Turning Network Free-Riders' Lives Upside Down 658
An anonymous reader writes "You discover that your neighbours are using your unsecured wireless network without your permission. Do you secure it? Or do you do something more fun? A few minutes with squid and iptables could greatly improve your neighbours' Web experience ..." Improve is a relative term, but this is certainly gentler than certain other approaches.
I use WEP (Score:2, Funny)
Re:I use WEP (Score:2, Insightful)
It makes me think about turning off WPA, though.
It could be worse... (Score:2, Insightful)
Re:It could be worse... (Score:4, Funny)
Re:It could be worse... (Score:2)
Goats (Score:5, Funny)
Re:Goats (Score:5, Interesting)
If you let your signal spill over onto other people's space, too bad.
In fact, I wouldn't be mad if someone were using my connection without my approval unless they were encroaching on my space to do it. In fact, I only secured it because of bandwidth concerns and the potential for other people to use it for illicit purposes.
Re:Goats (Score:5, Insightful)
Re:Goats (Score:5, Insightful)
I don't mind if people want to check their e-mail on my WAP. I do mind when they idle on file sharing services, using lots of bandwidth and exposing me to potential legal liability.
It's a shame that I have to protect my router somehow, especially because one of my devices (a Nintendo DS) doesn't support WPA at all.
Re:Goats (Score:5, Informative)
Re:Goats (Score:5, Interesting)
Re:Goats (Score:3, Interesting)
Re:Goats (Score:5, Insightful)
Re:Goats (Score:3, Insightful)
Re:Goats (Score:4, Informative)
A really easy method is to allow access only to specific MAC addresses. I hate encryption since it's such a pain and I don't do anything secure wirelessly anyways. Now all I have to do is set the MAC address on the router and I'm in!
Re:Goats (Score:4, Informative)
Comment removed (Score:4, Informative)
Re:Goats (Score:4, Informative)
Re:Goats (Score:3, Interesting)
I've got the same problem with my DS, but I've just setup MAC address filtering and not publicly broadcast the SSID. The DS plays just fine and the average person in my neighborhood isn't smart enough to know that there is a wireless network at all and I'd doubt they'd be smart enough to sniff the packets and modify their wifi to match my list addresses.
Sure half of Slashdo
Bandwidth (Score:3, Interesting)
The bandwidth part is easy to handle, assuming you've got a Linux box between the WAP and the gateway. Amonth the various iptables modules are ones that do rate-limit matching and per-IP queueing. You could easily give each poacher access to the internet without restricting the available ports but at a rate that resembles a
Re:Goats (Score:3, Insightful)
Do your neighbours a bigger favour - change their mooched web browsing data to kittens to let them know their actions are not cland
Re:Goats (Score:5, Funny)
Unfortunately, I believe it's only scaring them away from people who charge them with umbrellas while screaming which, in my experience, is not a significant number. I fear I'll soon have to resort to more drastic measures, like holding out some popcorn and then cold-cocking the first sonofa dove that makes a lunge for it. Of course I'll tell them it's only for their own good, and it hurts me more than it hurts them.
Re:Goats (Score:3, Funny)
Unlike WiFi thieves?
With Ettercap, PCAP, and Squid
My WiFi scheme unfurls,
I'll hijack traffic from script kids
And send them to tubgirl.
Re:Goats (Score:5, Insightful)
Re:Goats (Score:5, Insightful)
Re:Goats (Score:3, Informative)
Re:Goats (Score:5, Insightful)
I spent three years as an abuse admin at an ISP, and spoke with a number of customers where the only likely culprit for an abuse complaint was someone "borrowing" their Wi-Fi connection (nmap [insecure.org] is a wonderful tool for finding likely infections/file sharing clients). In almost all of these cases, securing the Wi-Fi access point made the problem go away.
It's possible that my customers were lying and that they just latched on to the Wi-Fi excuse to get me off their backs, but after three years, it (usually) wasn't too hard to tell when someone honestly had no clue and when they were covering up
So *that's* why I object to people using my Wi-Fi without permission.
Re:Goats (Score:4, Funny)
Re:Goats (Score:5, Insightful)
Conversely, if you find someone else's unsecured wireless network, why would you complain if they decided to flip all the images?
Re:Goats (Score:3, Insightful)
If you don't secure a wireless connection that spills onto other people's property, why shouldn't they use it until told otherwise?
