can wireless user access other wireless user via Access Point?

[rio]

Hi there,

Supposedly I broadcast SSID and without setting up WEP key for my wireless Access Point in 802.11b.
When I connect to the Access Point to access Internet, if there's another unknown wireless user successfully connects to my Access Point, could the guy access my computer via such Access Point? Or can the guy only access Internet via the Access Point?

Appreciate for any info!

 

[mikesgroovin]

Yes they can. I know this is a little shady, but it can happen.
In fact, I was in a part of town last weekend, shopping. I had my laptop with me and needed some last minute ideas for gifts. So, I was able to park in a apartment complex and access the net from my car! Here is a screen shot of the wireless routers I saw.
Now, I only "borrowed" the net and then left. But you are placing yourself wide open to anyone who knows how to do this.
After I was done, I was able to send everyone connected to this router a nice Windows message saying "Happy Holidays...thanks for letting me use the internet!". Every router contains a DHCP client list. So you can either send a broadcast packet or send info (or connect to) a direct NetBios name or IP.
My point is
USE WEP ENCRYPTION!

-Mike

 

[Inaris]

Mike, that is too funny. I hope the guy running that router fixes it. Otherwise, just give out the street to your friends and have a lan party out of a big van parked next to the building...

well, actually acessing you computer is a little more difficult then just gaining acess to the router. There is local machine passwords and such, but that is still not the secure. Using WEP is the only way to really protect a wireless acess point.

 

[rio]

So, just want to be sure, does it mean that if I also know the password of the remote computer, I can access such computer via access point?

 

[paintballer]

thats great lol

 

[mikesgroovin]

*Rio*
Sorry, but I believe that I went a little overboard. I just wanted to prove a point that WEP encryption is worth the 5-minute setup time. I'd also like to illustrate that changing your router password is KEY!
To answer your question, yes, someone "able" enough that did acces a connection to your router also means that they are on the same "collision domain" or "group" as everyone else on that same router. If I had a username and password to one of your machines, I would be able to authenticate to the machine and access any shared resourses.

-Mike

 

[rio]

Thank you very much, Mike. I know about without WEP key, a private AP could become a public AP. But it seems that a router is a device which is a hub plus routing function, and is total WLAN device. I always misunderstand that a router can't act like a hub.

Also thanks for the hint from Inaris.

 

[ekÆsine]

no a router is a router and a hub is a hub. most networking hardware is being merged. most wired or wireless routers come with built-in switches (like hub, but much more efficient)

 

[Qiranworms]

Mike, which one did you connect to? :laughing: A lot of networks there...and very few actually had WEP setup. That certainly shows a level of ignorance. Problem is, the vendors don't seem to tell people how necessary it is. They advertise "Encryption Protection" and such, and people seem to think that by seeing this logo they are protected.

Anyhow, another security measure is to disable the SSID broadcasting. This requires knowledge of the network you are trying to connect to, because you cannot just "see" the SSID in a list...you have to know it. Basically doing so can protect you from someone who could potentially break into the encryption. This combined with WEP usually does the trick (WEP alone should be fine though, for those who don't feel like setting this up).

Not long after I had initially installed my network, there was a strange occurance. I was playing around in the workgroup folders, and saw a computer name that I was quite sure was not on my network. I went in out of curiosity, and explored enough to find out it was a computer on my next door neighbor's network. Turned out the networks had somehow bridged. I installed WEP in our house, and went to them to do the same. I'm sure ISPs would not like people to be discovering that the ranges of networks can extend two houses...neighbors could share one connection by using network bridging devices.