Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Best Way To Leave My Router Open?

Posted by timothy on from the tomayto-tomahto-ddwrt dept.

generalhavok writes "I read the story on Slashdot earlier about the EFF encouraging people to leave their WiFi open to share the internet. I would like to do this! I don't mind sharing my connection and letting my neighbors check their email or browse the web. However, when I used to leave it open, I quickly found my limited bandwidth dissappearing, as my neighbors started using it heavily by streaming videos, downloading large files, and torrenting. What is an easy way I can share my internet, while enforcing some limits so there is enough bandwidth left for me? What about separating the neighbors from my internal home network? Can this be done with consumer-grade routers? If the average consumer wants to share, what's the easiest and safest way to do it?"

13 of 520 comments (clear)

  1. Think again by Anonymous Coward · · Score: 5, Insightful

    Wasn't it just this week that we had the lovely account of someone getting the SWAT treatment just for leaving their router free and open?

    1. Re:Think again by elrous0 · · Score: 4, Funny

      No problem. After you open it up, just call your local police and let them know that any illegal activity on your IP address is probably not coming from you. Problem solved.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    2. Re:Think again by ethan0 · · Score: 5, Insightful

      You, and the many other commenters who agree with you have it completely backwards. Your linked story is exactly why more people should open up their networks.

      Fear of the police abusing their power is a terrible reason to avoid doing a perfectly legal action. Yes, it's more convenient, but if everybody goes along with the police abusing their power in that manner, it implicitly becomes acceptable. Providing internet to other people is not illegal, and not a good reason to get your door kicked in, and the police should know this. The consequence for the police not knowing this should NOT be more people cowering in fear. It should be that whoever is affected files suit against the police and the police are sanctioned for their actions.

      Nobody wants to go through that, of course. But we should.

    3. Re:Think again by MoonBuggy · · Score: 4, Insightful

      To quote the ever-apt XKCD: Fuck. That. Shit.

      The fact that so many technically inclined Slashdot types are crying 'liability' and 'log everything' is almost as saddening as the fact that our government has pushed us to this. That some guy got thrown down the stairs by a rifle-wielding mob from nothing more than an IP address isn't a sign that we should all lock down our precious connections lest the same happen to us, it's a sign that every fucking one of us should open up our connections and tell the government that we refuse to be intimidated. Whether it was just intended as a PR move, allowing the police to say "Look at the nasty paedophile we caught. Aren't we good at our jobs?", whether it was an excuse to give the SWAT team something to do to justify their budget, whether it's a nefarious conspiracy to destroy anonymity, limiting each person to their own easily-surveilled connection, the reason matters far less than the fact that the only reaction that will stop it from continuing is outright defiance.

      Every abuse which we allow to happen, every time we modify our behaviour because of one rather than standing our ground, it only further legitimises the abuse, validates the government in their action, and brings us one more step along the road to greater loss of freedom. For all our sakes, I can't bear to see that happen.

    4. Re:Think again by SealBeater · · Score: 4, Insightful

      ...prove you are innocent...

      I'm no longer so naive that I can't recognize the futility of saying "You can't prove a negative, and under our system of jurisprudence, the burden lays on them having to prove you are guilty, not you having to prove you are innocent"....but that's no longer true is it, if indeed it ever was. It makes me sad that we are falling into that.

      My other point, if there's any to be made, is that if you allow your router to have open access for all, you can claim common carrier status and be exempt from the actions of your "users". Comcast doesn't get arrested for someone downloading kiddie porn using their network, why should you?

      3rd point and this is the most important, is that there is an increasing digital divide between those who have and those who don't. If you are poor, out of work, etc, it's a lot easier to get a laptop than it is to get internet service. I don't want my bandwidth abused as I am a heavy downloader but I have WRT-DD installed and I'll be looking into segregating and rate limiting my wireless connection.

      The older I get, the more I realize that it's going to be important for the good of all for people to start breaking free of the corporate binds. In the future, I can't help thinking that there might be some poor kid, with an old laptop, and having even a 5k connection (remember that?) might mean the difference between having a future and not having one.

