Wireless Security Audit

I found myself sitting in the back seat of a car today, toying with Chess on the Mac. (And being defeated in ways I didn’t even understand. Quite discouraging.)

Tired of the endless losses, I started up KisMAC to show the wireless APs that I passed. Between Margarita’s in Nashua and my home, I found 232 access points.

As if doing that wasn’t enough to make me a nerdy loser, I went on to generate some statistics. 32% of the access points were open. (No encryption.) The remaining two-thirds were encrypted; 48% of the access points used WEP, and 21% used WPA. WEP is old an insecure; someone with some targeted utilities can spend about 15 minutes watching network traffic and crack the key to gain entry to your network.

It’s probably not surprising that the majority of the unsecured networks had names like “linksys” and “belkin54g.”

“Wireless Nashua” is an open access point in downtown Nashua. Stopped at a light I connected, and was taken to a captive portal splash page explaining that it’s free wifi for people at local businesses. Neat. A handful of other businesses had open access, too.

A few access points were named “hpsetup.” I’m not sure what this is; this is the only access point that was at the car dealership when I brought my car in for service. Connecting gave me a generic “not actually connected” fake IP, and there was no gateway, and a quick scan of the netblock suggested that there was nothing on it. I have no idea why this is my theory, but I think it might be connected to HP printers that have WiFi capability.

Driving by the hotel between the Bud Plant and the old McDonald’s in Merrimack, I noticed a network called Marriott (open), plus five GoldenTree open APs. I wasn’t aware that the hotel was a Marriott, nor do I know what GoldenTree means. (Ah-ha: GoldenTree is also known as Guest Tek, and provides tech solutions to hotels.)

The highlight, though, was an access point named “Cisco Sys. Security.” It sounds like something that would be set up by a CCNA, and you’d think it’d be locked down with WPA and pass through an ASA firewall before connecting to the rest of the network. All I know is that it was an actually an open AP.

Leave a Reply

Your email address will not be published. Required fields are marked *