Slashdot Mirror

My two favorite app-free pranks:

1. Prankifying WiFi-stealing neighbors

2. Your colleague leaves his desktop unlocked?
        a) Grab a screenshot
        b) Make it the desktop background
        c) Hide any desktop icons/windows
Lots of fun ensures, especially as an educative measure for colleagues/underlings ignoring relevant IT policies.

it can't be that much harder than the upside-down-ternet:
http://www.ex-parrot.com/pete/...

when you have sufficient processing power.

I've actually implemented this on a MITM proxy server with its trusted root certificate being installed via group policy so I could manipulate images on the fly and deliver things like downgraded image quality based on AD group membership. And its all HTTPS and the certificate checks out (on face value to the plebs, at least it doesn't give a warning in the browser) so thats how the images must be supposed to look, right?

If the workstation wasn't in the domain then they'd get yet another different version of the Internet but of course the certificate doesn't check out because the group policy hasn't forced their workstation to trust it.

My employer asked me to do it. And this wasn't in China. If it were China then their computer would trust the certificate and I could do even more fiendish things with their images, on the fly.

Input validation is hard. Example.

Input validation means you need to understand the different class of formal languages, what they can or cannot do, and how a data model can be built using the knowledge of formal languages. Then you also need to understand the standards.

Try uttering the words "context-free grammar", or even just "EBNF" to the average "coder" and see the eyes glaze over.

But that Roku has to pass through a real firewall and because I know it is stupid little device I only let it talk to a select few domains (really how many domains do you need to connect to to watch internet TV) and there is a lot of crap that I just block at the firewall including ad servers for all hosts. That is the benefit of having a good knowledge of computer security is that I can set things up to actually be secure. Also I view all mobile devices as the security holes they are and separate them from the computer that do real things. For shits and giggles I will also screw around with having my own Upside-down-ternet and do various things like substitute words in articles or redirect ad images and flash video to porn images and videos although the latter I really only do when I want to mess with my buddies at poker night.

On the other hand, you could make a slick implementation of this.

I had a lot of trouble with garbled SD cards until I switched to a different power adapter. The newish, 2A Samsung supply I had ended up causing stability issues, whereas my old flip-phone micro-USB power supply works just fine. (Although before I figured that out, my initial workaround was to use an NFS root filesystem, which does have its advantages I guess.)

Filter error: Please use fewer 'junk' characters.
http://www.ex-parrot.com/pdw/M...

Good old Upside-down-ternet.

Not really, he sounds like somebody who's realised that people will continue to flaunt the rules until there are consequences. He also sounds like he's decided that if people are going to ignore their supervisor about home routers, then you might as well fuck with them.

I do something similar in our office - we're essentially serviced offices, so underwriters bring in their own laptops. We don't block anything, apart from Bittorrent, not only because it's *my* name on our subnet whois, but also because it spams our firewall logs, which means tracing *actual* issues is a bitch. If I detect torrenting, I send out an email saying "someobody is torrenting, I don't know who it is yet, but rest assured, I will find you", their traffic then gets throttled to 128kb/s

Another time we had a guy who kept on setting up a static IP, after being told not to. My solution was to implement upside-down internet - transparent proxy that connection and flip all the images. Nowadays I'd be tempted to just inject "transform: rotate(180deg)" into the body tag's style.

Being a sysadmin doesn't mean you can't have fun.

So it's a MITM attack essentially ... similar to this one ... and works on all pirates visiting websites when users are not using SSL?

You say that and laugh, but wait until someone that manages their own DNS, and with an evil intention gets a good idea...

That reminded me of the Upsidedownternet. ;-)

So does the upside-down-ternet!

That link is exactly what I came to post. It's clearly overkill, but overkill is the perfect tool to show someone that they are hopelessly outclassed and they should seriously reconsider their actions.

Except they're not hopelessly outclassed. They broke into the questioner's network and the questioner had to ask Slashdot instead of addressing it himself.

He/she's already demonstrated they've been hopelessly outclassed.

Put the leech on the Upside-Down-Ternet.

I also like this response - http://www.ex-parrot.com/pete/upside-down-ternet.html

That link is exactly what I came to post. It's clearly overkill, but overkill is the perfect tool to show someone that they are hopelessly outclassed and they should seriously reconsider their actions.

