wireless connections...whos right and whos wrong?

[rushworks graphics]

ok, had a conversation with my neighbor yesterday on this subject. i noticed when we turn on our computers at our house there are several unsecured wireless connections that pop up. we have our own secured wireless connection. i noticed his was one of the unsecured ones and i knew it was his because its registered with his last name as rhe wireless connection.

he was outside yesterday and i went over and said that we pickup his connection and its unsecured. i told him he should secure it as he didn't want someone going around connecting to his unsecured wireless connection and down loading illegal content or even tapping into his network and getting information from his computers etc.

he laughed at this and said it was all bs that, that could happen! i explained that his wireless connection will have a registered ip address, so anyone down loading or doing anything illegal on his network will be traced back to him and thats nothing to laugh about! he then said that its all to do with mac address's and that he would be all good if anything happened due to the mac address on his computers being different etc.

basically his argument was this> someone use's his wireless connection for illigal stuff, the computer that they are using has a permentant mac address on it and if they happen to then move along to there own wireless back home and go onto there own network with that same computer the mac address is still the same so it can be traced to them.

now, i don't know much about mac address's so i could really comment, however, i said i doubt very much its as easy to trace a computer as that! and due to ip address's which would still have been registered to his network thats where the problem would be etc.

so, is he right in his thinking? i still told him to secure his network but he thinks he knows it all and its all good!.............ah well.

 

[Gino]

You should go over there and shoot his wireless out and show him how easy it is to infiltrate his secured location.

 

[rushworks graphics]

lol.......................hmmmmm good idea gino!

 

[CheapVehicleWrap]

Tonight, brink him a brew, pat him on the back and say "My friend, I am terribly sorry for doubting the vast knowledge of the first person ever to address a good use for a mac."

 

[J Hill Designs]

from a quick walk through google, it seems you would need a trojan loaded onto the computer in order for the mac address to be sent out past the router/switch that it is connected to...

 

[rushworks graphics]

yeah, i have no clue where he got his information from! but hes an idoit if he thinks his method will protect him! hes convinced that the mac address assigned to each computer will get traced and he will be all good if anything happens! like i said, i'm not to clued up on mac address's so i couldn't really answer that one.

 

[2B]

gotta look at the silver lining!

you now have a free & open portal to the land of downloads.

get yourself EL CHEAPO machine, never connect it to your network & start downloading to it then you can;
1 use that machine to use the downloads
2 transfer it to an iPod for the mobile enjoyment

 

[Mike F]

might wanna point him to this post... http://www.huffingtonpost.com/2011/04/24/unsecured-wifi-child-pornography-innocent_n_852996.html

Long story short, he may eventually be proven innocent, but he's still gonna be a suspect.

 

[CanuckSigns]

Don't worry about it, you've tried to warn him, he won't listen.

 

[rushworks graphics]

yeah, i'm not so much "worried" about it, he just kinda stumped me on the whole mac address bit, wasn't so sure about that part so couldn't give him an answer.

 

[jhanson]

A MAC address is a serial number-like unique identifier for a network interface. If he keeps logs (which I doubt from his response) he can tell who's connected to his router with what IP address.

Most routers allow you to control access based on MAC address, but since a MAC address can be spoofed, it's still insecure.

Long story short... even as bad as WEP encryption is, it's still enough to deter probably 90% of the freeloaders out there.

 

[Justin]

Well if his router logs the connections then he could prove it wasn't him. Also, he could have it setup where it rejects any mac address other than his own computers. You should try connecting to his connection, and using the net. If it works ask him what your mac is, and if it doesn't work then he obviously has his connections restricted to the mac addresses of the computers/electronics he has.

 

[choucove]

He is right in one concern: Every computer has a unique identifiable number known as the MAC address. In a local network, this MAC address is used to route network packets from one machine to the next. However, the MAC address is ONLY used in a local area connection really. In other words, the computer and the directly connected device that it is tied to (such as a switch or a basic wireless router) are only going to use their MAC addresses to communicate and locate each other. Beyond this point, such as a computer going out to access a web page, the MAC address is not used. In your standard TCP packet the MAC address is not even recorded, only the source and destination IP address.

