Security Basics mailing list archives

Re: Demonstrate to users- insecure APs

From: krymson () gmail com
Date: 4 Jun 2007 18:26:39 -0000

This list can be endless. :)

Yes, I could sniff all your traffic when I connect to your open wireless network. If you do banking, IM, email, and any
such service over wireless, I can grab the packets and (encryption notwithstanding) pilfer information off your network.

Second, yes, I could connect to the Internet through that AP. At that point, everything you can think of that people do
behind their Internet connections I could do through your wireless...only I'd have less chance of getting things traced
back to me. It'd be traced back to you. I could share copyrighted materials, attack other networks, abuse your
connection to post hate comments, download illegal things, browse porn (or worse), send millions of spam emails...

The abuses go beyond that, however. I could attack your AP by trying to brute or guess the admin password at which
point I could repoint your DNS (albeit slightly useless when I can sniff you anyway, but I could open you up to
browser-borne attacks), open ports to the Internet, etc. I could even lock you out of your own wireless network or host
a server on your network that offers up nasty stuff to the Internet.

I can attack clients on your network (technically, this can be done without even connecting, but let's not go that
deep). If your Windows users are not patching properly or running things like IIS, I can pilfer information or outright
own them.

I can even inject traffic (one of those fun things that just doesn't typically work well enough on wired) and change
what you see simply by answering your requests faster than the Internet gets back to you.

Basically, an open wireless setup is fun, and only limited by the number of threats that live or may happen to be
around you, and the imagination of those threats.

<- snip ->
Suppose I leave my Access Point in Unsecured Mode, no WEP/WPA etc.

Someone connects to my AP and receives an IP assignment via it's DHCP.

Is it possible to sniff all the traffic from all the machines that get's
connected and browse the Internet/LAN through this AP?

I mean, apart from the usual money saving aspect of having a free ride on
other people's money, ( at home) what else is the risk?

Current thread:

Demonstrate to users- insecure APs WALI (Jun 04)
- RE: Demonstrate to users- insecure APs Peter Marshall (Jun 04)
- Re: Demonstrate to users- insecure APs Nicholas Chapel (Jun 04)
- Re: Demonstrate to users- insecure APs Adam Crosby (Jun 04)
- RE: Demonstrate to users- insecure APs Murda Mcloud (Jun 04)
- Re: Demonstrate to users- insecure APs Manuel Arostegui Ramirez (Jun 05)
- <Possible follow-ups>
- Re: Demonstrate to users- insecure APs bruce_mcculley (Jun 04)
- Re: Demonstrate to users- insecure APs krymson (Jun 04)