Protocol for using others' network???

I am vacationing in a resort condo where there are rental units and
also fulltime residents. Today I fired up my laptop with every intent
of hooking up my remote dialup access, and I found that I was
connected to a wireless broadband network. Upon checking I found that
I am receiving signals from four such networks -- three of which are
unsecured. What is the protocol for using such access? Does my use
in any compromise the owner? My thought is that if they objected to
others' use they would simply secure the account. However, I want to
do the right thing and not piss anyone off so I'd appreciate any
guidance. I do have a network at home and specified that it be
installed secure.

__________________________________________________ _____________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source <><><><><><><><>

SBN <(E-Mail Removed)> wrote:
> I am vacationing in a resort condo where there are rental units and
> also fulltime residents. Today I fired up my laptop with every intent
> of hooking up my remote dialup access, and I found that I was
> connected to a wireless broadband network.

Is it possible that this is a service provided by the resort?

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

I checked that out and it probably is not. I checked with the owner
of the condo and he does not know anything about the issue. Also, the
resort does not advertise it, and would undoubtedly charge for it.
They have a device in their lobby where they charge .25/minute to
check email!

On Sun, 2 Jan 2005 00:39:28 +0000 (UTC), (E-Mail Removed)
wrote:

>SBN <(E-Mail Removed)> wrote:
>> I am vacationing in a resort condo where there are rental units and
>> also fulltime residents. Today I fired up my laptop with every intent
>> of hooking up my remote dialup access, and I found that I was
>> connected to a wireless broadband network.
>
>Is it possible that this is a service provided by the resort?


__________________________________________________ _____________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source <><><><><><><><>

SBN wrote:
> I am vacationing in a resort condo where there are rental units and
> also fulltime residents. Today I fired up my laptop with every intent
> of hooking up my remote dialup access, and I found that I was
> connected to a wireless broadband network. Upon checking I found that
> I am receiving signals from four such networks -- three of which are
> unsecured. What is the protocol for using such access? Does my use
> in any compromise the owner? My thought is that if they objected to
> others' use they would simply secure the account. However, I want to
> do the right thing and not piss anyone off so I'd appreciate any
> guidance. I do have a network at home and specified that it be
> installed secure.
>
> __________________________________________________ _____________________________
> Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
> http://www.uncensored-news.com <><><><><><><> The
> Worlds Uncensored News Source <><><><><><><><>

When people buy Wap/Routers, to increase sales, they are sold with
absolutely *NO* security and wide open. (sales went up 78% when they started
selling them wide open).
Current legislation makes it illegal for THEM (unless they have a biz
account and can have multiple users), but not for you to use it.
If you want to be a nice guy, offer to set it up with security for them, and
add yourself as an authorized user. That would probably be a win-win.

On Sat, 1 Jan 2005 19:36:44 -0800, "Peter Pan"
<(E-Mail Removed)> wrote:

>When people buy Wap/Routers, to increase sales, they are sold with
>absolutely *NO* security and wide open. (sales went up 78% when they started
>selling them wide open).

Surely you jest. At no time were wireless routers ever sold secure by
default. In order to do that, the router would have to have:
1. The wireless portion temporarily disabled.
2. Ask for a router password on initialization.
3. Ask for an SSID on initialization.
4. Ask for a WEP type and WEP key on initialization.
5. Disable UPnP by default.
6. Close all port redirection, DMZ host, and port triggering by
default.
7. Whatever else I forgot to nail down.
Basically, EVERYTHING needs to be turned off by default, and enabled
or configured during the initial setup. No cheapo router manufacturer
has ever done that. Some routers would ask for a router password
during the initial setup wizard, but it could be bypassed by using a
blank password.

The closest approximation to secure out of the box were the 2-wire
wireless routers shipped by various ISP's. These arrive from the ISP
with the router password, SSID, and WEP key pre-configured and
plastered on a label on the bottom of the router. This is good.

The only concession to security that I've seen on wireless routers is
Linksys finally deciding that turning on UPnP by default was a bad
idea. Current firmware defaults to off. Woooopie.

All the manufacturers make wireless configuration difficult by
splattering wireless settings onto at least 3 different menu pages and
burying WEP key configuration under 2-3 layers of "advanced" menus.
Superficially, one might suspect that users aren't suppose to play in
the "advanced" settings. So much for wireless security.

Where did you get the 78% increase in sales (over what period, what
product line, dollars or units, using who's numbers, as reported
where, etc...)? Sales statistics are so much fun.

>Current legislation makes it illegal for THEM (unless they have a biz
>account and can have multiple users), but not for you to use it.
>If you want to be a nice guy, offer to set it up with security for them, and
>add yourself as an authorized user. That would probably be a win-win.

