While you might not be liable, you certainly could have to spend a lot of time and money explaining yourself. Not to mention the bad PR you might get if your network was taken over and used to attack somebody else's network. Considering the general insecurity of wireless networks, there's a pretty good chance they will undergo some kind of intrusion attempt. There are, of course, ways to mitigate that, such as restricting MAC addresses, putting IDSs at the gateways of wireless networks, and restricting access to certain times and/or protocols. But, as with all things - that costs time and money to implement. I have one customer where we devised a rather ingenious way to protect their wireless network - we automatically power down all the gateways at night and after business hours. Coupled with host IDS, firewalls, and a few other goodies, it's a pretty safe network now. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ -----Original Message----- From: Jere Retzer [mailto:retzerj@private] Sent: Monday, October 21, 2002 4:17 PM To: crime@private Subject: CRIME Driveby DOS Have there been any cases of wireless networks being exploited to launch DOS attacks? I've heard of driveby spam but not DOS. What's the likelihood of this becoming an issue? Would someone who operates an insecure wireless network potentially be liable if their network were used to launch such an attack? Thanks
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 17:55:59 PDT