If your cordless phone connection spills onto their property, why shouldn't they use your base station or listen to your calls until told otherwise?
Of course, they can't do that you'll say, because it might cost you money. Using their internet connection might cost them money! Granted, it's rare, but what if they receive internet service from celluar and pay for each megab
Re:Goats (Score:4, Interesting)
Here's the proper analogy:
I put my garden hose in the street and leave it running 24/7. Is it stealing if you walk up and fill up a jug with water?
I asked a lawyer this once, and he said yes, but he's a jerk so I take it with a grain of salt.
Besides, the law is whatever the **AA buys.
Re:Goats (Score:3, Interesting)
Re:Goats (Score:3, Insightful)
So which is it? Is a WiFi signal a piece of property like an apple, that if undefended is free for all? OR, is a WiFi signal a burst of radiation, like a view from the neighbor's window, that has privacy rights attached to it?
I'm willing to bet that if the RIAA cruised around looking for file-sharing over
Re:Goats (Score:2)
Dealing with Neighbors (Score:3, Funny)
Osama Bin Laden has just been killed and [your neighbor's name and address here] has just collected the $25 million reward from the Americans!
Translate it into Arabic then cut-and-paste it into one of the Jihad web sites in the Middle East where the beheading videos always get uploaded to first.
Check that your insurance papers are in order and then go take a couple days vacation a few hundred miles away
Liability? (Score:5, Interesting)
Re:Liability? (Score:5, Funny)
Re:Liability? (Score:3, Informative)
Re:Liability? (Score:5, Insightful)
If, on the other hand, you simply mangle the images that (s)he's looking for, then you could say that you're protecting the kid from nasty content.
It's not like you have a contractual responsibility to deliver something that (s)he never asked or paid you for.
Re:Liability? (Score:3, Funny)
No. They're frivoulous lawsuits. :D
Sorry. Extra u joke.
Awesome!!! (Score:2)
He could always have made a script to redirect every third or fourth or nth click to goatse...
It's not their fault... (Score:5, Funny)
Granted, my neighbors didn't intentionally set their router up with that ID but they did leave it unsecured with the default password for the admin account. It was simply the neighborly thing to do to change their ID and resecure it with a new password (that, admittedly, they didn't know).
Re:It's not their fault... (Score:3, Informative)
Should be legal (Score:5, Interesting)
Re:Should be legal (Score:3, Insightful)
Re:Should be legal (Score:4, Insightful)
As funny as this might be, I don't see it as being worth the potential liability. If the DMCA can attempt to outlaw drawing on your CD with a sharpie, then you could get in trouble for just about anything.
Re:Should be legal (Score:3, Interesting)
This is not at all the same thing as being a criminal, because a criminal still acts under the jurisdiction of the law.
In our topsy-turvy legal system we do not have outlaws, merely criminals. You may live counter to the law, but you cannot live outside it
The funnest thing (Score:3, Funny)
Re:The funnest thing (Score:3, Funny)
I once did the same thing (Score:2)
I'm going to burn in hell =/
Could just watch (Score:5, Funny)
Re:Could just watch (Score:4, Funny)
Re:Could just watch (Score:3, Funny)
Missing the point, I think (Score:4, Interesting)
If your wireless network is unsecured, permission to use it is implied, and there are operating systems that will automatically use such networks, are there not?
Re:Missing the point, I think (Score:3, Interesting)
Comment removed (Score:5, Insightful)
Re:Missing the point, I think (Score:3, Insightful)
How does someone know whose netowrk it is?
It should be that if you are freely braodcasting for connections, and no effort is made to limit access, then free use is implied.
Re:Missing the point, I think (Score:3, Insightful)
Re:Missing the point, I think (Score:3, Insightful)
I would be interested to hear of any such case. Just like the RIAA implies it is illegal to download, they have never charged a single person with downloading. I've heard of people being arrested after using an unsecured AP brought them to the attention of the authorities, but never have I seen anyone charged or t
Citations please (Score:3, Insightful)
I'm legitimately interested in them, not just looking for a chance to bash you.
Re:Missing the point, I think - absurd. (Score:4, Insightful)
Wireless networks may make themselves conspicuous, but that does not confer an invitation to use them. The connection between "visible" and "inviting" is not legally or morally valid. (I am excepting the concept of "attractive nuisance", but I don't think open routers will come under that area of liability)
Re:Missing the point, I think - absurd. (Score:5, Insightful)
What you are saying is that, unles I put a tarp up around my garden, everyone has a right to use it.
