If you were to browse for wireless networks in a busy city you would be suprised at how many unsecured networks you will find, many people are oblivious to the dangers, however I would like to outline these.
By unsecure I am refering to a wireless network that is accessible without the need for a network key, although WEP is horribly insecure also I will not be covering its vulnerabilities in this article. Providing an attacker is in range he can connect to an unesecured wireless network and become a part of the local network. Ok so now what? The attack could then run an ip scan on the subnet to establish what is currently connected to the network. At this point the attacker could run various scans (port scans and so on) against the targets. It should be noted that this kind of scan would not be possiblefrom outside of the network as usually a router acts as a firewall and only forwards on traffic to ports that have been assigned for forwarding.
With the above in mind you are at risk to certain exploits if an attacker becomes a part of your local area network, these however are dependent upon what services you are running and if you have any software firewall in place, however the following are more serious exploits that are the real dangers that will jepordise your privacy and possible confidential details, and generally a software firewall will NOT protect you from these.
ARP poisoning – To put it simply this exploit enables an attacker to ‘pose’ as another computer or device, usually your router! This can be done simply by sending a certain amount of arp replies to the victim saying that he has the MAC address of the router. The victim then updates its ARP table and sends all traffic destined for the router to the attackers MAC address. By doing this the attack can then monitor ALL traffic coming in and out of the victim. This needs very little explanation as to why it poses a risk. A lot of confidential details (usernames,passwords) are sent over the internet in plain text or with weak encryption, thus allowing the attacker to compromise your email accounts or other websites you use. There is also the problem of the attacker being able to view pretty much everything your doing online! including all your msn conversations etc.
DHCP spoofing – This exploit requires a little more patience on the attackers behalf however if executed it can be very bad news for the victim. The attacker creates a DHCP server on their system, when a new user comes online whos adaptor is set to automatically assign an ip adddress; the attackers DHCP server attempts to offer a DHCP packet before the router does, if the victim acknowledges the request the attacker can include any details they want, usually their own IP address as the gateway and also DNS server(s) The problems of this are explained below.
DNS poisoning – This is the most serious type of exploit, the attacker can execute this in two ways. The first is explained above, the second is for the attacker to gain access to the router (most unsecured networks are left with default settings, this means the password for the router is usually default also and can easily be found online or guessed!) and then changing the DNS server that it uses to one of the attackers (this could be a local one on the attackers machine, or a rogue one hosted elsewhere) All the attacker needs to do now is create some rogue DNS records that redirect the victim to immitations of websites, usually these look identical however once the username and password are entered and submitted, they get sent to the attacker instead of where they should be sent! The attacker can even get the page to forward the details onto the correct site aftewards, therefore the attack going completely unnoticed. Obviously this is a very big problem especially for sites such as ebay, paypal and obviously online banking.
These exploits above are the most common for an attacker to use to gain confidential information, there are many more and a lot are dependent upon the setup of the network and victims machine.
In summary, it is clear to see that leaving a wireless network unsecure can have serious implications, and gives attackers an open door for them to gain access to all kinds of confidential information. The following security precauations are advised to give optimal security for home users:
–Always secure your network with a WPA or WPA2 key, make sure that the key is long in length and also complex. Avoid WEP at all costs, it is redundant and can be broken in minutes providing an attacker has a good signal.
–Implement MAC address filtering, this only allows traffic from registered MAC addresses. While MAC addresses can be spoofed, it can be a hard process as an attacker has to sniff traffic and anaylse frame headers to see source/target MAC addresses of an authenticated client, this can be very difficult for an unassosciated client.
–Dont broadcast your SSID, while this on its own will not stop an attacker, it is an extra layer of security.
–Use a software firewall, I recommend Agnitum Outpost
While no system in the world will ever be 100% secure, it is important to implement as many security precuations as possible to prevent attackers from exploiting. With the above points in place an attacker would have an extremely hard time ever gaining access to your network.
An interesting article on the vulnerabilities of WEP can be found here