Mike Landi
August 7th, 2006, 08:55 PM
So I was on vacation last week in southern NJ. Wildwood Crest to be specific. The hotel we were staying at advertised high speed internet access, so I brought the trusty Dell notebook.
After checking in, and taking a swim, I fired up the notebook to check email.
I quickly found the router for the resort broadcasting a SSID that was obviously the hotel. I tried to connect and was challenged for a WEP key. Okay, I thought, lower security, but security at least. I made sure McAfee was running at full strength and then went to the office to get the key. Got the key, typed it in, and I was on.
The next morning, I was browsing around and I happened to accidentally open "My Network Places" instead of "My Documents". To my surprise, XP reported a network place called "WRT54G". Uh, oh. I tried to connect to it and was password challenged. Figuring that for some reason the hotel wanted their router advertising itself, but assuming it was secure, I tried the default LinkSys password.
Guess what? Yep! I was into the router. Wide open router, factory default password.
That evening, I noticed an odd box on top of the Snapple machine outside, next to the pool. On close inspection, I saw that the box was a vinyl box with two LinkSys high-gain antennas poking out the back with silicone weather caulking smeared all over it. Can we say home-brewed? <g>
The next day I approached the hotel owner and explained that he did have some security on who connects to his network, but once connected, he had next to nil security. I compared it to having a key lock on the office front door, but having the keys to the office safe hanging out of the safe door.
He asked me if I knew how to fix it and, sheepishly, asked if I could help them. I told them I could fix it inside of ten minutes, which I did. I made some changes to his router. I made access to it HTTPS, upped the security to WPA2 with TKIP+AES. I left his key alone since it looked pretty good (10 alpha numeric characters) and I wrote down on a piece of paper the HTTPS IP, the settings and then I had him enter and confirm a password that I did not see.
I told him to keep giving out the code he had been (nice side effect was that all guests who may have tired to connect, and who were dumped off by the router being reset, could get back on using the same code), but do not give out the password he had entered.
The owner (and his grandmother, the place is family owned) were very happy. He said the people he used to set this up were "just learning how to do this".
I accepted a T-shirt for my efforts. Fair trade I think. <g>
After checking in, and taking a swim, I fired up the notebook to check email.
I quickly found the router for the resort broadcasting a SSID that was obviously the hotel. I tried to connect and was challenged for a WEP key. Okay, I thought, lower security, but security at least. I made sure McAfee was running at full strength and then went to the office to get the key. Got the key, typed it in, and I was on.
The next morning, I was browsing around and I happened to accidentally open "My Network Places" instead of "My Documents". To my surprise, XP reported a network place called "WRT54G". Uh, oh. I tried to connect to it and was password challenged. Figuring that for some reason the hotel wanted their router advertising itself, but assuming it was secure, I tried the default LinkSys password.
Guess what? Yep! I was into the router. Wide open router, factory default password.
That evening, I noticed an odd box on top of the Snapple machine outside, next to the pool. On close inspection, I saw that the box was a vinyl box with two LinkSys high-gain antennas poking out the back with silicone weather caulking smeared all over it. Can we say home-brewed? <g>
The next day I approached the hotel owner and explained that he did have some security on who connects to his network, but once connected, he had next to nil security. I compared it to having a key lock on the office front door, but having the keys to the office safe hanging out of the safe door.
He asked me if I knew how to fix it and, sheepishly, asked if I could help them. I told them I could fix it inside of ten minutes, which I did. I made some changes to his router. I made access to it HTTPS, upped the security to WPA2 with TKIP+AES. I left his key alone since it looked pretty good (10 alpha numeric characters) and I wrote down on a piece of paper the HTTPS IP, the settings and then I had him enter and confirm a password that I did not see.
I told him to keep giving out the code he had been (nice side effect was that all guests who may have tired to connect, and who were dumped off by the router being reset, could get back on using the same code), but do not give out the password he had entered.
The owner (and his grandmother, the place is family owned) were very happy. He said the people he used to set this up were "just learning how to do this".
I accepted a T-shirt for my efforts. Fair trade I think. <g>