No, actually we're saying that if your garden pelts us with carrots and peas as we walk past on the public street, we're at liberty to catch them and consume them. Only if you place anti-vegetable-flight netting around your garden (or stop planting vegetables that lend themselves to comparison to an unsecured WAP) does it become incumbent upon us to behave as good citizens.
Hey! Analogies are fun! Somebody compare Internet privacy law to hunting and fishing licenses!
Obligatory Bash.org (Score:5, Funny)
(Mootar) morons.
(Mootar) these people who live in my apartment complex are connected to my wireless
(Mootar) they must think they're super-cool hackers by breaking into my completely unsecure network
(Mootar) unfortunatly, the connection works both ways
(Mootar) long story short, they now have loads of horse porn on their computer
http://bash.org/?202477 [bash.org]
Re:Obligatory Bash.org (Score:4, Funny)
Re:Obligatory Bash.org (Score:3, Informative)
Stealing? (Score:5, Insightful)
I think you just shake your head at your failure to secure it in the first place, decide if you care, and if you do, lock it down.
Funny way to deal with it, though.
Can you imagine the tech support calls? (Score:5, Funny)
But can you imagine Joe Sixpack trying to explain to Pradeep that all the images in his web pages were being displayed upside-down (or better yet, blurry, or upside-down and blurry!), while all the text in the very same web pages was being displayed upside-right in crystal clarity?
Joe Sixpack probably doesn't know the differences between images and text. Pradeep would hear the word "upside down" or "blurry" and immediately think it was a hardware problem.
It'd probably take any of us half an hour to convince a second-tier tech that we weren't trolling him, never mind Joe Sixpack.
I'd give my left nut to hear the support calls on this. (Particularly as I'm pretty sure that those of you in tech support have no use for my left nut. :)
Re:Can you imagine the tech support calls? (Score:5, Funny)
Maybe you can, if your neighbor is using your network connection to fullfill all his VOIP needs.
Re:Can you imagine the tech support calls? (Score:4, Funny)
Re:Can you imagine the tech support calls? (Score:4, Funny)
I am going to go see if I can't salvage what remains of my ruined day.
getting biblical on the neighbours (Score:4, Interesting)
You can have a lot of phun with this all-in-one cracker suite. Hell, if my neighbours had a MS-SQL server or Cisco switch I could have 0wned those too!
Feh (Score:5, Insightful)
I don't really see the point. It's funny as a practical joke. In terms of protecting your network... why not just secure it instead?
Funny, yes... (Score:3, Insightful)
Frankly, if you don't want others to use your wireless, just encrypt it. Annoying freeloaders this way is pretty much childish. Set up WPA-PSK (which is much easier than WEP and more secure, AFAIK) and be done with it.
Secure? (Score:4, Interesting)
If you plan to take on others, make sure your own stuff is secure.
You can't steal unprotected Wifi. (Score:4, Insightful)
Re:You can't steal unprotected Wifi. (Score:5, Funny)
I think that someone is redirecting your requests through a proxy server that randomly inserts the letter "o" into the word genius.
Moran.
HuH? (Score:5, Insightful)
Even something as amorphous as bandwidth is a limited resource. To paraphrse the head of the commerce committee, an open wireless connection is not a dump truck you can just load up with as much as you like; it's a tube!
Sure, if you want to make sure nobody uses your tube, you should protect it. But just because you don't doesn't mean you're giving explicit permission. If I leave my bike on my front lawn without a lock and someone steals it--even if they give it back before I notice it was gone--it's still theft.
Re:HuH? (Score:3, Insightful)
No, it's like walking up to a door with a "please enter" sign on it. The wireless access point broadcasts its name and "invites" people to join. People that connect to the open invitation then ask if they can get an address. The AP responds with a valid address, as well as passing along the router to get out to the Internet. If the AP broadcasting onto public
Understanding the Approach to this (Score:5, Informative)
The author obviously has a Linux server in his house, that is running DHCPD [freeshell.org]
To selectively send some clients to some locations, and others to the normal internet, he assigns an IP address on a different network to clients that don't have MAC Addresses [wikipedia.org] that he knows about.
