Thread: What's the basic security issue with an unsecured home router?
View Single Post
  #7 (permalink)  
Old 05-26-2008, 06:20 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: What's the basic security issue with an unsecured home router?
On Sun, 25 May 2008 22:13:18 -0700, Sharon <Sharongig@yahoo.com>
wrote:

>A neighbor of mine has an unsecured belkin router based on what I see in my
>wireless networks.

Sigh. I've been on a futile compaign to ship wireless routers in a
configuration that is secure by default. Search this newsgroup for
"secure by default" for various rants on the subject.

>I can actually connect and use his internet connection (3 bars) but I have
>my own (five bars) so that in and of itself is of limited interest to me.

I sometimes use my neighbors connection for testing my router
security. It gives me easy access to the WAN (internets) side of the
router, where I can check for vulnerabilities.

>Still, I wonder.

I'm never still, moving all the time, when I'm wondering. If I ever
stop, I'll be in trouble.

>It's almost as if he's extended a palms-out open invitation to me to do
>something, anything. (Am I a bad person for even thinking this?)

Yes. There's no established way advertise an open wireless access
point. There are organizations that help:
<http://www.fon.com>
<http://en.wikipedia.org/wiki/FON>
In general, a wireless router, deployed in its default configuration,
with the default SSID and no password, is a sign of ineptitude, not an
invitation.

A good test is to reverse the situation. If you were to install a
wireless home router, and didn't bother reading the instructions on
how to secure the router, would you want the neighborhood using your
connection?

>There must be some reason people go to the trouble to secure their routers
>(mine, for example, is secured with a password at least).

Yes. Several reasons to do it wrong:
1. Failure to read and follow the printed instructions.
2. Failure to understand the technical risks.
3. Failure to visualize the possible exploits.
4. Failure to appreciate the legal exposure.
5. Bad advice from ISP, friends, and neighbors.
6. Haste in setting it up.

>May I ask what earthly advantage would it be to have the good fortune of
>unfettered access to my neighbor's wireles router short of mischief?

It really depends on your technical expertise and imagination. The
problem is that your definition of "mischief" may not be the same as
your neighbors (or mine). To some, any unauthorized use is mischief.
>What would I want to do that would be of benefit?

Mostly testing the security of your firewall from the internet side.
There are other ways to do this, using web based tools, but it's
sometime easier to do it all yourself.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote