Seeing is believing

I got a new laptop via work this week. Well it's not actually new - it's a hand me down from a former employee but it's a 2.8 GHz P4 so it's not too shabby. It's a Sony Vaio with a very very nice screen; the only thing lacking is that the hard disk is 'only' 60 gigs! Only? Oy vey! It also has a DVD burner that does both + and - R. Enough showing off .

Among other things the new laptop has wireless networking. Given that the whole point of wireless is that you can use the net anywhere it was obviously time to upgrade our house router to a wireless one. So I went out and bought, at Frys on special, an Airlink AR315W router. It does 802.11g and b and also has 4 UTP ports. I brought the router up without actually connecting it to the cable modem so I could lock it down before exposing our home network. I was pleasantly surprised.

Out of the box the router has, of course, a standard admin password (how else could they keep the price down to US$25?). But what pleased me was that remote administration was turned off by default and the firewall was turned on by default. I suspect I could have avoided the extra step of bringing it up without a net connection and not have risked anything.

So I get the box configured the way I want for our three wired PC's. Did a Shields Up check and was happy to see that we're still invisible to casual passers by. Now it's time to configure wireless access. I set the SSID to a particular value (which I'm not going to mention here ), turned off SSID broadcasts and turned on WEP 128 bit security - entered a key phrase and let it generate a key. (I don't have a choice on WEP - the Sony drivers don't support WPA). Then I turned on the wireless card on the Sony. It found three access points. One called 'Linksys', one called 'Netgear' and one with my SSID. Just for kicks I connected to the 'Linksys' and sure enough, there I was on the internet through someone elses connection. Close that one and connect to 'Netgear'. Uh huh, different IP address but I'm out there on the net and able to download kiddie porn that would incriminate that user. I hope it goes without saying that I'm talking theoretical possibilities rather than reality. If not then read my lips; this was and is a theoretical possibility; I don't do that kind of stuff!

Hence the title of this post. I've read about 'wardriving' and how people install all this wonderful new technology and don't know how to lock it down. Now I've seen the evidence with my own eyes.

I've read that WEP is easy to crack (the help files on the router even warn that WEP isn't particularly secure) but if I'm in a neighbourhood where there are three wireless networks available, two of them totally unsecured, what do you think the chances are that I'll be the one hacked?

Meanwhile I've turned on maximum security, aggressive DOS detection and set the router to email me the logs whenever they fill up. I've recieved 7 emails already and the router has been connected for maybe 8 hours. There are some nasty people out there!