First, you'll have to explain what security means, why they need to be
secure, what they have to do to stay secure, what will happen if they
continue to run an unsecured system, wireless sniffing, wardriving,
router firmware updates, and such. Best of luck.



--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Jeff Liebermann wrote:
> On Sat, 1 Jan 2005 19:36:44 -0800, "Peter Pan"
> <(E-Mail Removed)> wrote:
>
>> When people buy Wap/Routers, to increase sales, they are sold with
>> absolutely *NO* security and wide open. (sales went up 78% when they
>> started selling them wide open).
>
> Surely you jest. At no time were wireless routers ever sold secure by
> default. In order to do that, the router would have to have:
> 1. The wireless portion temporarily disabled.

Nope.. Not kidding young whippersnapper <--- (been doing computer stuff
since 1969, bet I'm older than you and can say that!)

A variation on #1. The Wireless portion was DISABLED ENTIRELY by default.
And when they first came out, that's the way they where shipped. (basically
just a router with wireless avalaible if you turned it on)

It used to be No Wireless at all by default, even out of the box.

If wireless doesn't work AT ALL, no need to do any of the other things you
mention.... And that's the way it used to be shipped.. Wireless turned OFF
by default

On Sat, 1 Jan 2005 23:08:01 -0800, "Peter Pan"
<(E-Mail Removed)> wrote:

>Jeff Liebermann wrote:
>> On Sat, 1 Jan 2005 19:36:44 -0800, "Peter Pan"
>> <(E-Mail Removed)> wrote:
>>
>>> When people buy Wap/Routers, to increase sales, they are sold with
>>> absolutely *NO* security and wide open. (sales went up 78% when they
>>> started selling them wide open).
>>
>> Surely you jest. At no time were wireless routers ever sold secure by
>> default. In order to do that, the router would have to have:
>> 1. The wireless portion temporarily disabled.

>Nope.. Not kidding young whippersnapper <--- (been doing computer stuff
>since 1969, bet I'm older than you and can say that!)

Young? I'm 57.9 years old.
http://www.LearnByDestroying.com/pic...jeffl-wolf.gif (3MB)
Got started in computahs in college with the 1620, 1401, and 7090.
Actually, we had most of a 709 in high skool, but never could get the
tube infested 36 bit monster to count. On graduation in 1971 and
after a few military adventures, I did RF design and ran several RF
related businesses until about 1983, when I cleverly decided that
computers were the hot ticket. I still do quite a bit of RF
consulting but the main emphasis is on computing.

In 1998, 802.11 appeared and I was bribed into getting involved in a
wireless venture. I was involved in some proprietary radio link
design, and figured that 802.11 would unify the industry. At that
time, the only commodity 802.11 hardware available was from Eumitcom,
Teletronics, Zcomax, Raylink, and perhaps Breezecom. A bit later,
Linksys, SMC, and DLink appeared. Netgear eventually left their Bay
Networks legacy behind and joined the bottom of the line vendors.
Wavelan became Orinoco, Lucent, Agere, Avaya, and finally Proxim.
Cisco was busy buying companies, killing wireless products that people
wanted to buy, and selling overpriced and underpowered wireless
bridges and access points.

Between 1998 and 2000, everything was junk. During this time, I
played with, tested, or helped design, just about every piece of
wireless hardware that appeared on the market. Almost all the boxes
were bridges or access points. Wireless routers didn't appear until
about 2000 (not sure) and were just the same ethernet routers sold by
the vendors with wireless bridge tacked on. I don't recall which one
was first, but I do recall that absolutely none of them had the
wireless disabled by default. Setup by serial port or telnet was
common.

>A variation on #1. The Wireless portion was DISABLED ENTIRELY by default.
>And when they first came out, that's the way they where shipped. (basically
>just a router with wireless avalaible if you turned it on)

Well, could I trouble you for the manufacturers name and model number
of such a wireless router? I probably have one either in the junk
pile or in stock. My memory isn't as good as it once was and I'll
admit that I might be mistaken.

>It used to be No Wireless at all by default, even out of the box.

I beg to differ.

>If wireless doesn't work AT ALL, no need to do any of the other things you
>mention.... And that's the way it used to be shipped.. Wireless turned OFF
>by default

Sigh. Yes, you do need to do everything I mentioned. Just turning on
the wireless does not magically insure security. You have to go
through all the various steps and chose the proper settings. I
suppose the setup "wizard" might offer a good random value for the WEP
key, but the SSID shouldn't really be random garbage.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Jeff Liebermann wrote:
>> If wireless doesn't work AT ALL, no need to do any of the other
>> things you mention.... And that's the way it used to be shipped..
>> Wireless turned OFF by default
>
> Sigh. Yes, you do need to do everything I mentioned. Just turning on
> the wireless does not magically insure security. You have to go
> through all the various steps and chose the proper settings.

