Back to the future with this Airheads Online article from 2007. Enjoy the humor :)
In director Michael Hurst's 2006 work, House of the Dead 2: Dead Aim (HoD2), an entire college campus becomes overrun with zombies after evil scientist Professor Sig Haig attempts to reanimate a college student after running her over with his car and bludgeoning her with a shovel.
Figure 1. Zombie geek, reading a book in the campus library
In what is certainly a straight-to-the-scifi-channel piece of work, Hurst's story has several interesting parallels to a real-life phenomenon; the emergence and spread of the Free Public WiFi network. Many organizations have reported witnessing the presence of this network in conference venues, hotels, airports and other locations, the presence of which potentially exposing organizations and end-users.
The "Free Public WiFi" network is simply the presence of an ad-hoc network that is configured on many workstations. This paper will examine the origination and the spread of this network to Windows XP workstations, identifying threats that it can expose organizations to, and offer techniques organizations can use to defend against this threat.
It All Starts with One
Intentionally or unintentionally, one workstation is likely responsible for the spread and contagion of the "Free Public WiFi" 802.11 wireless network. Reported 8079 times by users of the Wireless Geographic and Locating Engine (WiGLE ) as of the writing of this article, this Service Set Identifier (SSID) is appearing in locations throughout the world and appears to continue to spread to new systems.
Figure 2. "Free Public WiFi" sightings>
In infrastructure-based 802.11 wireless networks, a centralized device such as an access point is responsible for advertising the presence of a basic service set (BSS) network. Ad-hoc networks, also known as independent basic service set networks (IBSS), do not have a centralized device responsible for network management and synchronization. Instead, each device in the IBSS is responsible for advertising the presence of the network and coordinating network access. In other words, each station in an ad-hoc network takes on and shares the responsibility of an access point.
Zombie Gets Around (just not very fast)
When selecting a wireless network to join, wireless clients typically send 802.11 Probe Request frames, reporting the presence of any networks that return a SSID in Probe Response frames. In Windows XP, this information is presented in a dialog asking the user to select a wireless network, as shown in figure 3.
Figure 3. Windows XP wireless network selection dialog
In Figure 4 we see several networks identifying the SSID ("STAFF", "VISITOR"), basic information about the security of the network, the signal strength of the network, and an icon indicating the type of network. Although not clearly identified in the selection dialog, the icons for the first three networks indicate an infrastructure network, while the icon for the "hpsetup" and "Free Public WiFi" networks indicate an ad-hoc network.
Most modern operating systems accommodate a list of wireless networks that are desirable for the end-user, known as the preferred network list (PNL). Typically, wireless cards will use the preferred network list to identify and connect to available wireless networks in the order they are specified. Figure 4 below shows an example of Windows XP SP2's Wireless Network Connection Properties, identifying three preferred networks.
Figure 4. Windows XP SP2 Preferred Network List
The presence of the "Free Public WiFi" network is due to the nature of ad-hoc networks and the presence of this SSID in Windows XP PNLs. When a Windows XP station is unable to connect to any of the infrastructure networks in the PNL, it will automatically start participating in the first named ad-hoc network in the PNL. For example, in figure 3 the station will connect to the "CWP" network if available, followed by the "somethingclever" network. If neither are within range of the station, the "Free Public WiFi" network is selected. Since this is an ad-hoc network, there is no access point providing connectivity, allowing the station to take on the role of advertising and offering connectivity for this SSID.