I ran a security audit on my Windows laptop using hotel Wi-Fi. The results were alarming.
I’ve spent over 15 years working in enterprise IT. I know the risks of public networks. But even I wasn’t prepared for what my own Windows laptop security audit revealed when I connected to hotel Wi-Fi during a recent work trip.
Using a handful of free and built-in tools, I scanned my machine’s network activity, checked for open ports, and monitored data flows. Within minutes, I found apps sending unencrypted data, a DNS leak exposing my browsing history, and several services broadcasting my device name and OS version to anyone on the same network.
This isn’t scaremongering. It’s a real snapshot of what happens when an average Windows laptop meets an untrusted Wi-Fi hotspot. Here’s exactly what I found — and how you can protect yourself.
The tools I used for this hotel Wi-Fi audit
You don’t need expensive software to run a basic network audit. I used only free, widely available tools:
- Wireshark — to capture and inspect network packets in real time.
- Nmap — to scan for open ports on my own machine and nearby devices.
- Windows Resource Monitor — to see which processes were making network connections.
- DNSLeakTest.com — to check whether my DNS queries were leaking outside my VPN tunnel.
Each tool revealed a different layer of exposure. Together, they painted a troubling picture.
What the audit uncovered: plain text data, open ports, and DNS leaks
Apps sending data in plain text
Wireshark immediately flagged several applications transmitting data without encryption. My email client, for instance, was still using unencrypted SMTP for outgoing mail. A weather widget was pulling forecasts over HTTP, not HTTPS. Even a system update check sent my Windows version and device name in plain text.
On a hotel network, anyone with Wireshark and a bit of know-how can read that data. It’s not just embarrassing — it’s a credential theft risk.
Open ports I didn’t know about
Nmap found three open ports on my laptop: 135 (RPC), 139 (NetBIOS), and 445 (SMB). These are classic Windows networking ports, often left open by default. On a trusted home network, they’re useful for file sharing. On hotel Wi-Fi, they’re an open invitation.
An attacker on the same subnet could potentially exploit SMB vulnerabilities or enumerate user accounts through NetBIOS. I hadn’t disabled these services because I never thought about them.
DNS leak despite using a VPN
I was running a VPN during the test — or so I thought. The DNS leak test showed that some queries were still hitting my ISP’s DNS servers, not the VPN’s. That means my browsing history was visible to the hotel network and my internet provider, even with a VPN active.
Why? Because Windows has a feature called Smart Multi-Homed Name Resolution. It sends DNS queries over all available network interfaces by default. If your VPN doesn’t explicitly block this, leaks happen.
Why hotel Wi-Fi is uniquely dangerous for Windows laptops
Hotel networks are shared, often poorly segmented, and rarely monitored. Unlike a coffee shop, you’re connected for hours — sometimes overnight. That gives attackers plenty of time to scan, probe, and exploit.
Many hotels still use WPA2 encryption, which is vulnerable to KRACK attacks. Even WPA3 isn’t a silver bullet if the network’s guest portal is insecure. And because hotels often place all guests on the same flat subnet, your laptop is directly reachable from the room next door.
Combine that with default Windows settings that prioritize convenience over security, and you have a recipe for data exposure.
How to secure your Windows laptop on public Wi-Fi
After this audit, I made several changes. You should too, especially if you travel frequently.
- Use a firewall to block all inbound connections. Windows Defender Firewall can block unsolicited traffic. Make sure the profile is set to “Public” when you connect to hotel Wi-Fi. This automatically disables file sharing and device discovery.
- Disable SMB, NetBIOS, and RPC on public networks. Go to Control Panel > Network and Sharing Center > Advanced sharing settings and turn off network discovery and file and printer sharing. Then disable the SMB 1.0/CIFS feature in Windows Features.
- Force all apps to use encrypted connections. Check your email client’s settings for SSL/TLS. Use a browser with HTTPS-only mode enabled (Firefox and Chrome both support it).
- Fix DNS leaks. Configure your VPN to use its own DNS servers and disable Smart Multi-Homed Name Resolution. Most quality VPNs have a kill switch that blocks all traffic if the VPN drops.
- Run a quick scan before connecting. Use Nmap to scan your own machine for open ports. If you see any you don’t recognize, investigate.
Final thoughts: don’t trust hotel Wi-Fi — audit it
I walked into that hotel room thinking I knew the risks. I walked out with a much longer to-do list. The truth is, most Windows laptops are configured for convenience, not security. And hotel Wi-Fi is one of the most hostile environments your machine will ever encounter.
A 10-minute audit can reveal exposures you never knew existed. Take it from someone who just ran one: ignorance isn’t bliss. It’s a data breach waiting to happen.
For more on staying safe, check out our guide to public Wi-Fi security tips and how to set up a VPN for travel.