Home page logo
/

basics logo Security Basics mailing list archives

Re: Home wireless free hotspot
From: Adam Mooz <adam.mooz () gmail com>
Date: Fri, 16 Apr 2010 13:17:31 -0400

FWIW, Untangle just added a captive portal option to their free edition - might be worth checking out.

-----------------------------------------------------------------
Adam Mooz
Adam.Mooz () gmail com
http://www.AdamMooz.com

On 2010-04-16, at 6:18 AM, Reginald Wheeler wrote:

Now I spoke to a lawyer shortly after all this started to with this
string.  I was advised that all is needed is a terms of use. Thanks
guys. 

Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90 () comcast net



-----Original Message-----
From: Jay Vlavianos <jvlavianos () ecastnetwork com>
To: 'wheeler90 () comcast net' <wheeler90 () comcast net>
Cc: martinez85 () att blackberry net <martinez85 () att blackberry net>, John
Lightfoot <jlightfoot () gmail com>, listbounce () securityfocus com
<listbounce () securityfocus com>, security-basics () securityfocus com
<security-basics () securityfocus com>
Subject: RE: Home wireless free hotspot
Date: Tue, 16 Mar 2010 18:02:53 -0700

Um.... opening his wireless access point allows people to run a tor exit node on their own... does it not?  As well 
as seeding torrents?  As well as hosting warez?   As well as running a dyndns'd porn server?   As well as hacking NSA 
servers?  As well as making all of your other neighbors zombie DDOS robots?

He doesn't have to run the exit node himself, it only has to leave his pipe for him to get the finger... right?

I think you are missing the _human_ aspect of this.  You are basically saying 

"Yes, you might be arrested and charged with child pornography, humiliated in the local press and spend all of your 
life savings in a court battle... but you WILL ultimately prevail and get your gear back with an apology in the local 
news TV program so why not do it - THERE IS NO CASE LAW!!! WOO HOO!!!"

Sounds a little stupid in that context doesn't it?  Does to me at least.




-----Original Message-----
From: Reginald Wheeler [mailto:wheeler90 () comcast net] 
Sent: Tuesday, March 16, 2010 5:34 PM
To: Jay Vlavianos
Cc: martinez85 () att blackberry net; John Lightfoot; listbounce () securityfocus  com; security-basics () 
securityfocus com
Subject: Re: Home wireless free hotspot

Dude the guy is not asking if it is safe to operate a freaking tor proxy
server.  He is asking if he set up something like what you would get if
you were to go to a freaking coffee shop.  Stop telling the guy he can't
do it.  Tell him the risk involved and tell him the best way to mitigate
those risk.  I know we have a bunch of IT professionals that are on this
mailing list.  The link that is provided talks of operating a proxy site
that can and will violate your ISP terms of use.  Now if you go through
the proper channels you can offer a wifi hotspot as a service.  You have
to speak to your ISP for the details of what you need to do.  So having
said that and now getting pissed with the level of incompetence that
many of my fellow IT professionals are showing I'm left wondering how in
the hell you got your jobs.  Now I am going to give Mr. Lightfoot this
advise please consult an IT professional that is well versed in wireless
networking and security.  This person will also be able to help you with
all of the legalities that you may run into with this project. Now for
everyone else we all have to think before we comment, not misrepresent
ourselves and do our best to leave our personal feelings about things in
our pockets when consulting someone on anything unless they ask for it.

Oh and P.S. a free to use wireless hotspot is not a Tor-Exit-Node.  Tor
meaning the The Onion Router is a piece of software that allows you to
route internet traffic for programs that use the internet through layers
of proxy servers in order to mask your IP address.  This has absolutly
nothing to do with a hotspot that will always carry the IP address that
is issued him from his ISP. So again Jay I have asked you to site case
law that will provide factual evidence that you can as a service
provider be held accountable for the actions that another person has
conducted on a network that has a Terms of use contract that has to be
agreed upon in order to access the network. This does not include the
fact that yes there is the inconvenience of having your equipment seized
for the sake of investigation.  You get it back.  Plus if you have
insurance and you do things the proper way.  You will be able to get a
replacement due to the fact that your now able to let your insurance
company know that your equipment was damaged in a criminal act and your
back in service.    

Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90 () comcast net\
Universal Systems Consulting LLC
Simplifying IT



-----Original Message-----
From: Jay Vlavianos <jvlavianos () ecastnetwork com>
To: martinez85 () att blackberry net <martinez85 () att blackberry net>
Cc: John Lightfoot <jlightfoot () gmail com>, listbounce () securityfocus com
<listbounce () securityfocus com>, security-basics () securityfocus com
<security-basics () securityfocus com>
Subject: Re: Home wireless free hotspot
Date: Tue, 16 Mar 2010 08:30:34 -0700

One only needs to read stories like the one below of a poor Tor exit  
node operator to realize that you don't want -anyone- except yourself  
on your own net connection.

That is, of course, if you need some excuse for your own activities  
("I don't know man, I didn't download any softwarez- but maybe my  
neighbor did!).

http://calumog.wordpress.com/2009/03/18/why-you-need-balls-of-steel-to-operate-a-tor-exit-node/



On Mar 16, 2010, at 7:32 AM, "Johnathan"  
<martinez85 () att blackberry net> wrote:

How sweet of you...

Now matter how kind your intentions are, you may want to check the  
terms and conditions of the agreement of the contract you hold with  
your service provider.

You legally may not be allowed to do such a thing you are proposing.

You may be aware of this already, just wanted to put it out there  
for others who may have the same mind set as you.

----
Johnathan

Sent via BlackBerry by AT&T

-----Original Message-----
From: "John Lightfoot" <jlightfoot () gmail com>
Date: Fri, 12 Mar 2010 15:10:40
To: <security-basics () securityfocus com>
Subject: Home wireless free hotspot

Hello,

I have a home wireless network that I'd like to make available to ne 
ighbors
who need to borrow a connection from time to time.  Consider it karmic
repayment for the times I've had to borrow someone else's open  
connection.
Of course, I'd like to do it securely, so I'm looking for some  
advice.

My main network has a wireless router connected to the Internet,  
with a few
wired connections to my home computers.  The main router's wireless  
network
is protected by WPA, access control via MAC address, etc.  My  
thought is I
would attach a second wireless router (Netgear) to a port off the main
router and leave it unsecured, using a second subnet, and block any  
routing
between the two subnets, other than straight out to the Internet,  
but I'm
not sure the best way to do that.

So, a few questions:

If I set up a second router with a subnet "subservient" to my  
main router,
presumably it has to get an IP address within the address space of  
the main
network, but how can I limit access to that network to only my  
Internet
interface?

Would it make more sense for my secure network to be subservient to  
the main
network, i.e. open up the main network and secure a secondary subnet  
off it?

I also have a Secure Computing SG 300 Firewall/VPN appliance, could I
configure that help keep the networks separate and my home network  
secure?
It's got a lot of nice features, but I'm not sure it would help  
make my
configuration more secure.

This may be a very bad idea, so I'd also be happy to hear why  
that's so if
it's true.

Thanks for any advice.


John Lightfoot




--- 
---------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs  
an SSL certificate.  We look at how SSL works, how it benefits your  
company and how your customers can tell if a site is secure. You  
will find out how to test, purchase, install and use a thawte  
Digital Certificate on your Apache web server. Throughout, best  
practices for set-up are highlighted to help you ensure efficient  
ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
--- 
---------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault