Exploring an unsecured network.

RobertKaucher

Over the weekend my wife and I went to our son's soccer tournament in a city that shall remain nameless and stayed at a hotel that shall remain nameless. Of course they offered free wifi.

Now I cannot connect to an open network without firing up nmap. What I found was just appalling. I was able to explore 3 separate subnets. I found POS systems, their MFP devices, other guests' PCs, a Server 2003 system (what I imagine was SBS 2003) and what I believe were 3 consumer wireless devices belonging to other guests as they were secured wirelessly but still had their default passwords set. The hotel's wireless systems were also consumer grade devices configured with the default admin passwords. Now to be clear I did not go any further than just seeing what was alive and which ports were open. So nothing illegal as the networks were open and clearly intended for guests to use. But I also changed my MAC address, just to be sure.

It just amazes me how a big company like this is just asking for customer data to get stolen. You would really think that in 2009 a company with hotels in every medium sized or larger city I have ever been in would get a clue. So opening floor to comments...

eMeS

This is one reason why I never use any public WiFi. I have my Sprint Compass thing at all times.

I'm sure someone will reply with a link about how that's a security risk as well.

MS

phoeneous

The free Wifi may have been open to guests but I doubt the devices were. What you did was clearly illegal. Shame on you.

RobertKaucher

phoeneous wrote: »

The free Wifi may have been open to guests but I doubt the devices were. What you did was clearly illegal. Shame on you.

How is it illegal? I did not in any way violate the laws of the state in question which clearly say:
"Without privilege to do so, and with intent to impair the functioning of any computer, computer system, computer network, computer software, or computer program, knowingly do any of the following"
Etc...

The law is very clear that if the network is open and there is no intent to cause criminal mischief looking around is fine. If not, any sort of broadcast traffic would be grounds for an arrest.

All I did was a more technical version of opening and browsing "My Network Neighbourhood" on a Windows system. So not only do I not accept your condemnation but I also tell you to take your shame and stuff it in which ever TCP port you choose.

Hyper-Me

RobertKaucher wrote: »

So not only do I not accept your condemnation but I also tell you to take you shame and stuff it in which ever TCP port you choose.

LOL!!!!

the_Grinch

'Freakshow' Provides Inside Look At Real Malware Behind Big Breaches - DarkReading

Can't trust those places anymore!

RobertKaucher

the_Grinch wrote: »

'Freakshow' Provides Inside Look At Real Malware Behind Big Breaches - DarkReading

Can't trust those places anymore!

I will be paying cash from now on. That's just insane.

crrussell3

RobertKaucher wrote: »

...I also tell you to take your shame and stuff it in which ever TCP port you choose.

Now that is funny!

Bl8ckr0uter

RobertKaucher wrote: »

How is it illegal? I did not in any way violate the laws of the state in question which clearly say:
"Without privilege to do so, and with intent to impair the functioning of any computer, computer system, computer network, computer software, or computer program, knowingly do any of the following"
Etc...

The law is very clear that if the network is open and there is no intent to cause criminal mischief looking around is fine. If not, any sort of broadcast traffic would be grounds for an arrest.

All I did was a more technical version of opening and browsing "My Network Neighbourhood" on a Windows system. So not only do I not accept your condemnation but I also tell you to take your shame and stuff it in which ever TCP port you choose.

+1. The guy(?) is taking a look around. They should have there stuff secure. Speaking of which, the new n map is out I think I might download it tonight.

veritas_libertas

RobertKaucher wrote:

So not only do I not accept your condemnation but I also tell you to take your shame and stuff it in which ever TCP port you choose.

I think you should make that your signature

kimanyd

I love it when random threads get unexpectedly epic.

And MS, you should be connecting to a VPN at your home/office when on the road. You'd even be secure with free wifi if you go that route.

eMeS

kimanyd wrote: »

I love it when random threads get unexpectedly epic.

And MS, you should be connecting to a VPN at your home/office when on the road. You'd even be secure with free wifi if you go that route.

But it wouldn't feel the same as hangin' out with my thang out.

I like the Sprint thing...then I don't have to worry about every crappy WiFi at every airport or hotel. All I really have to worry about is Sprint's crappy service.

MS

kimanyd

I just did a bit of research quick, but it looks like EVDO is actually still a secure protocol. It looks like you're safe (for the time being )

phoeneous

RobertKaucher wrote: »

How is it illegal? I did not in any way violate the laws of the state in question which clearly say:
"Without privilege to do so, and with intent to impair the functioning of any computer, computer system, computer network, computer software, or computer program, knowingly do any of the following"
Etc...

The law is very clear that if the network is open and there is no intent to cause criminal mischief looking around is fine. If not, any sort of broadcast traffic would be grounds for an arrest.

All I did was a more technical version of opening and browsing "My Network Neighbourhood" on a Windows system. So not only do I not accept your condemnation but I also tell you to take your shame and stuff it in which ever TCP port you choose.

Oh so you're going to pull the verbatim card out? Do you really need some law to tell you that using a known hacking tool to enumerate private resources without authorized permission is against the law? I guess I was wrong when I thought all IT professionals were self-serving to do what is ethically right. My bad then...

eMeS

kimanyd wrote: »

I just did a bit of research quick, but it looks like EVDO is actually still a secure protocol. It looks like you're safe (for the time being )

Shame on you for investigating the potential security status of my wireless connection.

MS

kimanyd

I'm all for being ethical, but how in the world does an N-MAP scan of an open network cross the line? That'd be like having someone cover your head with a burlap sack and lead you around by a leash in hopes of preventing you from accidentally looking at attractive women...

MS, just run that britney_spears_nude.exe that I sent you, and we won't have to worry about circumventing EVDO encryption...

eMeS

kimanyd wrote: »

IMS, just run that britney_spears_nude.exe that I sent you, and we won't have to worry about circumventing EVDO encryption...

I have no idea why, but when I read this it reminded me of ~1996 and spending a significant amount of time eradicating macro viruses...

MS

kalebksp

phoeneous wrote: »

Oh so you're going to pull the verbatim card out? Do you really need some law to tell you that using a known hacking tool to enumerate private resources without authorized permission is against the law? I guess I was wrong when I thought all IT professionals were self-serving to do what is ethically right. My bad then...

Haha, good times...

Psoasman

Wow...I'd use port 23, that's about as secure as their network.

mikedisd2

I've haven't seen a negative rep count until now. I guess Phoeneous isn't here to make friends.

kimanyd

Not that it really matters, since it can be abused, but you can sort the members list by rep...

Kaminsky

RobertKaucher wrote: »

How is it illegal? I did not in any way violate the laws of the state in question which clearly say:
"Without privilege to do so, and with intent to impair the functioning of any computer, computer system, computer network, computer software, or computer program, knowingly do any of the following"

So that state law requires the intent to cause damage? That can't be all of that law surely. Leaves the door wide open for legalised industrial espionage and you would have no redress for absolutely anyone hacking into your system to have a look at whatever they liked.

Would be quite easy to take the moral high ground and say this is the same as seeing someones back door left open so you went in for a look around but with Wi-Fi security, you can hardly help yourself. You could probably have discovered the same devices with clever use of IE.


I think you missed a trick there though.
I my father in law was using his laptop on the beach a few years back and his Wi-Fi picked up the pub across the road. He could see all the till network, admin PCs etc. and could even get on and run the software showing him how much was in the cash draws, etc.

He walked across the road into the pub and showed them. They were shocked and paid him a few hundred to put it right that afternoon.

eMeS

Kaminsky wrote: »

Would be quite easy to take the moral high ground and say this is the same as seeing someones back door left open so you went in for a look around but with Wi-Fi security, you can hardly help yourself. You could probably have discovered the same devices with clever use of IE.

I would say it's more akin to looking from your front patio and seeing all of the doors and windows on the house on your street that are open.

MS

Therhino

So how is the safest way about letting people know of your findings.

I have a network in my neighborhood that is unlocked and would love to work with the people to lock it...I am worried its my old neighbors. Whats the safest way to bring your security findings to light

L0gicB0mb508

Therhino wrote: »

So how is the safest way about letting people know of your findings.

I have a network in my neighborhood that is unlocked and would love to work with the people to lock it...I am worried its my old neighbors. Whats the safest way to bring your security findings to light

Probably just let them know that they are not secure and that anyone can connect to it. If they are your neighbors I doubt they will be mad at you for making them aware. Since you are a "computer guy" you might offer to help them fix it.

phoeneous

mikedisd2 wrote: »

I've haven't seen a negative rep count until now. I guess Phoeneous isn't here to make friends.

Yeah seriously, I thought the neg rep died with chat rooms

phoeneous

Kaminsky wrote: »

So that state law requires the intent to cause damage? That can't be all of that law surely. Leaves the door wide open for legalised industrial espionage and you would have no redress for absolutely anyone hacking into your system to have a look at whatever they liked.

Would be quite easy to take the moral high ground and say this is the same as seeing someones back door left open so you went in for a look around but with Wi-Fi security, you can hardly help yourself. You could probably have discovered the same devices with clever use of IE.


I think you missed a trick there though.
I my father in law was using his laptop on the beach a few years back and his Wi-Fi picked up the pub across the road. He could see all the till network, admin PCs etc. and could even get on and run the software showing him how much was in the cash draws, etc.

He walked across the road into the pub and showed them. They were shocked and paid him a few hundred to put it right that afternoon.

At least someone understands the point Im trying to make, thank you.

Oh well, back to studying for icnd2.

tiersten

RobertKaucher wrote: »

what I believe were 3 consumer wireless devices belonging to other guests as they were secured wirelessly but still had their default passwords set. The hotel's wireless systems were also consumer grade devices configured with the default admin passwords.

You tried logging in then?

L0gicB0mb508

Accessing any computer device which you are not authorized, is generally not acceptable. This is especially true if you were trying to log in to the customer wireless devices. You could easily get into a lot of trouble by doing that. In some states its actually illegal to connect to an access point which you are not authorized to be on. It really depends on where you are at. Personally I dont care, because I know there is always a risk of this if you are on a public AP. A lot of people do not.

Not trying to be a dick because we have ALLL done it at one point or another. It's that dirty hacker mindset that got you hahaha.

RobertKaucher

tiersten wrote: »

You tried logging in then?

No. I actually got this information from another parent whose kid is on the team. I did not attempt to access anything. He also works in IT and we just got to discussing how terrible the security was.

State law does not just mention criminal mischief. It also sites the intent to defraud others or commit a crime under other sections of the revised code.

And I do not believe the analogies thus far have been accurate. I believe the more accurate one is driving into a gated community which has "Welcome" posted on it and looking at the houses that are on the street. I did not attempt to gain entry. I had no intent to defraud or do anything criminal.

phoeneous

Perhaps "illegal" was a bad choice of words on my part but Im glad we understand each other now.