Today I happened to still have my WiFi card attached to my laptop when I booted during lunch at a local bagel place. To my suprise I got an IP and was on a network. I knew the bagel place did not offer wireless internet so my curosity was raised and after checking my IP I tried to see what else was on the networl. I entered what I thought would be the IP of another system on the network, and when I was prompted for a user name and password I hit canceled, but in the name of the resource I was trying to access I was able to determine what business had a wireless network basicly wide open.
What I want to know is how do I let them know that they have their newtwork publically accessable?
Yeah. Politely tell someone technically proficient what is happening. I wouldn’t give any indication that you ever connected to anything on their network – only that you saw the AP open.
I finally fired up Airsnort on my laptop and I can pick up 15 APs from my house, 4 of which are wide open.
Geez. After all the publicity that insecure wireless networks have worked up, there are still businesses that don’t even have WEP enabled (insecure to a hacker, but fine for keeping the masses out), let alone require VPNs for access? I guess I’m not surprised.
You know, it’s possible that the IT department doesn’t even know that they have a wireless network. Wireless Access Points are cheap enough now that average folks can afford them. Perhaps a regular user got sick of his company’s IT department dragging their feet on WiFi implementation and brought his own access point from home. Such a unit would likely be using the default SSID and no encryption, making access pathetically simple for ANYONE with even a modicum of knowledge about WiFi.
If this is the case, you would be doing IT a GREAT service by letting them in on your findings any way you can. An email would be great, a phone call even better.
Tell them? Don’t be silly. They’re clearly offering a community service by making free wireless internet connectivity available to the masses! All out of the kindness of their hearts.
At least, that’s what you say when they find out you’re the one that’s been leeching gigs of pr0n off their network…
This business is a day spa and where it is makes me doubt that they have any IT people. I’m not worried about being acccused of theft of bandwith, but and I may be stereotyping here I don’t think they understand whats so bad about having a WiFi network that is wide open. I don’t want to try an use their printer because I am afraid it would freak them out. I can’t access their startup folder because if I browse to \192.168.2.105 I get the a dialog box asking me for a username and password and if I try anything that would then make me someone who is trying to hack their network. The netsend idea is a good one I think I will try that. I can’t send them an e-mail because they don’t have a website.
Now assuming they are totally clueless when it comes to technology how should I phrase the message that they are wide open without scaring them? I’d offer to help them secure it but I would feel safer if thye did not know who I was.
I did that once. I was looking for information on a printer problem I was having, and came upon a printer of the same type hanging out there open to the whole internet. These printers are made for large networks, so they have a small web server that lets the administrator change settings through his browser. That’s what my search hit - the web server of that printer inviting every one to come in and print and screw with the settings.
I printed a little hello note out on it, and then looked up the IP address and called up and told them that their printer was out in the open - and god only knows what else. The IT department was glad of the info.
Actually, I’d think you’d want to scare them, especially considering that you said that they may not understand what’s so bad about having an open wireless network. You may want to point them to a page about wireless security. If they’re not very technically inclinded, this article may be of some help. If they’re nerdy, they could try a comprehensive information source like this, but then if they were nerdy, the network probably would have been secured in the first place.
