Slashdot Mirror
Turning Network Free-Riders' Lives Upside Down
An anonymous reader writes "You discover that your neighbours are using your unsecured wireless network without your permission. Do you secure it? Or do you do something more fun? A few minutes with squid and iptables could greatly improve your neighbours' Web experience ..." Improve is a relative term, but this is certainly gentler than certain other approaches.
For those that are struggling to understand how the author of this article is accomplishing his approach, here is some further information.
The author obviously has a Linux server in his house, that is running DHCPD
To selectively send some clients to some locations, and others to the normal internet, he assigns an IP address on a different network to clients that don't have MAC Addresses that he knows about.
Forwarding on to sites of his choice is done by using IPTables, which is a utility that allows you to configure the packet filtering components of the Linux TCP/IP Stack. In this instance, the Linux box is just functioning as a firewall, and he is selectively sending requests from certain IP addresses to different hosts of his chosing.
Finally, the Up-side-down and blurry-image conversions is accomplished by sending page requests from those before-mentioned IP addresses to a proxy server, which in this case is Squid - and then allowing the proxy server to run a script which calls an ImageMagick command called mogrify which allows you to resize an image, blur, crop, despeckle, dither, draw on, flip, join, re-sample, and much more.
And that folks, is the rest of the story.
Lindsay Blanton
RadioReference.com
Um, yes they do. At least, the consumer wireless routers I've used from Linksys and Netgear do. Some of them allow you to turn that feature off, but it's almost always enabled by default.
I just moved into a new flat and as it took a while to get internet access, I had to "steal" someone else's wireless (although I take the position that if they want to beam radition through my property, I can do what I want with it). I took the strongest unsecured signal but because (being a sneaky bastard) I know what I would do if I ran an unsecured wireless access point I just tunnelled everything through an SSH tunnel to a proxy at work.
It shouldn't be too hard to set up some fixed IP addresses for your home machines, and let "guests" use a different IP range, for which you have implemented port blocking for all but 80, 25 and a few others for https and sending email, if you wish.
PepperHacks - Hacking the Pepper Pad
Every *image* could be tubgirl.
http://nocat.net/
Essentially what TFA is doing. If your point is to keep people off your bandwidth, this will do it. It wont, however keep them from sniffing your traffic and invading your LAN.
It is still a great piece of software, I currently work for a company whos product is exactly this, commecially (for hotels etc.)
www.solutioninc.com
It's a shame that I have to protect my router somehow, especially because one of my devices (a Nintendo DS) doesn't support WPA at all.
A really easy method is to allow access only to specific MAC addresses. I hate encryption since it's such a pain and I don't do anything secure wirelessly anyways. Now all I have to do is set the MAC address on the router and I'm in!
The DS supports WEP. While WEP is immeasurably inferior to WPA, it does at least make your intentions absolutely 100% clear.
While some in the tech community continue to believe they have implied "permission" to use your network if it's not secured, that isn't how the courts see it. Nonetheless, you can satisfy both schools of thought by securing your network even if it's just with WEP. Anyone who persists in connecting to your network will not merely have difficulty using the non-existant permission argument, but they can't pretend they used it by accident either.
At the same time, as you've taken reasonable precautions to prevent misuse of your network, your liability for anything the person who broke in did will be considerably lower too.
You are not alone. This is not normal. None of this is normal.
Getting horse porn isn't as hard as you think. Just check http://en.wikipedia.org/wiki/Horse_porn
God invented whiskey so the Irish would not rule the world.
Well, the whole LAN issue can be solved by a router with a DMZ. Or, segment the wireless network into a different VLAN. I have an ipcop router at home, and I would just put the wireless network in the DMZ. That way, I know that if the wireless security gets compromised, the router still protects the main network.
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
It is trivial for somebody to sniff your wireless card's MAC and spoof it. However, it requires enough knowledge to operate a sniffer and a MAC spoofer, thus eliminating 99% of the population. And even at that, they have to catch you while you are using the computer in order to find out your MAC, which potentially requires a time investment. After that, they might have to flood the ARP tables (does this even work over wireless?) if your computer is still on while they are trying to spoof your MAC. I guess trivial is a relative term... Why I am even posting this? Somebody please mod me down...