID of your home WiFi LAN. The Linksys also has 2 options for WEP encryption, disabled or manditory (at least for the version 2 WiFi Access Point, which I use). If its disabled, then all traffic sent across your WiFi LAN is plain-text, in the clear (unless you are using some encrypted protocols above the WiFi layer like IPSec, SSH, or https for web pages). If its manditory, then all users who connect to your WiFi LAN must provide the correct WEP key to connect to or see traffic on your network.

Even though WEP has been proven to be somewhat insecure (without weak iv filtering, you can break WEP by collecting only a few thousand packets), it is strongly reccomended that you enable it on your WiFi LAN. I also suggest enabling the MAC filtering option on your Linksys access point, as this will only allow registered MAC addresses to communicate with your access point-- the access point just ignores all traffic that isn't coming from the MAC addresses you allow. This is not an end-all security solution by any means, but it does help to deter the causual onlooker who might want to snoop some of your traffic. Of course, any accomplished cracker may very well try to crack your WEP key, but you can get around that by putting your WiFi LAN on an "unsecured" network segment and limiting access to/from the WiFi segment. You can also use things like SSH tunnels and IPSec to further restrict communication over your WiFi LAN.

All in all, much of the above is overkill if you are just using WiFi around the house, but I stand by my point that everyone who doesn't want to provide public WiFi should use both WEP and MAC filtering on their equiptment, as just about every WiFi APs offer these features, and they take (at most) 15 minutes to setup properly.

Reasonable security measures

[SCHecklerX]

These will ensure that casual passers-by do not 'break in' to your network. It also makes it so that someone who does want to break in, has to do so much work to do so that it simply isn't worth their time:

1. Of course, use a vpn client and gateway, if feasible. This is probably more trouble than it is worth for your home network, but should be standard practice at a corporate network.
2. Just because you are using IPSec, don't think that WEP is useless. Use it! It is a deterrent, and also a strong signal to an intruder that no, this is NOT a public node.
3. Enable WEP. 128 bit if possible.
4. Disable broadcast of SSID. This pretty much kills the windoze stumbler, but kismet will still note that you are there, and will remember the SSID if you had broadcasted it in the past.
5. Use a non-dictionary, non-identifying word for your SSID. Most places I've stumbled, you'd be amazed at the number of SSID's that are street names, addresses, building names, business names, etc.
6. Use HEX wep keys, not ascii, and ensure that they are truly random.
7. Mac filtering, if using the above, is pretty much useless. It is good, however, for keeping your own employees, who might know a WEP key and SSID, off of the network until you have time to change the parameters. A real attacker will simply sniff for a good MAC address, and then use it.
8. If in a corporate environment and using a multiuser OS for your end users, don't give them the ability to see/modify their wireless settings.
9. If possible, cycle your WEP keys. This is probably the biggest problem with WEP, the inability to centrally manage keys or have them automatically change over time.

Re:Wait a second...

[b0r1s]

Here's the text:

1Computer Related Offenses; Network Security. Amend RSA 638:17, I to read as follows:

I.

• (a) A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:
  
  
  • (1) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or
    
    
  • (2) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or
    
    
  • (3) The person reasonably could not have known that his or her access was unauthorized.
  
  
  
• (b) The owner of a wireless computer network shall be responsible for securing such computer network. It shall be an affirmative defense to a prosecution for unauthorized access to a wireless computer network if the unauthorized access complies with the conditions set forth in subparagraph I(a)(1)-(3).

So, the way I read it is: the owner is responsible for securing the network, but its legal IF and ONLY IF you were legally granted access, would have been granted access if asked, or had no way of knowing whether or not you were allowed to use the network.

This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless access points, you've already failed 1 & 2. The only issue up for debate is 3: would you have known that you were not authorized? I'm sure once this hits court, the party with the better lawyer is going to win.

Good article on WarChalking here

[Anonymous Coward]

Designtechnica.com [designtechnica.com] has a fantastic article on War Chalking/driving that talks about a lot of this topic in detail.

Burden is on the operator

[JDizzy]

The article seems to shed a positive light on the NH law proposal, which places the burden of network security on the operator, and the negligence for not securing the Access-Point if they get h@x0r3d. That makes a lot of sense because it not my fault that when I walk down the street and your Access point is bombarding me with your signal. I cannot help but to receive the signal if its there. The analogy is walking around at high-noon and being subjected to sunlight, because I cannot help this unless I burden myself to apply a coating of sun-screen. That sun-screen lotion is the wireless equivalent of a firewall but the major difference is that the sun screen is there for my optional protection. It not my burden to protect myself from your spewing of wireless packets since they do not cause me harm.

The wireless protocol stands for themselves, and in a court of law they would be easy to examine line by line until the judge/jury is brain dead from the tech-jargon. Not to mention the various accredited folks who can demonstrate with freely available software that WEP is more of an annoyance. MAC based filtering is weak since it is possible to spoof the mac address with most 802.11b hardware drivers. Simply bombard the AP until the ARP table refreshes with you mac as the end point that *should* be getting the traffic. The solution most folks I know use is a hybrid of various methods. One way is to make each wireless node use VPN to the router behind the AP, and use WEP (as an annoyance) on the ether. Disabling the 802.11 beacon is the first thing that should be done, else it your fault for advertising the existence of your wireless network in the first place. As I mention before, MAC filtering helps as an annoyance to would-be-infiltrators. Finally, rename your SID to anything except "WIRELESS" as many folks get on by simply looking for the default SID.

This is my advice, as a war-driver, I know all the tricks. Enjoy! ;)

Re:Well, someone has to pick the nits...

[The Salamander]

First off he refers to "war driving" and "war chalking" without ever once spelling out Wireless Access Reconnaissance...

Maybe because not everyone thinks WAR is an acronym?

My understanding is that war-driving is a play on war-dialing and your acronoym sounds like something made up after the fact.

Re:Legalize it?

[bjschrock]

I just wish everyone would pay more attention to the last two amendments in the Bill of Rights:

Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

Re:Well, someone has to pick the nits...

[Dyolf Knip]

Such a linguistic feat is typically called a 'Bacronym'.

Re:Wait a second...

[Istealmymusic]

# (1) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or

# (2) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or

This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless access points, you've already failed 1 & 2.

How does wardriving fail 1 and 2? By using an unencrypted non-WEP signal, by allowing anyone with any MAC, by enabling DHCP the owner is authorizing access to anyone. He or she is broadcasting beacon frames advertising the AP. He or she is running a DHCP server to hand out addresses to anyone. Because the software is letting in literally anyone, the owner is authorizing everyone. No trickery is involved.

Since point #1 does not apply, neither does #2, nor #3. Of course, if one was to sniff a couple gigs of 802.11b frames in order to crack WEP, he would most certainly be in violation of the said laws. But wardriving is not.