The point is that if wireless is OFF, then your other stuff doesn't matter.
I liken it to turning of the main breaker for your house, doesn't much
matter if a light switch is turned off too.

At the stores I own, the first WAP/Routers we sold, had that WAP part turned
*OFF* by default. Used to make some good bucks having our techs turn it on
after the people bought em and found out they couldn't use em.

Of course if you turn it on, that's a different animal, and then you have to
set things, but the statement was based on the first part of the sentence
*if wireless doesn't work at all*... Think about it.. if you have *NO*
wireless at all, what difference do the wep etc settings make? It's like
turning off a light switch when the lamp is unplugged.

Haven't heard of any sucessful prosections (YET) of people using left open
networks, but I have heard of people being targeted for breaking the
agreement to only allow personal use of an internet connection instead of
paying extra for a biz account that can have multiple users.

On Sun, 2 Jan 2005 01:40:00 -0800, "Peter Pan"
<(E-Mail Removed)> wrote:

>At the stores I own, the first WAP/Routers we sold, had that WAP part turned
>*OFF* by default. Used to make some good bucks having our techs turn it on
>after the people bought em and found out they couldn't use em.

Make and model?

>Of course if you turn it on, that's a different animal, and then you have to
>set things, but the statement was based on the first part of the sentence
>*if wireless doesn't work at all*... Think about it.. if you have *NO*
>wireless at all, what difference do the wep etc settings make? It's like
>turning off a light switch when the lamp is unplugged.

Normally, a customer buys a wireless router so they can use it
wirelessly. Leaving the wireless off is a waste. Might as well have
bought an ethernet router, with no wireless. So, the first thing a
customer would do with such a router is turn on the wireless part.
Then they get to figure out the details. My guess(tm) is that if you
just turn on the wireless part of your unspecified wireless router,
the SSID will default to something stupid, WEP will be off, and the
router will work wirelessly in a rather insecure manner. Might as
well have left the wireless on by default.

>Haven't heard of any sucessful prosections (YET) of people using left open
>networks,

I track FCC enforcement actions
http://www.fcc.gov/eb/
and find very little activity of any type involving 2.4GHz. However,
these don't record warnings which is usually all that's necessary to
insure compliance. Besides, there's no money in issuing fines to the
average wireless user.

These were previously posted to alt.internet.wireless. Kinda marginal
examples but certainly applicable.

http://www.canoe.ca/NewsStand/London...22/264890.html
http://www.freep.com/news/locoak/nhack11_20031111.htm

>but I have heard of people being targeted for breaking the
>agreement to only allow personal use of an internet connection instead of
>paying extra for a biz account that can have multiple users.

I haven't hear of that recently. There were some cable ISP's
(Comcast) that were sniffing traffic and trying to guess how many PC's
were hidden behind an NAT firewall. Then, some telemarketting
organization was tasked with calling the customers and informing them
that they have violated the terms of service which do not allow
multiple computers, and that they retroactively owe the cable ISP
about $8/month extra per PC. You can kinda predict how far treating
your customers as criminals went. These days, I hear about users
getting "fined" or unplugged for excessive traffic, usually caused by
a trojaned PC, worm, or because they're running a porno server. A few
ISP's are blocking VPN ports and sometimes SMTP mail on the assumption
that such services require the overpriced business account. The
satellite ISP's throttle traffic after about 150MBytes/hr to give
everyone their "fair share" of the pipe. I can't speak for the rest
of the country, but busting custmers for anything other than gross
abuse just isn't practiced by any of the local (Northern Calif) ISP's
that I know and deal with.



--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Jeff Liebermann <(E-Mail Removed)> wrote:
>>Nope.. Not kidding young whippersnapper <--- (been doing computer stuff
>>since 1969, bet I'm older than you and can say that!)

I almost fell off the couch laughing when I read that one.
Not that I thought you were old... just beyond the "whipppersnapper" age.

> Young? I'm 57.9 years old.

That's older than I thought.

> http://www.LearnByDestroying.com/pic...jeffl-wolf.gif (3MB)

That was cute. It popped up behind my terminal screen, where I could only
see a portion of it, and I thought it was morphing from high school student
to old fart. At first, I thought it would be the spinning chair jscript.

> Actually, we had most of a 709 in high skool, but never could get the
> tube infested 36 bit monster to count. On graduation in 1971 and

Ah, that's where I messed up. What did you do between 1971 graduation and
now to gain the extra years? If 17.9 years old is a good median high
school graduation, 40 years ago would have you graduating from high school
in 1964. Earlier references to 1997 - 49 would be 1950, so maybe the high
skool reference sentence was blurred, and you graduated from college in
1971. That doesn't match 2005-58. Neither does 1950+57.9.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5