this post was submitted on
18 points (73% like it)
28 up votes 10 down votes
shortlink:
to anything interesting: news article, blog entry, video, picture...

17
18

/r/netsec: Does anybody else probe over-zealous overly secured public WiFi hotspots? (self.netsec)

submitted ago by uxp

sorry, this has been archived and can no longer be voted on

/r/netsec, When school is in session I accompany my girlfriend to a coffee shop in town that caters to students. They have a whole room of booths, all that have electrical plugs on each table, wifi throughout, and actively kick out people that play youtube videos too loud and are being disruptive. It's nice, even though I'm not in school, because the atmosphere helps me stay more focused to get side-work and hobby projects worked on without constant interruption.

Last semester, the WiFi authentication was completely open, but the majority of ports were closed, even for outbound traffic. I could never check my email while connected. Strangely enough, 22 was open, so I could always set up a ssh tunnel if I needed. It was annoying, but easily worked around.

This semester the owner implemented WiFiDog, requiring registration and authentication with 2 hour leases on LAN IP addresses. Even more ports are closed. He locked down many ports between LAN addresses, including 80, so my girlfriend can't view sites that I'm working on my localhost. I didn't know that was even possible to do. He also closed port 53, including outbound, so we're required to use the router as our DNS server. But port 22 is still open...

This type of paranoia security baffles me, so I went snooping around the authentication server to dig up some information. Does anyone else sniff around Public WiFi hotspots who's operators secure it in really strange and frankly unnecessary ways? Or am I just a jerk?

all 16 comments
sorted by:
best
hot
new
controversial
top
old

[–]rnicoll 8 points9 points ago

sorry, this has been archived and can no longer be voted on

Registration is probably a legal concern, about what if someone downloads illegal material over his connection.

Restricted traffic between systems is probably to protect you from someone trying to get into systems that may have file sharing (as in Windows file sharing) left open.

It's not actually that paranoid, IMHO.

[–]aviewanew 2 points3 points ago

sorry, this has been archived and can no longer be voted on

It's the law in Italy for Internet Cafes to take down your passport number/drivers license before you can use the computer.

[–]uxp[S] 0 points1 point ago

sorry, this has been archived and can no longer be voted on

It's not the law here. While I agree completely that its a legal safetynet to require registration, theres no legal need where I'm at.

[–]aviewanew 1 point2 points ago

sorry, this has been archived and can no longer be voted on

My mistake then, that's what I was told in several cafes there when I was there a few years ago.

[–]uxp[S] 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Sorry, I ment that 'here' is not Italy. I'm in Utah, USA. I have no idea what the Internet Cafe laws are in Italy.

[–][deleted] 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Italy must not know governments and terrorists use cloned documents. This security measure will only inconvenience the innocent.

[–]Sec_Henry_Paulson 2 points3 points ago

sorry, this has been archived and can no longer be voted on

I don't think you're a jerk for snooping around, but to say that the security isn't warranted is not correct.

Public WiFi networks are not generally intended to be "Party LANs" where you can just play with other hosts around you at will.

Even allowing computers on that same network to talk to each other is a horrible idea.

You can turn your laptop screen around to show your girlfriend what you're working on, you know. Opening up a network like that is not worth allowing anyone out there to just man-in-the-middle all of your internet traffic because they feel like it.

Once you start operating your own network that you allow other people to use, you'll quickly understand why people don't just buy a linksys off the shelf, plug it in and leave it open.

Also, as a network owner, in the event you implement no security, good luck defending yourself against copyright infringement lawsuits and waking up to the secret service knocking on your door wondering why you're threatening public officials.

Offering a service is not without responsibility.

[–]uxp[S] 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Even allowing computers on that same network to talk to each other is a horrible idea.

One thought that crossed my mind last year after I noticed the seven or so Macs connected to the network allowing everyone to connect to their AFP public dropbox, was to: cat /dev/random > /Volumes/Steves\ Public\ Folder/pwned

Which could DoS their machine after it ran out of space. your comment I completely agree with. The security isn't un-warranted. Its just interesting to see it actually implemented instead of the usual "it will never happen to me, and its not my concern" wild-west approach.

[–]destroyeraseimprove 1 point2 points ago

sorry, this has been archived and can no longer be voted on

I wonder if ARP poisoning would work

[–]haywire 2 points3 points ago

sorry, this has been archived and can no longer be voted on

Well if he blocked ARP packets the network would likely die.

[–]destroyeraseimprove 2 points3 points ago

sorry, this has been archived and can no longer be voted on

Killing the network is always a valid activity

[–]ultranonymous 2 points3 points ago

sorry, this has been archived and can no longer be voted on

The best way to achieve true network security.

[–]t0c 2 points3 points ago

sorry, this has been archived and can no longer be voted on

I would do the same. Because it makes me curious. Why? Why has someone put the time and effort into this? Not to mention the money.

So either the boss was a jerk or the connection was eating too much BW so he is trying to save some? shrug snoop away! Just make sure you change your MAC :)

[–]Darkmere 0 points1 point ago

sorry, this has been archived and can no longer be voted on

I've done this level of "paranoid" setups myself as a practice/trial, and a small scale Real Life event is the best way of getting actual testing/coverage and usage metrics from it. It's well worth a few hours of time to do such proof of concept for a pub/café before you tell a corporation what's doable and not.

And sure, probe away, you'd make the admins day ;)

[–]uxp[S] -1 points0 points ago

sorry, this has been archived and can no longer be voted on

I actually know the owner of the shop. The internet connection is through the same ISP I use at home, which is a smaller local company. Some years ago, they gave free DSL lines to retail businesses (restaurants, coffee shops and bookstores) to offer free public WiFi. That project has evolved over the years, and the businesses are now free to tune the service to fit their needs. This coffee shop has 2 bonded DSL lines, and I hardly ever notice much lag on it. Most customers are nice enough to not stream 720p YouTube videos all night. The 2 hour limit now put in place will probably curb some of that by making it inconvenient to stream large movies by cutting the connection mid video.

I know the owner didn't implement this himself. He hired it out to someone, and most likely someone who attends one of the regular Hack-A-Thon meetings or User Groups that occasionally use the shop for meetings, which I can safely assume that person has a day-job administering a large Linux network. I'm not frustrated with this network, because like I said I can still tunnel all my traffic through ssh on one of my servers. But I would imagine that anyone that required any email access outside of Gmail/Hotmail would get frustrated. The only reason I can see to restrict this traffic is to prevent some rogue laptop with spam-producing malware from sending out email, which seems less likely than some guy named Steve trying to get the latest report from his companies email server.

And if I do end up finding a way to break the network, or do something bad for everyone else that uses it, I'll be the first to let him know exactly what I did so it can't happen again. I'm not trying to do any blackhat sort of stuff, but every time I boot my laptop there, I have to remember than I don't have free reign, including cloning any git:// or svn:// repositories, downloading anything from an FTP server, or checking my email outside of mutt in a remote shell session. The whole idea of a network like that being secured in that way both makes me happy that some people take security seriously, and confuses me as to why its secured that particular way.

[–]nkwell 0 points1 point ago

sorry, this has been archived and can no longer be voted on

I would consider port 22 being open a kind gesture to those smart enough to discover it was open ;)

Use of this site constitutes acceptance of our User Agreement and Privacy Policy. © 2012 reddit inc. All rights reserved.

REDDIT and the ALIEN Logo are registered trademarks of reddit inc.

π Rendered by PID 30366 on app-137 running 4208376.