      So, do what you want, all of you but I'm the type of guy who runs tor on his laptop hooked to his iphone all night just to piss off ATT. Flooding our corporate overseers with lots of misleading info is one good way to hide yourself. There's a lot of good reasons to consider doing this but separate VLAN and rate limiting are mandatory first

      --
      -- Its survival of the fittest...and we got the fucking guns!!!
    5. Re:Think again by Jane+Q.+Public · · Score: 4, Insightful

      Mod parent up (more)!

      People really need to stop changing their behavior out of fear, and start standing up like men again.

      If you aren't willing to stand up for what is right, please go somewhere else. I rather liked America when it was the land of the free and independent.

  2. DD-WRT + QoS by seanmcelroy · · Score: 5, Informative

    It's absolutely possible and fairly easy these days with out of the box router firmwares, or if yours doesn't support QoS (Quality of Service), then you can potentially put on an open-source firmware -- DD-WRT to provide that ability and much more. QoS lets you designate classes of traffic, such as streaming, gaming, and other protocols, or particular devices on a WAN or plugged into the router itself and set priorities for them. Doing this, you can share your WiFi AP (good for you!), but also get the lions' share of your bandwidth when you are wanting to use it.

    --
    Be very, very careful what you put into that head, because you will never, ever get it out. -Thomas Cardinal Wolsey
  3. Just be careful with that by WiglyWorm · · Score: 5, Insightful

    It can get you in to trouble

    That said, I leave my wifi router open as well, but if you're going to do it you have to do it knowing the risks. Being accused of kiddie porn, for instance, is going to stick with you forever, regardless of guilt or innocence.

  4. Re:I do this all the time! by erroneus · · Score: 4, Insightful

    Yes, and locks can be picked, so it's useless to use locks on doors too! (You aren't stupid enough to lock your door are you?)

    I hate that argument. Even a weak lock is a lock which says "unauthorized not welcome." And MAC address filtering requires that someone knows what a MAC address is and how to change theirs. You have to admit, this is not "casual technical knowledge." True what you say, but that depends mostly on what demographic you are speaking about. If you are talking about your average Facebook/twitter/Youtube user on the net, you'd basically be wrong.

  5. Re:Security by fuzzyfuzzyfungus · · Score: 4, Informative

    In any sharing setup, which is the advice the poster is looking for, non-authenticated traffic should always be on a distinct VLAN, with no access to the network used by authenticated traffic, or any ability to access the router config interface(s). All they need to see is their own system and the public internet. Segregating each non-authenticated user from other non-authenticated users isn't a personal security imperative; but it is polite.

    To deal with the bandwidth issues, that non-authenticated VLAN should, naturally, have a QoS priority below any authenticated traffic(possibly with a small slice of guaranteed bandwidth, if you are a really nice guy and your authenticated traffic frequently saturates the line..)

    Most consumer routers won't let you do that with stock firmware; but openWRT can likely help you out, with the right firmware.

    Worst case, it is often possible, with better stock firmwares, to at least set up the VLAN and QoS side of things, and then just hang a $20 cheapy router off the VLANed port on the primary router. Ugly; but cheap and easy and doesn't require any software support for multiple SSIDs or the like.

  6. Re:Two routers by satoshi1 · · Score: 4, Insightful

    MAC filters, hidden SSID

    Those don't do anything. MACs can be found by outsiders not connected to your network despite how encrypted the network is. Hidden SSIDs aren't anything either. The same tools that will display the MACs will also show all hidden SSIDs within range.

    Sure, they block the average user, but anyone who wants to get in will have no trouble at all.

  7. Re:Two routers by spazdor · · Score: 5, Insightful

    and what is the benefit again?

    Living in the kind of world where other people might do the same for you.

    --
    DRM: Terminator crops for your mind!
  8. Re:think again? u aint thunk yet by Jane+Q.+Public · · Score: 4, Informative

    That's a contract with your service provider (and a rather weak one, at that, since it's probably a "contract of adhesion"). It has nothing to do with the legality of sharing your connection.

    Violating your contract with your ISP -- if you have -- is purely a civil matter, and has nothing to do with anything else being discussed here. And it definitely does not make you a criminal.