College Wireless (Part 2)

August 31, 2008

A little while ago I wrote about the state of wireless networks on my campus. This article will make a bit more sense of if you read part I, but it is not essential. Today I finally got around to doing the second scan. Everyone has been moved in for a week so I figure any access points would have been setup by this time. I found some interesting results and it certainly seems there are more access points than before. Here is the new list of unsecured WEP networks:

1   00:18:39:F1:68:13   "<hidden>"                     off
2   00:13:10:BC:21:25   "alicia"                       off
3   02:E0:DD:5C:D3:D8   "ANY"                          off
4   02:13:CE:00:00:8C   "ANY"                          off
5   00:11:50:76:40:E5   "belkin54g"                    off
6   00:1C:DF:5E:7C:BB   "belkin54g"                    off
7   00:0B:86:A4:F5:92   "CaptivePortalTemp"            off
8   E2:84:77:23:63:BD   "Free Public WiFi"             off
9   FA:50:CF:E8:E0:F6   "Free Public WiFi"             off
10  AA:0B:61:5E:AD:4E   "x y's Computer"               off
11  02:E0:42:41:32:60   "HHONORS"                      off
12  A6:52:5A:D7:2C:D2   "hpsetup"                      off
13  02:13:02:20:81:7C   "hpsetup"                      off
14  5E:0A:12:AD:95:68   "hpsetup"                      off
15  EA:83:DD:2C:5B:45   "linksys"                      off
16  00:14:BF:79:20:59   "linksys"                      off
17  00:18:39:4D:4C:6F   "linksys"                      off
18  4A:5C:07:B1:D1:D8   "linksys"                      off
19  02:13:CE:02:32:37   "linksys"                      off
20  02:12:F0:00:00:EC   "OurLadyAP"                    off
21  DE:CE:08:91:89:F7   "print server 053797"          off
22  02:8A:D0:30:0E:77   "print server 075462"          off
23  02:8F:69:85:0E:72   "print server 2A6845"          off
24  02:4A:C7:7C:0E:B7   "print server 2D2508"          off
25  00:1D:7E:E7:CC:A1   "Rimmer56"                     off
26  02:1B:77:00:00:D7   "Wireless Network"             off
27  02:12:F0:42:79:88   "Wireless"                     off

So there you have it. The new list of unsecured wireless access points. I seem to have lost a few since my last scan, but overall there was an increase. I think it is safe to throw away the “CaptivePortalTemp”, “Free Public WiFi”, and anything in the form “print server *”. That means that there seems to be roughly 20 access points. I am not sure about the hpsetup entires either. So if we remove them we are left with 17 unsecured wireless access points on campus. Quite a few considering what the policy is. There are a decent number of secured networks as well, but I didn’t see it fit to list those because they are less of a threat to our overall network security.

I also want to point something else out. Notice entry number 1 “<hidden>” this means the access point was hiding its SSID. Lets take a minute to reflect on how useful hiding the SSID is… done? Yup, it’s only useful in tricking silly Windows computers in to thinking nothing is there. However they are just as easy to detect as anything, and with a little trickery someone could easily decipher the SSID.  So let that be a lesson kids. Hiding the SSID is NOT the solution to wireless security.

The one entry, currently labeled “x y’s computer” I changed because the person actually named the wireless access point after themselves. I’m not quite sure why they did that, but I guess they are not at all worried about getting caught.

Though I am not posting the data of the secured wireless access points it is worth mention that I scanned a total 53 networks (unsecured and secured, including the printer servers, etc). This means there were 26 “secured” networks. Of those 26 I would say about half of them used WEP (though I didn’t record the exact data). What is the problem with WEP? Well anyone and their grandma can crack WEP encryption these days. It is almost as secure as having no password at all. Finally I would like to point out that one of them is labeled “Come to room 158 for password”. Talk about being obvious, and let me tell you… it was not hard to figure out what building that was coming from.

Overall I find it very interesting how many people don’t take the wireless policy very seriously. I must admit that I was, at one time, one of those people. I have since stopped, and do not plan on continuing. Even though I think the policy is silly I would rather not be “that nerd” who believes themselves above the AUP (acceptable use policy).