Slashdot Mirror
Ask Slashdot: Dealing With an Advanced Wi-Fi Leech?
An anonymous reader writes "Recently, I had found out (through my log files) that my wireless router was subject to a Wi-Fi Protected Setup (WPS) brute force PIN attack. After looking on the Internet and discovering that there are indeed many vulnerabilities to WPS, I disabled it. After a few days, I noticed that I kept intermittently getting disconnected at around the same time every day (indicative of a WPA deauthentication handshake capture attempt). I also noticed that an evil twin has been set up in an effort to get me to connect to it. Through Wi-Fi monitoring software, I have noticed that certain MAC addresses are connected to multiple WEP and WPA2 access points in my neighborhood. I believe that I (and my neighbors) may be dealing with an advanced Wi-Fi leech. What can I do in this situation? Should I bother purchasing a directional antenna, figuring out exactly where the clients are situated, and knocking on their door? Is this something the local police can help me with?"
If they're going to go through the trouble of setting up a honeypot, you might was well give up and just shut the radio off and run 100% wired.
Or, go rogue yourself and capture all his traffic. Bonus points if you rate-limit the wireless to effectively have no bandwidth.
The local cops? If your local police department is anything like mine, they don't even send out officers to investigate real property crimes like theft anymore. They'll just laugh at your little WiFi problem.
Do i really have to say it? WPA2, 63 characters pwd.
Not necessarily effective if his intention isn't web browsing. Internet is cheap. It sounds like an elaborate attempt to conceal illicit activity to me.
Some neighbor comes in good faith and opens his digital life to you, so you can MITM him and this is how you react? That is rude man. I think that guy deserves an apology sent from one of his social networks accounts.
In places like Florida, Stand Your Ground lets them legally shoot you dead for that.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Why would he even send a DHCP request?
(Several posts here are talking as if DHCP is a vital stage in setting up a network connection.)
# cat
Damn, my RAM is full of llamas.
Freeloading? If that was his only intention, he wouldn't have troubled to set up the evil twin. This guy is serious trouble, and you don't want him on your LAN.
Clearly you do not have someone trying to leech your network, or you are not able to detect such a user. MAC addresses are broadcast in the clear. This is because otherwise every device on the network would have to decrypt every single packet in order to determine whether or not the device is the intended recipient of the packet. All the attacker has to do inspect a packet, find the MAC address, then spoof that MAC address.
WiFi Protected Setup (WPS) is broken, and on many routers it cannot be fixed without disabling WiFi completely. Even a 64-character, high entropy password on WPA2 AES will not work. This is the problem faced by the poster of the article.
In my mind, the best solution is high entropy, long password, WPA2-AES with a router that does not have WPS or is known to be able to safely disable WPS (such as latest versions of DD-WRT).
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
That's great advice. "Commit a felony to find out who's trying to leach off your WiFi." I think there are better solutions.