There's always upside-down ternet.

"My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun." http://www.ex-parrot.com/pete/upside-down-ternet.html

Ha, that's better than the time I noticed a neighborhood leech had failed to secure his laser printer, to which I sent a few million pages filled with "Thou Shalt not Steal thy Neighbor's Wifi"


Posting anon because, well, one of you might be that leech :)

This is really sad news. My driftnet/webcollage screen in my living room will get boring if it gets starved of all the neighbours' Facebook activity. https is killing all the fun!

What happens if the wireless access point is merely a test device not attached to the Internet? What happens if the admin... plays games...

My next project: A network with the SSID "ThisRouterIsUpsideDown", with some specific settings applied.

Always a classic:

Upside down Internet.

Howto.

http://www.ex-parrot.com/pete/upside-down-ternet.html

--
BMO

squid as a mitm ssl proxy? but like so many previous commenters... why? other than messing w/ a roommate (ala http://www.ex-parrot.com/pete/upside-down-ternet.html) this is really useless. but hell, billables are billables!

Is there anything similar to iftop [1] for Windows?

[1] http://www.ex-parrot.com/pdw/iftop/

This is the best thing you can do for strangers on your network: http://www.ex-parrot.com/pete/upside-down-ternet.html

Oblig XKCD: Passwords are no fun!
And of course: There are some other tricks

In terms of dealing with abusers of your open wifi, here's a great project: http://www.ex-parrot.com/pete/upside-down-ternet.html

What about putting some kind of script where you add a disclaimer and a warning bar to every web page (in the spirit of the upside-down internet).

this story

Yeah, I read the arstechnica article a few days ago, and the comments there were much better than the ones here. Among the sentiments I enjoyed:

• The media coverage of these handfuls of SWAT raids are mostly to scare everyone into securing their access points, because then it makes it easier for the feds to convict you when someone breaks into your wireless access point and downloads CP or something else they don't like. If you have an open access point, they can't really "prove" it was you. But if you have some kind of encryption going, then as far as the court is concerned it just *had* to be you doing the nasty, since you're the only one with the secret keys and there's no wai anyone could possibly break into it, as trivial as we know it is to do.
• The police don't apologize for anything that might happen during a raid. As far as they're concerned, they can do no wrong. But they will get reprimanded by the courts for issuing too many "dynamic entry" warrants prematurely.
• For my part, I think that if enough of us continue running open APs, the police will eventually have to find better ways to cooperate with us in their investigations. I don't really want to live in a world with no open and shared wifi (even though I have a cell phone with tethering and pretty fast HSDPA service, so I don't even need open wifi most of the time)

To actually respond to the OP...

• Set up a separate wifi router. Maybe look into something that can support OLSRd or something so you can get some kind of community mesh network going... this will particularly become important to have lots of people with OLSRd nodes if the government ever decides to use their internet kill switch for some silly reason.
• Run that wifi through a spare wired computer with two NICs, so you can use wondershaper or something to limit the bandwidth going through it.
• Some other good monitoring tools: NTOP (the web-based thing, though the other console ntop is also nice), to log and display traffic type and endpoints SNORT, to help alert if bad things are happening iftop is a good console thingy for showing you what is taking up bandwidth right now. Wireshark, for the times you feel evil and want to do some packet inspection / logging, though you probably don't want to run this all the time.

Good luck and have fun, don't let the man keep you down! :P

Well if you can identify the culprits (the IP and/or MAC of whoever is doing the most damage) you can have some fun with them by creating an upside-down-ternet. That might discourage them.

I don't know about malicious things, but I haven't heard of any bad repercussions for users of upside-down-ternet, which is not so malicious but disruptive.

This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx

This is the regex that Mail::RFC2822::Address uses, which seems to be the most comprehensive: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

I have no idea how that was authored...

In any case, probably the only 100% way to validate an email address is to accept any string and try to send an email with an "is-valid" link in it.

astonishing. That is the worst mess of a regexp I have seen in years :) Email addresses are surprisingly hard to validate. I know as I have tried it before (not using regexps)

This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx

This is the regex that Mail::RFC2822::Address uses, which seems to be the most comprehensive: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

I have no idea how that was authored...

