SJS wrote:
begin quoting Robert Donovan as of Fri, Mar 14, 2008 at 02:35:41AM -0700:
On Fri, Mar 14, 2008 at 2:00 AM, Tracy R Reed <[EMAIL PROTECTED]> wrote:
Andrew Lentvorski wrote:
Coming down on those who are
ignorant with the object of educating them is one thing. Coming down
hard on those who are content to remain ignorant after having been
informed might also be acceptable, but taking advantage of someone
just because people happen to be ignorant of a vulnerability is the
very kind of exploitation that I hear people railing against on this
list all the time.
Is it really exploitation?
The problem is that we have three categories of use here -- the person
who gets on to an open wireless network, checks a few things, and then
quits; the person who spends a moderate amount of time and bandwidth
on open wireless networks for extended periods of time; and finally, a
person who saturates the wireless network with their own traffic,
rendering it unusable to anyone else.
To criticize the first person IN ANY WAY is ludicrous. It's an open
network, there's probably no noticable effect of their usage.
The third person is a leech, and is likely to be unwelcome on any
network; if the wireless network were a commons, this would be an
abuse of the commons. This is an abuse of any sort of shared resource,
even if the resource were to be shared deliberately. I'll buy that
as exploitation.
So that leaves our second person... is it a reasonable use?
I put forth that if there's no apparent network load imposed by
certain utilization, then we have a reasonable level of use.
No harm, no foul. If packets aren't stomping on each other, and we
aren't seeing a lot of retransmits or timeouts, it's shouldn't be an
issue. (But that's just general network good behavior anyway.)
And as far as legality of using a resource someone else has paid for,
most ISP AUP's prohibit sharing the connection, so technically, it's the
owner of the open AP that is abusing the resource.
In the case of those ISP's whose only restriction of bandwidth usage is
that it not be resold, neither running an open AP nor using it is a
legal violation, such abuse mentioned by SJS aside.
Is it a vulnerability, when it looks like a feature that others provide?
Note that we're not talking about cracking the WAP security, we're
talking about (reasonable) use of an open wireless network, in a world
where a lot of people get a kick out of providing free network access.
This isn't equivalent to tying into someone's _wired_ network, after
all.
I agree that taking advantage of the unfortunate is reprehensible. I
don't agree that assuming everyone is incompetent and a victim is a
good idea -- for one, it's insulting.
Exactly. And how do we determine who is generous by design and who
generous only through ignorance?
I keep my own AP secure not because I'm not generous, but because of the
law's attitude that if someone uses my network for illegal purposes, the
burden is on me to prove it was someone else. I can't afford that. And
since my ISP is Cox, I'm not allowed to share anyway.
However, if it were open, I'd have no problem with others using it. I
would be highly annoyed if people started knocking on my door to ask. In
fact, I suppose if that were a common practice, it would be enough to
cause me to close my AP again.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
