Turning Network Free-Riders' Lives Upside Down

An anonymous reader writes "You discover that your neighbours are using your unsecured wireless network without your permission. Do you secure it? Or do you do something more fun? A few minutes with squid and iptables could greatly improve your neighbours' Web experience ..." Improve is a relative term, but this is certainly gentler than certain other approaches.

Understanding the Approach to this

[blantonl]

For those that are struggling to understand how the author of this article is accomplishing his approach, here is some further information.

The author obviously has a Linux server in his house, that is running DHCPD [freeshell.org]

To selectively send some clients to some locations, and others to the normal internet, he assigns an IP address on a different network to clients that don't have MAC Addresses [wikipedia.org] that he knows about.

Forwarding on to sites of his choice is done by using IPTables [netfilter.org], which is a utility that allows you to configure the packet filtering components of the Linux TCP/IP Stack. In this instance, the Linux box is just functioning as a firewall, and he is selectively sending requests from certain IP addresses to different hosts of his chosing.

Finally, the Up-side-down and blurry-image conversions is accomplished by sending page requests from those before-mentioned IP addresses to a proxy server, which in this case is Squid [squid-cache.org] - and then allowing the proxy server to run a script which calls an ImageMagick [imagemagick.org] command called mogrify [imagemagick.org] which allows you to resize an image, blur, crop, despeckle, dither, draw on, flip, join, re-sample, and much more.

And that folks, is the rest of the story.

Re:It's not their fault...

[Wonko42]

Um, yes they do. At least, the consumer wireless routers I've used from Linksys and Netgear do. Some of them allow you to turn that feature off, but it's almost always enabled by default.

This is what SSH tunnels are for

[tdvaughan]

I just moved into a new flat and as it took a while to get internet access, I had to "steal" someone else's wireless (although I take the position that if they want to beam radition through my property, I can do what I want with it). I took the strongest unsecured signal but because (being a sneaky bastard) I know what I would do if I ran an unsecured wireless access point I just tunnelled everything through an SSH tunnel to a proxy at work.

Re:Goats

[Starker_Kull]

It shouldn't be too hard to set up some fixed IP addresses for your home machines, and let "guests" use a different IP range, for which you have implemented port blocking for all but 80, 25 and a few others for https and sending email, if you wish.

Re:Liability?

[`Sean]

What does ailurophobia have to do with it?

RTFA. "Suddenly everything is kittens! It's kitten net. For the uninitiated, this redirects all traffic to kittenwar."

Re:Goats

[Anonymous Coward]

Sure you may be trying to be kind to anonymous strangers, but if they download child pr0n, guess who gets the blame! It's your IP the authorities will see.

Re:It could be worse...

[Anonymous Coward]

Every *image* could be tubgirl.

Re:Goats

[instantkamera]

http://nocat.net/ [nocat.net]

Essentially what TFA is doing. If your point is to keep people off your bandwidth, this will do it. It wont, however keep them from sniffing your traffic and invading your LAN.

It is still a great piece of software, I currently work for a company whos product is exactly this, commecially (for hotels etc.)
www.solutioninc.com

Re:Goats

[feepness]

It's a shame that I have to protect my router somehow, especially because one of my devices (a Nintendo DS) doesn't support WPA at all.

A really easy method is to allow access only to specific MAC addresses. I hate encryption since it's such a pain and I don't do anything secure wirelessly anyways. Now all I have to do is set the MAC address on the router and I'm in!

Comment removed

[account_deleted]

Comment removed based on user account deletion

You ARE Sneaky!

[Anonymous Coward]

You ARE very sneaky! Instead of finding out what the latest headlines are on slashdot, your neighbor is stuck only knowing where you work. Brilliant!

Re:Missing the point, I think - absurd.

[Anonymous Coward]

The analogy is terribly flawed, for a list of reasons:

#1. The design of wireless technology broadcasts available services to the listening world.

While I despise real-world analogies, let me try my hand at one: You put a sign up at the end of your driveway, advertising free water from the hose. The hose is run from the house, down the driveway, left running constantly. If someone wants to come drink from it, they can.

This analogy fits better than the 'unlocked door' one, because wireless routers broadcast SSIDs and if they use encryption.

#2. The use of someone's wireless does not prevent them from using it themself.

You get in someone's car and drive it off, you have stolen their car. If you drink from someone's water hose (that has a sign over it saying 'free water'), are you (to quote Adam West on Family Guy) 'stealing their water'?

#3. You don't 'own' the radio waves that pass through your property. To compare radio waves and internet service to stolen cars, wallets, houses, etc is just intellectually dishonest.

Now, is it moral to use someone's unsecured wireless network? Probably. Does the implied technological permission to use that wireless network (translation: broadcast SSID, DHCP leases for whoever asks, etc) translate into real-world legal permission? I don't know. But the way the technology works should impact this debate.

Please, people, stop using these inane physical analogies. It does not compare to the 'visibility' of your garden. You are broadcasting radio waves, advertising a service for public consumption. If you had a sign on your garden saying "Public Garden" then, yes, the analogy fits. Stop comparing this to private property. Your radio broadcasts, leaving your private property, are not protected as if they were physical items you own. Do not pretend this is the case. This is about more than private property, this is about advertised services.

Re:Sniff, sniff.

[Anonymous Coward]

Actually, you can sniff switched traffic using ARP poisoning. Maybe some fancy, managed switches have protection against it, but ARP poisoning works effectively on the unmanaged switches at my office*.

*Where I'm the IT guy and using it for purely ethical things... :)

Re:Obligatory Bash.org

[corbettw]

Getting horse porn isn't as hard as you think. Just check http://en.wikipedia.org/wiki/Horse_porn [wikipedia.org]

Re:Goats

[cptgrudge]

Well, the whole LAN issue can be solved by a router with a DMZ. Or, segment the wireless network into a different VLAN. I have an ipcop router at home, and I would just put the wireless network in the DMZ. That way, I know that if the wireless security gets compromised, the router still protects the main network.

Re:Goats

[TheGreek]

At the same time, as you've taken reasonable precautions to prevent misuse of your network, your liability for anything the person who broke in did will be considerably lower too.

But it'll be harder to prove it wasn't you.

Re:Goats

[g4c]

It is trivial for somebody to sniff your wireless card's MAC and spoof it. However, it requires enough knowledge to operate a sniffer and a MAC spoofer, thus eliminating 99% of the population. And even at that, they have to catch you while you are using the computer in order to find out your MAC, which potentially requires a time investment. After that, they might have to flood the ARP tables (does this even work over wireless?) if your computer is still on while they are trying to spoof your MAC. I guess trivial is a relative term... Why I am even posting this? Somebody please mod me down...

Re:Goats

[Anonymous Coward]

When people like that get caught it's usually through tracing credit card numbers - why? Because and IP number don't mean shit in court.

Where do people come up with this garbage? I have worked in Computer Forensics for years, been a witness in court, etc. If the IP is static, you're screwed. If it is dynamically assigned, then the ISP is provided a court order to identify the account which was using the provided IP(s) at the time and the account holder. I've seen this tons of times. Usually the first court order is to identify the user and keep a record of all traffic which passes through their account. You end up with a huge amount of evidence of criminal activity interspersed with lots and lots of personally identifying data and data which matches the profile of the individual. They are rightfully screwed and it all started with a crime that led back to an IP address.

Really, where do the armchair experts here at slashdot come up with this tripe?