Forwarding on to sites of his choice is done by using IPTables [netfilter.org], which is a utility that allows you to configure the packet filtering components of the Linux TCP/IP Stack. In this instance, the Linux box is just functioning as a firewall, and he is selectively sending requests from certain IP addresses to different hosts of his chosing.
Finally, the Up-side-down and blurry-image conversions is accomplished by sending page requests from those before-mentioned IP addresses to a proxy server, which in this case is Squid [squid-cache.org] - and then allowing the proxy server to run a script which calls an ImageMagick [imagemagick.org] command called mogrify [imagemagick.org] which allows you to resize an image, blur, crop, despeckle, dither, draw on, flip, join, re-sample, and much more.
And that folks, is the rest of the story.
Re:Understanding the Approach to this (Score:5, Insightful)
This line gives me chills. He's passing a completely unsanitized input (the bandwidth thief's URL) to a system() function.
At least he didn't concatenate everything so that system() would run the entire string as a shell command.. then simply adding a semicolon or pair of backticks to the url would cause the system to run any command the attacker liked, including deleting all files squid has access to and running a custom backdoor. There are a lot more local root-escalation flaws than remote.
Even without the shell character vulnerability, who knows what kind of failures you can induce out of wget given the right parameters. He should sanitize the URL before passing it out.
There's also the possibility of a vulnerability in mogrify, given the right corrupted image file to work on. Mogrify should be run in a separate user account that has no access to anything other than the input file.
Never trust your input, especially from an already-admitted evildoer.
Yes, I'm paranoid - I work in information security. :)
Re:Understanding the Approach to this (Score:3, Insightful)
True, the way he called system(), sending "http://www.google.com; rm -rf / ;" as $url should be harmless - doubly so since squid (and therefore this redirector) should be running as a limited user.
Other ideas (Score:4, Funny)
-Occasionaly replace images with random google-image-searched images
-Translate any text on a web page on the fly into some very English-like language but different enough to make the pages impossible to understand
-Translate text on the fly into languages with non-arabic characters
-The obligatory replacing all images with random porn images
-Keep the first/last letters of every word the same, but jumble the letters in between. You have seen this site [cam.ac.uk], haven't you?
-Invert the colors of all images on the web pages
-Convert all graphics to grayscale, or 16-color
etc. etc.
The possibilities are obviously pretty extensive... I think after hearing about this I'll be a little more careful with my usage of other peoples' wireless networks!
This is what SSH tunnels are for (Score:4, Informative)
Assign invalid address or route to localhost (Score:4, Insightful)
You're just flipping webpages, right? What's to stop them from getting on a P2P network and sharing/downloading files? What's to stop them from visiting illegal porn sites?
Doing this to them will just make their internet useless. Not as funny, but safer IMO.
Another thought: Is there some way to randomly route their requests to a totally different webpage? Say they want to go to Google, etc. Is there some way to redirect their request to a randomly-generated (but real) URL? I'd suggest something in a foreign country.
Open Networks (Score:5, Interesting)
I cannot support any action against people who use your network. It is against my understanding of hacker ethics. When you don't like it then close your network. But no childish games please.
I may even say that I find it unethical to exclude your neighbours from using your network but I respect your opinions. When your network is open it means: Be free to use it. Not: You can use it but I will fuck up or intercept your communication.
Except (Score:5, Insightful)
Some computer says to the router "Hey, can I come in?" and the router says "Sure". Now, the moment you put something up, like needing a password, then you are no longer inviting people in.
Computer says "Hey, can I come in" router says "Sure, if you know the password."
Or you can encrypt it
Computer says "Hey, can I come in?" the router says "KE*jd7638JDEJE*834899(&^&#nd&#&bd*e#"
Re:Except (Score:4, Insightful)
To use the yard analogy that seems to be popular for these threads, lets supposed your neighbor's massively retarded child asks your massively retarded child for permission for his Daddy to use your yard, and your child agrees. Neighbor then comes over and stages a cookout on your lawn, or for that matter just walks across it.
When you confront him, he says "But my kid asked your kid, and he said yes." This is binding? Common sense and the law would say no, yet you would allow devices with an order of magnitude less analytical power than a retarded child to give and receive similar permissions.
Repeat after me folks: devices CANNOT give and receive permission for human actions without those permissions EXPRESSly being granted via some other means.
A traffic light doesn't give you permission to cross the street; the government(that you studied to get your license) gives you permission to cross the intersection when a light is green, and denies it when red.
