can wireless user access other wireless user via Access Point?

rio · 12-23-2003, 01:31 PM

Hi there,

Supposedly I broadcast SSID and without setting up WEP key for my wireless Access Point in 802.11b.
When I connect to the Access Point to access Internet, if there's another unknown wireless user successfully connects to my Access Point, could the guy access my computer via such Access Point? Or can the guy only access Internet via the Access Point?

Appreciate for any info!

mikesgroovin · 12-23-2003, 02:47 PM

Yes they can. I know this is a little shady, but it can happen.
In fact, I was in a part of town last weekend, shopping. I had my laptop with me and needed some last minute ideas for gifts. So, I was able to park in a apartment complex and access the net from my car! Here is a screen shot of the wireless routers I saw.
Now, I only "borrowed" the net and then left. But you are placing yourself wide open to anyone who knows how to do this.
After I was done, I was able to send everyone connected to this router a nice Windows message saying "Happy Holidays...thanks for letting me use the internet!". Every router contains a DHCP client list. So you can either send a broadcast packet or send info (or connect to) a direct NetBios name or IP.
My point is
USE WEP ENCRYPTION!

-Mike

Inaris · 12-23-2003, 02:58 PM

Mike, that is too funny. I hope the guy running that router fixes it. Otherwise, just give out the street to your friends and have a lan party out of a big van parked next to the building...

well, actually acessing you computer is a little more difficult then just gaining acess to the router. There is local machine passwords and such, but that is still not the secure. Using WEP is the only way to really protect a wireless acess point.

rio · 12-23-2003, 10:10 PM

So, just want to be sure, does it mean that if I also know the password of the remote computer, I can access such computer via access point?

paintballer · 12-23-2003, 10:15 PM

thats great lol

mikesgroovin · 12-24-2003, 01:21 AM

*Rio*
Sorry, but I believe that I went a little overboard. I just wanted to prove a point that WEP encryption is worth the 5-minute setup time. I'd also like to illustrate that changing your router password is KEY!
To answer your question, yes, someone "able" enough that did acces a connection to your router also means that they are on the same "collision domain" or "group" as everyone else on that same router. If I had a username and password to one of your machines, I would be able to authenticate to the machine and access any shared resourses.

-Mike

rio · 12-24-2003, 01:37 AM

Thank you very much, Mike. I know about without WEP key, a private AP could become a public AP. But it seems that a router is a device which is a hub plus routing function, and is total WLAN device. I always misunderstand that a router can't act like a hub.

Also thanks for the hint from Inaris.

ekÃ†sine · 12-24-2003, 03:35 AM

no a router is a router and a hub is a hub. most networking hardware is being merged. most wired or wireless routers come with built-in switches (like hub, but much more efficient)

Qiranworms · 12-25-2003, 03:53 PM

Mike, which one did you connect to?

A lot of networks there...and very few actually had WEP setup. That certainly shows a level of ignorance. Problem is, the vendors don't seem to tell people how necessary it is. They advertise "Encryption Protection" and such, and people seem to think that by seeing this logo they are protected.

Anyhow, another security measure is to disable the SSID broadcasting. This requires knowledge of the network you are trying to connect to, because you cannot just "see" the SSID in a list...you have to know it. Basically doing so can protect you from someone who could potentially break into the encryption. This combined with WEP usually does the trick (WEP alone should be fine though, for those who don't feel like setting this up).

Not long after I had initially installed my network, there was a strange occurance. I was playing around in the workgroup folders, and saw a computer name that I was quite sure was not on my network. I went in out of curiosity, and explored enough to find out it was a computer on my next door neighbor's network. Turned out the networks had somehow bridged. I installed WEP in our house, and went to them to do the same. I'm sure ISPs would not like people to be discovering that the ranges of networks can extend two houses...neighbors could share one connection by using network bridging devices.

12-23-2003, 01:31 PM	#1 (permalink)
rio Newb Techie Join Date: Oct 2003 Posts: 13	can wireless user access other wireless user via Access Point? Hi there, Supposedly I broadcast SSID and without setting up WEP key for my wireless Access Point in 802.11b. When I connect to the Access Point to access Internet, if there's another unknown wireless user successfully connects to my Access Point, could the guy access my computer via such Access Point? Or can the guy only access Internet via the Access Point? Appreciate for any info!

