I recently strolled past federal buildings along Connecticut Avenue in Washington, carrying a beta-test model of a tablet PC equipped with an integrated IEEE 802.11b wireless PC Card. In no time, it auto-detected a wireless network. The tablet asked me if I wanted to connect. I declined, but as I kept walking, the tablet detected signals for three more wireless networks. . .
I recently strolled past federal buildings along Connecticut Avenue in Washington, carrying a beta-test model of a tablet PC equipped with an integrated IEEE 802.11b wireless PC Card. In no time, it auto-detected a wireless network. The tablet asked me if I wanted to connect. I declined, but as I kept walking, the tablet detected signals for three more wireless networks. (Apparently, the Secret Service is curious about these free-ranging signals, too, and has sent teams around Washington snooping for wireless networks that broadcast signals onto the street.)

I did no probing, so I don't know whether the signals my tablet PC detected came from government, corporate or home networks. Nevertheless, they're out there, just waiting for someone to exploit them.

If a wireless connection extends beyond a network's firewall, or if no firewall exists, any passerby with a wireless notebook PC can tap the network's resources. Even if the network is protected, the passerby might manage to get Internet access.

Say, for example, that the wireless network assigns the intruder a numerical Internet address, as many wireless networks routinely do. That makes a great starting point for hacking. The numerical, or Internet protocol, address lets the intruder guess at the range of IP addresses, which could lead to probing and denial-of-service attacks. Furthermore, passersby who have modern operating systems such as Microsoft's Windows XP can learn the names of the network servers. The GCN Lab found this out during a recent review of XP Service Pack 1. We couldn't connect to the servers, but we could see them.

More insidious is stealthy monitoring of wireless networks from outside a building. Even if the network requires its users to have specific Media Access Control addresses in their hardware, a hacker can pretty easily sniff out such information from a bus stop or park nearby because MAC addresses are transmitted in plain text.

By faking a sender's address, a hacker could break in as surely as if sitting at a desk inside the building.

There are two main dangers to unsecured wireless networking. The first is that an intruder could use information from the wireless connection to steal data or launch an attack on the computing infrastructure.

The second is that an intruder could use the connection for free Internet access. Hackers, and presumably terrorists, know that anonymous e-mail from services such as Hotmail and Yahoo can be traced backward. That's because information about an organization's IP address, operating system and files travels along with the e-mail headers.

Say a terrorist stands outside your office's headquarters and e-mails threats over your wireless network. The digital trail will lead back to your office. And if the terrorist stole a notebook PC to do the deed and gets rid of it afterward, the unsuspecting network administrator will be the one left holding the bag.

To add to the threat, more and more people support the "free Internet" movement in their neighborhoods. Some are "war-chalking," making chalk marks on buildings to signal others what sort of free wireless access can be tapped there, similar to the hobo symbols of old.

I didn't happen to notice any chalk marks as I walked down Connecticut Avenue, but with wireless signals on the street silently screaming for clients, it's only a matter of time.

The link for this article located at SecurityFocus is no longer available.