Sign in to follow this  
Followers 0
binary_lulz

tracing activity on an open WAP

7 posts in this topic

Just how much does an open wireless access point see and store?

If I use it to do something, and later it's records are reviewed, will all someone see is the IPs I went to and my MAC address, or the content I viewed as well? If I clear cookies beforehand, is there any way that my session could be traced to me other than MAC address?

0

Share this post


Link to post
Share on other sites

Anything you do CAN be stored. It may not be stored directly on the WAP, but it can be stored. Anything stored would point back to your MAC address if you don't change it. If you are doing something that you don't want to be stored, you should connect to the WAP then use a VPN Tunnel or SSH Tunneling.

0

Share this post


Link to post
Share on other sites
https:// good

http:// bad

Without getting into a long drawn out explanation, when connecting to an access point you don't control even SSL can't be trusted. You are on a network that someone else controls so man it the middle attacks are very possible.

That being said at least with SSL you aren't broadcasting unencrypted. I suppose it's better then nothing.

Bottom line, don't do anything you wouldn't want Johnny Law looking over your shoulder on at an open access point. It might not be a bad idea to find the terms of use for your access point either. Panera Bread has free wifi and they have a few pages of what they do and do not keep track of.

Good luck!

-Dr^ZigMan

0

Share this post


Link to post
Share on other sites
https:// good

http:// bad

Without getting into a long drawn out explanation, when connecting to an access point you don't control even SSL can't be trusted. You are on a network that someone else controls so man it the middle attacks are very possible.

That being said at least with SSL you aren't broadcasting unencrypted. I suppose it's better then nothing.

Both are good points. If you were going to depend on SSL, I'd use just a site with SSL that you have control over. You could put CGI-Proxy on it if you wanted to surf without anyone seeing what you are doing. However, it's my opinion that a man in the middle attack wouldn't work unless you accepted a bad certificate that has been spoofed or you can get trick someone to install a root certificate into their browser from a non-trust CA. Granted it could be done, but I would hope not to someone who is technically savvy.

Uncue

Edited by Uncue
0

Share this post


Link to post
Share on other sites

What difference does it make? Do you think they are going to go to the cops and tell them "someone is using my wireless!" Don't do any personally identifiable stuff and you will be OK.

I see stuff like this allot. Questions like "how can I find someone using my wireless?" And just what are you going to do when you find them?

If you walk up on most people they will just turn off their laptop and play dum, or they mite pull a Glock on you and ask you what you want?

Protect yourself BEFORE you do stupid stuff to minimize the risk if you do get caught.

0

Share this post


Link to post
Share on other sites

some places have laws agaisnt using open wireless points. Either from the offender or the one that left it open I know a few in NYS have that law.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0