12-23-2003, 02:47 PM	#2 (permalink)
mikesgroovin honk if you route packets Join Date: Sep 2003 Posts: 3,742	Yes they can. I know this is a little shady, but it can happen. In fact, I was in a part of town last weekend, shopping. I had my laptop with me and needed some last minute ideas for gifts. So, I was able to park in a apartment complex and access the net from my car! Here is a screen shot of the wireless routers I saw. Now, I only "borrowed" the net and then left. But you are placing yourself wide open to anyone who knows how to do this. After I was done, I was able to send everyone connected to this router a nice Windows message saying "Happy Holidays...thanks for letting me use the internet!". Every router contains a DHCP client list. So you can either send a broadcast packet or send info (or connect to) a direct NetBios name or IP. My point is USE WEP ENCRYPTION! -Mike Attached Images

12-23-2003, 10:15 PM	#5 (permalink)
paintballer Super Techie Join Date: Dec 2003 Posts: 317	thats great lol __________________ Athlon 64 X2 4200+ Biostar T-Force 550 2GB Gskill Ram 250GB Western Digital 200GB Western Digital 2 DVD Burners Apevia 500W PSU XION Solaris Case XFX GeForce 8600GT Hanns·G HG-191RP 19" 2ms Widescreen LCD Ubuntu, Windows XP ________________________ Acer Aspire 5570-2609

12-25-2003, 03:53 PM	#9 (permalink)
Qiranworms Super Moderator Join Date: Mar 2003 Posts: 1,637	Mike, which one did you connect to? A lot of networks there...and very few actually had WEP setup. That certainly shows a level of ignorance. Problem is, the vendors don't seem to tell people how necessary it is. They advertise "Encryption Protection" and such, and people seem to think that by seeing this logo they are protected. Anyhow, another security measure is to disable the SSID broadcasting. This requires knowledge of the network you are trying to connect to, because you cannot just "see" the SSID in a list...you have to know it. Basically doing so can protect you from someone who could potentially break into the encryption. This combined with WEP usually does the trick (WEP alone should be fine though, for those who don't feel like setting this up). Not long after I had initially installed my network, there was a strange occurance. I was playing around in the workgroup folders, and saw a computer name that I was quite sure was not on my network. I went in out of curiosity, and explored enough to find out it was a computer on my next door neighbor's network. Turned out the networks had somehow bridged. I installed WEP in our house, and went to them to do the same. I'm sure ISPs would not like people to be discovering that the ranges of networks can extend two houses...neighbors could share one connection by using network bridging devices. __________________ -->Marc Error: Keyboard not attached. Please press F1 to continue. -------OS----------Gentoo Linux------- ------Browser-----Mozilla Firefox----- \|\|\|Official Forum Rules\|\|\|

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

12-23-2003, 02:58 PM	#3 (permalink)
Inaris Master Techie Join Date: Oct 2003 Posts: 2,258	Mike, that is too funny. I hope the guy running that router fixes it. Otherwise, just give out the street to your friends and have a lan party out of a big van parked next to the building... well, actually acessing you computer is a little more difficult then just gaining acess to the router. There is local machine passwords and such, but that is still not the secure. Using WEP is the only way to really protect a wireless acess point.

12-23-2003, 10:10 PM	#4 (permalink)
rio Newb Techie Join Date: Oct 2003 Posts: 13	So, just want to be sure, does it mean that if I also know the password of the remote computer, I can access such computer via access point?

12-24-2003, 01:21 AM	#6 (permalink)
mikesgroovin honk if you route packets Join Date: Sep 2003 Posts: 3,742	Rio Sorry, but I believe that I went a little overboard. I just wanted to prove a point that WEP encryption is worth the 5-minute setup time. I'd also like to illustrate that changing your router password is KEY! To answer your question, yes, someone "able" enough that did acces a connection to your router also means that they are on the same "collision domain" or "group" as everyone else on that same router. If I had a username and password to one of your machines, I would be able to authenticate to the machine and access any shared resourses. -Mike

12-24-2003, 01:37 AM	#7 (permalink)
rio Newb Techie Join Date: Oct 2003 Posts: 13	Thank you very much, Mike. I know about without WEP key, a private AP could become a public AP. But it seems that a router is a device which is a hub plus routing function, and is total WLAN device. I always misunderstand that a router can't act like a hub. Also thanks for the hint from Inaris.

12-24-2003, 03:35 AM	#8 (permalink)
ekÃ†sine Wizard Techie Join Date: Jul 2003 Posts: 3,940	no a router is a router and a hub is a hub. most networking hardware is being merged. most wired or wireless routers come with built-in switches (like hub, but much more efficient)