Your ID badge doesn't ask permission to enter your building, and the security system doesn't grant permission; YOU ask for permission by presenting the badge, and your employer grants it by programming said system to accept your request.
blurry-net (Score:5, Funny)
At first, I thought there were way too many screenshots. I mean, ok, we get it. But then at the bottom of the FA, it pays off. After the dumb kitten and upside-down stuff (where they know someone is fucking with them) we get to the treasure: blurry-net. That's subtle and I love it. The ideal prank for the proverbial Man In The Middle would be to do things to confuse the endpoints, not merely annoy them.
The next step is to spy on them and see what websites they visit, and then insert some fake content one day. For example, if they use it to read CNN, insert a casual story about a nuclear weapon getting used in the Middle-East or South Asia, or a story about the president of USA selecting a new vice-president due to the assassination last week ("What?! I didn't hear about that!"), or the CDC in Atlanta is investigating the recent rash of improbable claims about the dead returning to life to feast on the flesh of the living, etc. If they visit Slashdot, then the jig is probably up, but maybe it would be great to have a story where a security study found Windows98 to kick OpenBSD's ass and then a bunch of comments where everyone agrees that the findings pretty much match their own experience, along with complains about "how is this news for nerds?!"
Fun with firmware (i.e. bugs) (Score:3, Funny)
Reminds me of my first run-in with wireless at home.
After noting that the same bozos kept connecting to my network as soon as I powered it up, I tried configuring the wireless router to only accept the MAC addresses of my computers. No dice: at best it didn't work, at worst the router locked up and I had to do a hard reset.
So I phoned tech support. Rather than answering my question ("Why can't I lock the router to specific MAC addresses?") they proceeded to attempt to walk me through setting up WEP. I told them that wasn't what I wanted to do, that it was my router, my network, and I did in fact know a thing or two about networks. Eventually 2nd level tech support called and admitted that locking to MAC addresses was broken, and they had no ETA for a fix. I took the router back and bought one from a different manufacturer. It works fine.
I still like the idea of leaving part of it public and dispensing scrambled content...LOL!
...laura
Certainly one could be *far* more evil than this.. (Score:5, Insightful)
Frame this (Score:5, Funny)
"This is borrowed bandwidth. Have you thought about getting your own connection."
Oh and make sure it is flashing. Actually you could make it so that the whole content flash. Now that would be annoying.
Hello, tech support? (Score:5, Funny)
You know they were on the horn to the vendor after punching every monitor control and several loud screaming matches and an expensive service call for a monitor that then worked just fine on the bench...
As a webmaster I can now say April 1 just got very far away...
Poor neighbors.... (Score:4, Insightful)
However, I suspect the neighbor of just not understanding how things work. I'll bet they set up a wireless access point in their house, put in the wireless card, and fired up the machine, which connected to the first network it could see, and they assumed it was theirs.
Legal Troubles with Unsecured Networks (Score:3, Insightful)
I also don't buy the idea that "if they didn't secure it, it's an invitation to use it." If I leave my front door unlocked or left a window open, I still don't expect the neighbors to come right in and rummage around my icebox. You certainly won't be successful in that argument if they complained to the police.
If you want to piggy back on someone's network, ask first. It's not that hard to do, and most people don't mind.
If you want to open your network to the public, divide it into two networks (one secured and one unsecured), close potential trouble ports, and direct everyone to an opening page where you make no claims of any warrenty for service, and that your network can only be used for legal purposes. That'll protect you from most legal problems.
Re:Trying to make others feel as stupid as you wer (Score:5, Funny)
Calling someone on slashdot dumb - mostly free.
Making a dumb mistake while calling someone dumb - priceless.
Re:Trying to make others feel as stupid as you wer (Score:3, Funny)
You misunderstand. Your dumb is like your taint. Down under my butt. Showing your dumb to someone is like mooning them.
Re:Intercepted Intruders (Score:3, Insightful)
The wireless is broadcasting into their home, and it is cnotently loking for connections.
Sniff, sniff. (Score:4, Interesting)
Sniffing has nothing to do with subnetting. It has very much to do with the hardware that connects you. If you're both connected to the same hub, you can see all of each other's traffic. If you're both connected to the same switch, you can't.
Note that as a Slashdot comment, this an extremely simplified explanation and not a complete picture.
Re:What's the POINT? (Score:5, Funny)
Re:have to get more creative (Score:3, Funny)