This flaw, or rather behavior (since it was designed this way) affects Windows 2000, XP (and my guess is, 2003 Server). Brian Krebs of the Washington Post has the full details here. Up front, I’ll say I consider this a misconfiguration of the laptop, but more on that later.
It’s not that complicated, but the explanation is somewhat lengthy. I’ll leave the full details for the Krebs article, but here’s a shorter version.
Windows looks for any available wireless connections when a laptop boots up. If it can’t connect, it creates an ad-hoc private network with your laptop card assigned a random number in the range 169.254.1.1 to 169.254.254.254.
Here’s the kicker. Windows remembers the SSID of the last wireless LAN you successfully connected to. Once this private network is created, the laptop then broadcasts the SSID looking for other computers that may have connected to that network. Someone sniffing the airwaves can pick up on this and connect to the first laptop, at which point, you’ve got a network and can send data back and forth. Not a good thing. Worse, let’s say you have two laptops that have recently connected to a network with the same SSID (Starbucks, anyone) … if those two are booted and there’s no other network to connect to, they will connect to each other seamlessly.
There’s a lot more detail in the Krebs article, including some real-life examples that should make you shudder. How do you prevent this from happening?
Well, you can either disable your wireless connection (some laptops have a button to disable this) or you can go into Start, Settings, Network Connections, right-click on the wireless networking connection and disable it.
Alternatively, get into your wireless networking connection the same way as above (except instead of Disable, select Properties). Then click on the Wireless Networks tab, then the Advanced button, then under “Networks to access” select “Access Point (infrastructure) networks only”. This will prevent ad-hoc connections of the type above from being created. Earlier I said this was really a laptop misconfiguration, and this is why. This is most likely how your laptop should be set. Ad-hoc networks aren’t really something most people would use.
Scariest thing, this isn’t the default setting on a new laptop, but generally this setting is something I change when I first get a laptop, to speed up connections. But on my newest laptop, I totally forgot about it, so it was set to “Any available network (access point preferred)”. Oops.
Technorati Tags : Security