This means that if someone is using your network to do illegal activities, the key identifier that can be see is going to be your source IP address. Granted, if you have special monitoring software or devices on your network, you can track who has had access on your network down to the IP address and MAC address that they have used, and you can then further prove your innocence in an event like this, but most businesses and homes do not have this kind of network setup.

Plain and simple, ANY business that has a wireless network (and any home for that matter) should have a password protected secure network, period. There's no reason not to. How much is your information worth?

My uncle, who is one of the leading security systems specialist on the west coast, recently had a situation similar to this he was telling me about. A friend he knew lived near to a hotel, and at his home they had an open wireless network. Turns out someone, probably at the hotel, got onto his home wireless network and was able to access his credit card information and several other pieces of financial information and they have been battling with this identity theft for over a month now since they discovered the incident.

 

[briankb]

He sounds like one of those that knows just enough to get in trouble.

It's true that along with your IP address the switch needs and keeps track of MAC addresses. The IP address is like a address/zipcode and the MAC is like your name. It identifies you on the LAN and on a router/switch it processes each packet of information between the two devices.

It's easy enough to "clone" a mac address. You could even watch his unsecured network and pick up ALL of his computers that connect and make a list of his MAC in a few minutes, if they are connected. PC/MAX/LINUX all have software that will allow you to override your MAC address.

Ask him what happens if someone clones his MAC address... or don't and just wait for some kids to figure it out. A IP camera pointed in his direction with motion capture set should be enough to see the police raid.

 

[showcase 66]

I dont have a password protecting my wireless connection so anyone can see the connection. However I use the wireless mac filter so that the connection will only allow those computers or phones with a Mac Address I manually put in be able to connect to it.

I have had a bunch of friends tell me the same thing. Problem I have always had with passwords on wireless routers was having a power outage and they would lose the password. The router would become wide open to anyone and everyone who could see it then. Of course that was about 5 years ago, so they have probably gotten a lot better with this not happening.

When I would visit my brother in College, I would sit in his apartment and find a bunch of open routers. would connect to them, and more times than not, the sign in to the router was admin with password as the password. I would go in and change the password to log in to the router and block all wireless activity.

Always fun to do when it was close to mid terms or finals. We would see people running across the street to Staples to buy a new router because theirs were broke.

You should see if his password is password and then turn it off. Will show him how vulnerable it really is.

 

[rushworks graphics]

so basically if someone came along and logged into his unsecured wireless network they can download whatever they want or tap into his computers and grab his credit card info and the mac address on there computer can not be traced back to them even when they go back and log onto there home network which would then read that same mac address????

as hes saying that if this happened then the mac address would (unless you actually change it) show up on there home network and the police or whoever could then trace it back to you.

i explained the ip address is where you will more than likely get traced, but the mac address is where i was stumped! so if i'm reading correctly, it makes no difference to someone connecting to an unsecured network and doing whatever they want even with the mac address thing?

 

[J Hill Designs]

the mac address doesnt get sent - passed the router and beyond into the netherscape its all IP unless a software was purposefully placed that sends mac address to wherever (trojan)

 

[rushworks graphics]

oh ok! think i get the mac address bit now. so this seems crazy! if you have an unsecured wireless connection, someone can get onto your connection, do whatever they want, download whatever they want and will never get traced??? man alive, thankfully we've always had secure wireless!!!!!!

 

[xxaxx]

I just moved in to a new apartment and haven't setup my internet yet, but my wireless picks up two unsecured networks that both connect to the internet with full cable modem speeds ... I could easily go on there and download anything I wanted and monitor when their computers are connected to the internet and probably with a quick google search could figure out how to get their private info if I was interested. Definitely a bad idea to leave that unsecured ... even if a person isn't stealing your info or downloading illegally, I'm sure my netflix watching over the last couple days had to suck up a bit of their bandwidth. I get my own connection tomorrow and you better believe it will be secured first thing.

 

[Techman]

routers do not lose their passwords in a power failure..

Anyone with the proper software can infiltrate the wireless system. The right software is easily available.

Omnipeek, Etherpeek and Etherreal come to mind..