Linksys has included Matt Jones' Warchalking card in the appendix to the manual (PDF) for their latest wireless router (on page 68), but they've definitely not done in as promotion of his ideas. In fact, quite the contrary:
Wireless networks are easy to find. Hackers know that, in order to join a wireless network, your wireless PC will typically first listen for "beacon messages". These are identifying packets transmitted from the wireless network
to announce its presence to wireless nodes looking to connect. These beacon frames are unencrypted and contain much of the network's information, such as the network's SSID (Service Set Identifier) and the IP address of the network PC or router. The SSID is analogous to the network's name. With this information broadcast to anyone within range, hackers are often provided with just the information they need to access that network.
One result of this, seen in many large cities and business districts, is called "Warchalking". This is the term used for hackers looking to access free bandwidth and free Internet access through your wireless network. The marks
they chalk into the city streets are well documented in the Internet and communicate exactly where available wireless bandwidth is located for the taking.
Of course they have every reason to get people to buy more routers, and closing networks is an easy way to do that, but it's interesting to see how they're envoking "hacker" boogeymen throughout the description, after implying some kind of vulnerability created by beacons (which they describe in a way that's clearly not designed to describe what beacons are, but to imply that there's this scary highly technical vulnerability that should be closed off immediately).
Silly, but it just shows how confused people are about bandwidth and property.
Posted by mikek at January 12, 2004 03:02 PM | TrackBackHi Mike! I think Robert X. Crigley came up with a neat idea - a WiFi network that's free to anyone who puts their own WiFi node online. (See this post's URL.) It would be a nice way to reward people for doing the right thing.
Posted by: Brian Slesinsky at January 12, 2004 10:08 PMI've loosened up about my bandwidth at home, but at work, my wireless node connects inside my firewall. It's not our bandwidth that I am protecting, but rather my company's mission critical applications. I suspect this is frequently the case.
Posted by: Ray at January 13, 2004 11:21 AMI agree that mission-critical bandwidth should not be compromised--but, really, what are the chances of that? And other than the bandwidth use, what are the security concerns? There are two ways (well, probably more) to create security: secure the ends or secure the communications channel. Securing the channel is probably much harder to secure than the ends (I think Neal Stephensons crypto novels basically boil down to this fact), but it's the thing that people try to lock down because it seems easier than securing all of the various things on the ends. That's kind of a Maginot Line approach--the minute that the channel security is broken, everything falls. However, I realize the pragmatic aspects of it--securing the channel gives you enough piece of mind so that you can worry about other things, whereas securing everything on the ends is a lot of work. But, frankly, I think that the dangers of bandwidth misuse/damage are a whole lot less than is implied. I think for the most part, it's an idea based around a conservative reaction to an unknown quantity (aka "fear of the unkown") than any specific, real danger. Of course I'm also making judgments without any hard data, so I could be totally underestimating the real problem (but I bet I'm not ;-).
Posted by: Mike at January 13, 2004 03:33 PM