Is it safe to use a stranger's WiFi channel ?

Once in a while, there'll be a friendly neighbor who has broadband
internet access with a WiFi router, and has welcomed you to use the
channel free of charge.

Is this a good idea privacy-wise? Is it possible, for example, for
someone with a wireless router to monitor your internet activity while
you're using that router? Also, can they snoop around on your
hard-drive?

....

In news:(E-Mail Removed) ups.com,
wylbur37 <(E-Mail Removed)> had this to say:

My reply is at the bottom of your sent message:

> Once in a while, there'll be a friendly neighbor who has broadband
> internet access with a WiFi router, and has welcomed you to use the
> channel free of charge.
>
> Is this a good idea privacy-wise? Is it possible, for example, for
> someone with a wireless router to monitor your internet activity while
> you're using that router? Also, can they snoop around on your
> hard-drive?
>
> ...

1. No. But free broadband is worth keeping your private stuff private. <g>
2. Yes. Lots of packet sniffing software out there. But do they know what to
do with that software and how to capture important data from it?
3. Yes - depending on your having file and print sharing enabled and what
folders you have shared or other permissions you have set.

Glad you asked - if they hadn't given you permission it'd be tantamount to
theft.

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/

Please note that if you're reading this in a browser and the domain is
not owned by Microsoft then this work is being used without permission.

Access MS Newsgroups :
http://kgiii.info/windows/all/general/msnewsgroups.html

"wylbur37" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Once in a while, there'll be a friendly neighbor who has broadband
> internet access with a WiFi router, and has welcomed you to use the
> channel free of charge.
>
> Is this a good idea privacy-wise? Is it possible, for example, for
> someone with a wireless router to monitor your internet activity while
> you're using that router? Also, can they snoop around on your
> hard-drive?
>
> ...
>

NOTE: Originally posted to alt.internet.wireless,
microsoft.public.windowsxp.general, alt.privacy, and comp.security.misc.
Reply sent only in microsoft.public.windowsxp.general.

Hopefully they secured their WiFi setup and will permit only those that they
authorize to become part of their WiFi network. Otherwise, they are running
an open WiFi setup that can be abused by anyone around them which is
tantamount to them proclaiming that they run an infect host with a trojan
mailer daemon and are inviting anyone to use it to spew out more spam. Will
this friend keep their WiFi and cable/DSL modem running 24x7 so you can
connect whenever you want? Do they have it on a UPS so when they have a
power outage that it doesn't mean you have an Internet outage (if you have
power but they don't)? Did you make any agreement on how much of their
bandwidth you get to use or how much you get? Did their ISP agree to let
non-customers (to the ISP) use their customers network and thus use that
ISP's service with your friend? Not likely as personal accounts at ISPs do
not permit reselling or redistributing bandwidth to non-customers. Are you
willing to incur any legal liabilities for whatever content your friend
happens to download or transmit, and they accept responsibility for whatever
you get and receive? ISPs can disavow responsibility for content (read
their terms of service) but you two can't because you probably haven't
signed any TOS agreement. If any of those "friends" sharing the WiFi is a
pedophile, be prepared to defend yourself when included in a sting as you
are all in the same "family" or entity that is receiving or sending that
crap. If the ISP has problems with their service, who are you going to call
when your friend happens to be on vacation or simply away at work? You are
not a customer of your friend's ISP.

You won't have any privacy with your "friend" because that person can use
Ethereal or another sniffer or a proxy to capture all your traffic. The
only traffic that will be safe from them is when you use secured connections
(SSL) between you and the target site. They won't be able to decipher the
traffic but they will still know where you are going (unless you use an
SSL-enabled proxy beyond them so that the destination is always to that SSL
proxy and the real destination is hidden in the SSL-encrypted traffic you
sent to that proxy). Without encrypted traffic, it is possible their proxy
can modify the web pages delivered back to you from a site. You think you
are safe going to your bank's web site but your friend's proxy modifies the
web traffic to modify any URL links to make use of buffer overrun security
holes in the browser or to redirect you somewhere else, or they could even
add an ActiveX control to install on your host and you think your bank
needed it. Note that even your e-mail can be read even when using SSL since
SSL is only used to secure the login credentials and NOT the content of the
e-mail unless you encrypt your mail before sending it (which means your
recipient must be able to decrypt it).

Obviously if you enable file sharing services and enable sharing on your
drives then it is shared with whomever else is on your (or their) network.
If you really need file sharing amongst your own host on your network, use a
NAT router with firewall to connect to their WiFi network which should block
file sharing from extending beyond your network.

So how much do you trust this "friend"? Is this really a friend (and one
that you have known for awhile so there really is a difference between them
being a friend or just being friendly) or just an unknown in the
neighborhood that is offering you a free connection (and very probably an
illegal one because their ISP doesn't provide redistributing bandwidth to
non-customers)? Might be a good deal if your friend is really someone you
know and can trust, and someone that is reliable (and so is their WiFi and
Internet setup).

"wylbur37" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Once in a while, there'll be a friendly neighbor who has broadband
> internet access with a WiFi router, and has welcomed you to use the
> channel free of charge.
>
> Is this a good idea privacy-wise? Is it possible, for example, for
> someone with a wireless router to monitor your internet activity while
> you're using that router? Also, can they snoop around on your
> hard-drive?
>
> ...


