The access point initiated access. It broadcast its SSID (beacon) on a regular basis. It is after all the ACCESS point, not me and my rig. It keeps shouting its name 'LINKSYS' 'LINKSYS', its attempting to communicate with me isn't it?

I reply, it says some stuff to me, but it keeps shouting LINKSYS. - I didn't associate with resources reserved for someone else, not according to the device. It gladly associated itself with me and my client and continues to shout its name. - i'm assuming it talks to everyone cause after it associated with me it keeps on shouting LINKSYS. I would assume it might have me mixed up with someone else, mistaken identity, if it stopped shouting to everyone at large after It started talking to me, but no it doesn't think I'm someone else, its not trying to talk to one person, its trying to communicate with everyone - the public.

I still am not sure if my access is authorized. I mean so far we have established a) it is an access point, one can reasonably expect to obtain access using it (b) its public, it'll talk to anyone at all, it is not waiting for that special person, does not have me mixed up with someon else

what to do what to do? Simple, lets ask. I broadcast a request to obtain some information, I send it to everyone, not just the access point - i send it to IP 255.255.255.255 MAC FF:FF:FF:FF:FF - I requested an address from anyone thats listening and willing to give me one. I didn't demand, I didn't lie about who I am, I didn't impersonate someone else's card, I just asked - and not even mr LINKSYS, i asked anyone who is listening. I, being a reasonable person, know that it is quite simple to configure a device to not reply to my request.

I received a reply! I could have received any number of replies or no reply at all. I could have received a non-routable IP or bogus DNS or nothing at all but instead I received an address very similar to the address an authorized client would receive, same subnet, valid gateway, valid DNS. I just asked for it, I didn't use deception.

Next I want to check my mail, I send some packets to the ACCESS point in the hopes that it doesn't determine I am unauthorized to communicate with the WAN side of the access point. I very well could be unauthorized to communicate with the WAN side and might be informed so by a rejected packet, perhaps by a firewall built into the device... nope, It passed my packets to the intended host.

I still dont know if I am authorized, but I'm having a harder time making a case otherwise. I'll wait for the reply from the destination host. I will see if the ACCESS point wants to pass those back to me. It does, there is my email.

So I'm a reasonable person and reasonable people know there are a growing number of public APs. They also should know you dont have to hand out an address, that you dont have to broadcast information needed to associate, that you dont have to route packets for unauthorized hosts.

do i have to prove my access was authorized? i shouldn't, the accused has to prove nothing.

does someone have to prove my access was unauthorized? absolutely, proof is the accusers burden.

I'm not sure I can say my access was authorized, but I can say that I used common sense every step of the way and every opertunity was afforded to deny me access should it be unauthorized.

anyway who is to say the beacon the AP sends is so innocent? It is what normally initiates the communication. Wouldn't the AP be just as unauthorized in establishing a connection to my client?

I like the analogy of the guy standing in his front yard yelling his credit card number.

Its like this, pedestrians have the right-of-way UNLESS they jump in front of a car in a reckless manner. My access is UNAUTHORIZED unless you operate your ACCESS point in such a way as to give no clues about its acceptable use, restrictions on use, or otherwise in a manner INDISTINGUSHABLE from authorized public access points.

one last point, and its a big one - VIOLATION OF TERMS OF SERVICES IS NOT A FELONY IN AND OF ITSELF. VERIZON != LAW CRAFTING BODY

"So, if Verizon determines that your 802.11 connection constitutes a non-commercial resale (and is unauthorized) not only can it cut you off, but it can make you a felon."

you may end up being a felon, but verizon had nothing to do with it. I really doubt you'll end up a felon, if so you should consider moving to a less facist state. You are more likely to end up getting a fine, maybe probation and a suspended jail sentence - misdemeanor

where the hell did you come up with this felony junk? yah yah there are laws on the books in virginia stating its ok to forcibly sterilize 'feebleminded' persons. In fact it was held up by supreme court as late as 2000?

If i were you, i'd be more concerned about your fertility than your felony status.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/237/33701#33701