> If the hotel charges for internet access (and many do) it's actually > fairly trivial to match activity logs to room registration.
Depends on how thoroughly it's done. I recently stayed at a place that had "open WiFi" which was actually some weird pay-to-use system. But I noticed DNS worked. (Well, mostly; they broke TCP fallback. I don't know whether because they didn't know the DNS used TCP or didn't care; I suspect they didn't know but wouldn't've cared if they had known.) I took a wild guess that they had simply opened UDP port 53, set up an IP-in-UDP tunnel on port 53, and bing! instant connectivity back home. I don't see any way they could link that to our registration, unless possibly we were the only guests registration overlapping with all of the periods during which I tunneled traffic (and even then, showing it wasn't someone wardriving would have been hard). (Or, perhaps, unless one of the relevant people reads funsec... :) Of course, this would have been fairly easy to defeat, if they had wanted to (which of course would have required thinking of it; as perhaps you can tell, my opinion of the technical ability of the people who set it up is not high). Wired connectivity, of course, is another story entirely. (Normally, I don't like kludging around security like that. But the motel owner seemed somewhat ambivalent about the system, which was outsourced; when we spoke with them they outright recommended toddling up the street to a pastry/cafe place which actually _did_ have open wireless - which, btw, was the place from which I connected back home to set up the port-53 tunnel.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