In general not a good idea, for all of the reasons above. Coming from the
other perspective, I do not share my wireless Internet connection with my
neighbors because:

1. There is a (small) risk of them hacking into my computers.

2. My ISP may see how much bandwidth my router is using and raise
suspicions.

3. I may be responsible if my neighbor(s) use my connection to download
kiddie porn, stalk someone online, threaten the president, etc.

4. My neighbor(s) may blame me if anything bad happens to their computers,
being on the same LAN in theory I could hack their computers.

There are more I am sure.

"wylbur37" <(E-Mail Removed)> writes:

> Once in a while, there'll be a friendly neighbor who has broadband
> internet access with a WiFi router, and has welcomed you to use the
> channel free of charge.
>
> Is this a good idea privacy-wise?

Perhaps not.

> Is it possible, for example, for someone with a wireless router to
> monitor your internet activity while you're using that router?

Absolutely. They'll have the ability to see every DNS request you
make which will tell them more than they want to know about you if you
have habits that are questionable.

But... how will they know it's you and not some other neighbor is the
question.

> Also, can they snoop around on your hard-drive?

Potentially depending on your level of host based security and
fastidiousness with patching. You are giving them a free shot at
you on the shared network.

However, the statistical likelihood of someone intentionaly running a
honeypot accesspoint and wanting people to join to get hacked is
pretty slim vs a clueless average user who doesn't know how to change
the default settings of their router. At least in my neighborhood's
age/profession demographic.

Best Regards,
--
Todd H.
http://www.toddh.net/

"wylbur37" <(E-Mail Removed)> writes:

>Once in a while, there'll be a friendly neighbor who has broadband
>internet access with a WiFi router, and has welcomed you to use the
>channel free of charge.

>Is this a good idea privacy-wise? Is it possible, for example, for
>someone with a wireless router to monitor your internet activity while

Yes.

>you're using that router? Also, can they snoop around on your
>hard-drive?

Depends on how your system is set up.


>...

In article <(E-Mail Removed)>, (E-Mail Removed) (Todd H.) wrote:
>"wylbur37" <(E-Mail Removed)> writes:
>
>> Once in a while, there'll be a friendly neighbor who has broadband
>> internet access with a WiFi router, and has welcomed you to use the
>> channel free of charge.
>>
>> Is this a good idea privacy-wise?
>
>Perhaps not.
>
>> Is it possible, for example, for someone with a wireless router to
>> monitor your internet activity while you're using that router?
>
>Absolutely. They'll have the ability to see every DNS request you
>make which will tell them more than they want to know about you if you
>have habits that are questionable.
>
>But... how will they know it's you and not some other neighbor is the
>question.

Yes, included in those packets is MAC address info, doesn't take long to
figure out who is who in a neighborhood like that, is Joe at work and the
house empty, then MAC 123456 must be Bob since he appears to be home.

>
>> Also, can they snoop around on your hard-drive?
>
>Potentially depending on your level of host based security and
>fastidiousness with patching. You are giving them a free shot at
>you on the shared network.
>
>However, the statistical likelihood of someone intentionaly running a
>honeypot accesspoint and wanting people to join to get hacked is
>pretty slim vs a clueless average user who doesn't know how to change
>the default settings of their router. At least in my neighborhood's
>age/profession demographic.

True in most neighborhoods I suspect. Not hard after all to physically find
the AP if you are 'hacked' and skin the neighbor alive <grin>

>
>Best Regards,

fundamentalism, fundamentally wrong.

Galen <(E-Mail Removed)> wrote:
[deleted]
> <das><dash><space>
> Galen - MS MVP - Windows (Shell/User & IE)
> http://dts-l.org/
>
> Please note that if you're reading this in a browser and the domain is
> not owned by Microsoft then this work is being used without permission.

What the heck is that supposed to mean?

*Which* domain? The domain of the (user of the) browser? If so, I
didn't know that you/Microsoft/<whatever> owned Usenet, or Google, or
.... ad infinitum! :-(

If not the domain of the browser, then the heck what, why, etc.?

Frank Slootweg wrote:

> Galen <(E-Mail Removed)> wrote:
> [deleted]
>> <das><dash><space>
>> Galen - MS MVP - Windows (Shell/User & IE)
>> http://dts-l.org/
>>
>> Please note that if you're reading this in a browser and the domain is
>> not owned by Microsoft then this work is being used without permission.
>
> What the heck is that supposed to mean?
>
> *Which* domain? The domain of the (user of the) browser? If so, I
> didn't know that you/Microsoft/<whatever> owned Usenet, or Google, or
> ... ad infinitum! :-(
>
> If not the domain of the browser, then the heck what, why, etc.?

I would interpret it to mean that he has given permission for his posts to
be posted ON Microsoft domains, only. He has that right but, yes, it's
silly. One would think that any court would at least tell someone posting
from GMail that they have to use Google's X-NoArchive header if they don't
want their posts archived. Otherwise you're implicitly permitting users to
access your post from a non-MS domain.
--
derek

"Galen" <(E-Mail Removed)> wrote:

> 2. Yes. Lots of packet sniffing software out there. But do they
> know what to do with that software and how to capture important data
> from it?

Quite a few packages will select the important stuff automatically.
Cain for example will sniff out various kinds of passwords, including
ones for VoIP, and can also capture whole VoIP-sessions turning them
into soundfiles.


Juergen Nieveler
--
Love thy neighbour, but don't get caught.