A little while ago I wrote about the state of wireless networks on my campus. This article will make a bit more sense of if you read part I, but it is not essential. Today I finally got around to doing the second scan. Everyone has been moved in for a week so I figure any access points would have been setup by this time. I found some interesting results and it certainly seems there are more access points than before. Here is the new list of unsecured WEP networks:
1 00:18:39:F1:68:13 "<hidden>" off 2 00:13:10:BC:21:25 "alicia" off 3 02:E0:DD:5C:D3:D8 "ANY" off 4 02:13:CE:00:00:8C "ANY" off 5 00:11:50:76:40:E5 "belkin54g" off 6 00:1C:DF:5E:7C:BB "belkin54g" off 7 00:0B:86:A4:F5:92 "CaptivePortalTemp" off 8 E2:84:77:23:63:BD "Free Public WiFi" off 9 FA:50:CF:E8:E0:F6 "Free Public WiFi" off 10 AA:0B:61:5E:AD:4E "x y's Computer" off 11 02:E0:42:41:32:60 "HHONORS" off 12 A6:52:5A:D7:2C:D2 "hpsetup" off 13 02:13:02:20:81:7C "hpsetup" off 14 5E:0A:12:AD:95:68 "hpsetup" off 15 EA:83:DD:2C:5B:45 "linksys" off 16 00:14:BF:79:20:59 "linksys" off 17 00:18:39:4D:4C:6F "linksys" off 18 4A:5C:07:B1:D1:D8 "linksys" off 19 02:13:CE:02:32:37 "linksys" off 20 02:12:F0:00:00:EC "OurLadyAP" off 21 DE:CE:08:91:89:F7 "print server 053797" off 22 02:8A:D0:30:0E:77 "print server 075462" off 23 02:8F:69:85:0E:72 "print server 2A6845" off 24 02:4A:C7:7C:0E:B7 "print server 2D2508" off 25 00:1D:7E:E7:CC:A1 "Rimmer56" off 26 02:1B:77:00:00:D7 "Wireless Network" off 27 02:12:F0:42:79:88 "Wireless" off
So there you have it. The new list of unsecured wireless access points. I seem to have lost a few since my last scan, but overall there was an increase. I think it is safe to throw away the “CaptivePortalTemp”, “Free Public WiFi”, and anything in the form “print server *”. That means that there seems to be roughly 20 access points. I am not sure about the hpsetup entires either. So if we remove them we are left with 17 unsecured wireless access points on campus. Quite a few considering what the policy is. There are a decent number of secured networks as well, but I didn’t see it fit to list those because they are less of a threat to our overall network security.
I also want to point something else out. Notice entry number 1 “<hidden>” this means the access point was hiding its SSID. Lets take a minute to reflect on how useful hiding the SSID is… done? Yup, it’s only useful in tricking silly Windows computers in to thinking nothing is there. However they are just as easy to detect as anything, and with a little trickery someone could easily decipher the SSID. So let that be a lesson kids. Hiding the SSID is NOT the solution to wireless security.
The one entry, currently labeled “x y’s computer” I changed because the person actually named the wireless access point after themselves. I’m not quite sure why they did that, but I guess they are not at all worried about getting caught.
Though I am not posting the data of the secured wireless access points it is worth mention that I scanned a total 53 networks (unsecured and secured, including the printer servers, etc). This means there were 26 “secured” networks. Of those 26 I would say about half of them used WEP (though I didn’t record the exact data). What is the problem with WEP? Well anyone and their grandma can crack WEP encryption these days. It is almost as secure as having no password at all. Finally I would like to point out that one of them is labeled “Come to room 158 for password”. Talk about being obvious, and let me tell you… it was not hard to figure out what building that was coming from.
Overall I find it very interesting how many people don’t take the wireless policy very seriously. I must admit that I was, at one time, one of those people. I have since stopped, and do not plan on continuing. Even though I think the policy is silly I would rather not be “that nerd” who believes themselves above the AUP (acceptable use policy).