In any case, probably the only 100% way to validate an email address is to accept any string and try to send an email with an "is-valid" link in it.

I'm sure most people here have already seen this, but just because it's relevant, I'll post itt again: http://www.ex-parrot.com/pete/upside-down-ternet.html

Sure they can be, with a loss of quality. Since the grandparent says the images "look like crap", I would assume there's some proxy server in there, shrinking the image dimensions and ramping the jpg compression up to the max. It's fairly simple to do.

The best application of this sort of tech is, of course, messing with neighbours stealing your wireless.

http://www.ex-parrot.com/pete/upside-down-ternet.html

.. or do they borrow all your wi-fi bandwidth? Simpler than http://www.ex-parrot.com/pete/upside-down-ternet.html you can run an old 802.11b system throttled down to 1 Mbit/sec on a crowded channel with a duplicate SSID.

Annoy people by leaving it unsecured, but not connected to the Internet.

No, that's just wrong.

Annoying) Mess with their surfing.
Really annoying) Do so randomly.
Evil) Same sort of idea using iptables, but instead of flipping html, slowly degrade speeds over the course of a couple of minutes.
Satanic) Replace 10% of their images with goatse.

The IT manager opens http://www.ex-parrot.com/~chris/driftnet/ watching images from TCP streams flow :)

Be careful...

http://www.ex-parrot.com/pete/upside-down-ternet.html

dude, THIS is the regex to validate an email address: http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html

Make the Internet Useless Day

We turned it extra useless at work (300 science guys) by putting upside-down-ternet in action... People were in fear of complaining. Those who did were told that they should check if they were using a crossover cable. Fun for the whole day.

Oh yeah -> Upside-down-ternet

Upside-Down-Ternet.

Yes, but you need to first install linux on the router, there are many flavors such as Tomato, OpenWrt, x-wrt, and freewrt, but I think DD-WRT is probably the best place to start. Then you need to split the network as mentioned below.

Best example I know of.

Using an unsecured wifi is more like depositing mail in their unlocked mailbox to be picked up by the postman. (Not stealing their mail)

Still stupid. Because if the owner of the mailbox takes your mail out, reads it, then throws it away before it gets sent you've got no one else to blame but yourself.

The person who owns the wifi owns you and you put yourself at the mercy of that person. There is plenty of instructions on how to do just that ( as was previously pointed out with Upside-Down-Ternet ). So, in regards to the stance "If you leave it open and people use it, that's not stealing.", my reply is this: "If you give them your online bank credentials and they clean out your accounts, that's not stealing either."

Not as fun as this:

http://www.ex-parrot.com/pete/upside-down-ternet.html

You might even purposely not secure your wifi ;).

Lacking more info, I'm going to venture a guess that yes, the 5300 the GP mentions is the Intel Pro Wireless 5300 chipset (802.11abgn, and generally pretty darn good). The Linux drivers for it are open-source, but that doesn't necessarily mean bug-free or that all features are available. It does mean you could try to get it working yourself if you want, though. I have one such chipset myself, and while I've never tried to make it act as an AP, it would be neat to be able to do so.

On a side note, are there any easy Linux tools to make a WLAC card act as an AP and a client simultaneously (as SoftAP apparently does)? That would be very nice - I've only got *one* WLAN card in the laptop and it would be fantastic to be able to use it as simultaneously a client and a repeater that others could access (I promise I wouldn't even redirect them all to 64.111.96.38).

Seriously! That is exactly what I wanted to do a few months ago, but it seems I can't with my WiFi Link 5300. Hostap seems to be for Prism chipsets. Easily creating an AP to share files or to play with neighbors was one of the bonuses I expected from my switch to Ubuntu. What is going on? Is Windows now becoming the fun OS for geeks and Linux the boring Desktop for the average users?

Ghost ridin' the whip! No seriously, I've been wanting to use the Linux host AP features to bring up a mischievous AP that does man-in-the-middle attacks. I'd be connected to some open wifi somewhere, and someone would connect to my netbook and also see an open access point. I'd then give them the upside-downternet: http://www.ex-parrot.com/pete/upside-down-ternet.html

A BOFH might find it more fun to manipulate data from certain websites, rather than block sites.

Oh, you mean something like blurring or mirroring images on websites viewed over an open WiFi access point?