Discussion on:

Neighbours stealing your Internet? Have fun...

However, if I was the one in your position, I did leave a way open for them. So I would opt out on the cute kittens and head straight for the Idiot page. They'd get the message pretty quickly.

Hmm, what to do about somebody in your neighbourhood leaving their wireless internet connection wide-open, security-wise?

I guess you could go surfing some well-known kiddy porn or terrorist websites using your neighbour's wireless connection and watch bemused from your house across the street when the police tactical unit shows up in a few days. How's that for lack of sence of humour?

No, I have never done this and do not recommend doing it. The legal implications could get very tricky for you, but would it have the desired effect of teaching your neighbour to activate at least WEP (and preferably WPA)?

What I have done before as a student and then a Unix sys admin, when I noticed that somebody had left their account logged on was to email them from their own account about logging out. The second time, I would move their entire home directory to ~/.idiot and create a new .cshrc/.bashrc/.kshrc, etc. with alias lines for all their popular commands (read their command history for some examples) to anything from 'exit' to 'rm -rf ~', depending how I was feeling.

Teach them a lesson for being mundane users and not tech savvy geeks by f*cking their lives up. Wow. If you really feel the need to teach someone a lesson, how about a redirect page that explains what they have done, and why it's dangerous.

I realize the behaviour I did can be considered hard-core/abusive, but the people that I harassed that way were the ones that should have known better: other computer science students and other members of the technical services department. I only did it a couple of times, but I believe that the lesson was learned. That was the point. If you leave a privileged account accessible, where anyone who can get into the building can access it, someone who doesn't know what they are doing could wipe out major operational systems. Log out when leaving a leaving or at least lock the screen, so that someone can not get on the system using your account.

"I realize the behaviour I did can be considered hard-core/abusive, but the people that I harassed that way were the ones that should have known better:"

What if they just moved into your neighborhood and can't understand why their phone and internet service hasn't been installed yet. That is exactly why I leave some access open to the public... I'm a nice guy who has been there. What you suggest isn't just illegal, it is immoral.

Take your hateful, trashy thinking elsewhere. It has no room or value here.

First, I agree with your sentiment completely. It's always best to do the right thing rather than the wrong thing.

It's NEVER good to take the law into your own hands. It is also ILLEGAL to do so.

I do NOT agree that the OP is an idiot. I understand why he would feel the way he does. However, I disagree with his methods for "helping" his neighbor out.

It is attitudes like his which keep our world at war constantly. This attitude has been increasing on the Internet more and more every day.

Part of this is our various governments slowness in tightening up laws and coming up-to-date with lawmaking. Part of it is simply because of the evil nature of mankind which causes us to seek to take the law into our own hands.

Either way, we need to be part of the solution, not part of the problem.

Donald McDaniel

They left it open on purpose? To allow people internet access?

It's not smart but it's neighborly to leave the wifi router open but they'd still need to set it too "no wireless admin" mode and change the admin password (usually separate from SSID and network password).

I probably should have clarfied that in my post. Should also set to infrastructure mode as well.

I went the other way though, I assume Adhoc wasn't even a consideration.

Also, if I didn't mention it; look for a "allow wireless admin" and disable it. I think my linksys had a checkbox for "admin remotely" or something like that.

A few morons in my neighborhood who simply failed to RTFM (Read The F*****G Manual) obviously left their WiFi SSIDs' wide open and left the default admin password intact on their Linksys and DLink routers. So, I logged in as the admin using the deault password, changed the SSID to something like "Starschmucks Free Access" (Starbucks Parody) or "Free Access courtesy of neighborhood dumbass" and changed the admin password so that only I could get in. I would go in on occasion and change the SSID to something else silly to give the morons a hint as to why their SSIDs' are not what they expect to be. Within a week, the idiots finally decided to read the manual and setup WPA or TKIP security. Mind you, I didn't infect their PCs' with viruses or surfed kiddie porn or terrorist sites, but I did give them a good wakeup call when they browsed for wireless networks and saw that their SSID is mocking them. Sometimes, it takes a good kick in the ass to get people to take initiative and lock down their WiFi networks.

Ole Jack, in the US, even entering into an unlocked house for the purpose of doing damage or other crimes is considered "illegal entry."

Do you see the obvious allegory in this with his network, which may easily be applied by a good lawyer to prove YOUR crimes?

Personally, taking the HIGH ROAD would be much better for YOU as well as your neighbor, since you would not be guilty of illegal entry into his network, but WOULD be doing the "right thing" and letting him/her know what he/she is doing, and showing him/her the way to tie down his/her own network, but doing it the POLITE, DECENT way, rather than the WRONG WAY.

Donald L McDaniel

"I guess you could go surfing some well-known kiddy porn or terrorist websites using your neighbour's wireless connection and watch bemused from your house across the street when the police tactical unit shows up in a few days. How's that for lack of sence of humour?"

I leave access open for those who might need it, but instead of just trusted/untrusted zones, I log *everything*! Let the cops show up over something as you suggest... I have evidence that it wasn't me.

Do you know the difference between a "mob bent on destruction" and a "lawless group of neighbors bent on destruction"?

NO DIFFERENCE.

The US Constitution gives us the right to address the GOVERNMENT with our list of complaints as a group. It does NOT give us the right to take the Law into our own hands.

There is absolutely NO DIFFERENCE between a lawless group of neighbors acting-out and a lawless group of vigilantes taking the law into their own hands.

The US Constitution does NOT provide for citizen-vigilante groups. In fact, EVERY local and State government in the US makes vigilanteism ILLEGAL.

By the way,
1) It is NOT illegal to peruse porn sites in the US, as long as they do not depict child-porn.
2) It is NOT illegal to posssess porn in the US, as long as it is not child-porn.
3) It IS illegal to do what you suggest these mobs of citizen-criminals do.
4) It is also ILLEGAL in the US to "inspire" such citizen-criminals to commit criminal acts.

I suggest you start posting about how someone has hijacked your computer and caused you to APPEAR as if YOU are making these criminal "suggestions", when THEY actually are the ones making them. The judge MIGHT accept that as a valid alibi, if he is the type who can't tell the difference between the truth and a lie.

Jesus teaches us, "Do unto your neighbors what you would have them do unto you...", rather than "an eye for an eye, and a tooth for a tooth."

St. Paul tells us, "ABOVE ALL, do not avenge yourselves. Instead, leave room for God to avenge you. He is the Judge and Avenger of all wrongs, not we."

I assure you, St. Paul knew whereof he spoke, since he was the man holding St. Stephen's cloak as the mobs of criminal-citizens stoned him to death, making him Christ's first martyr.

Donald L McDaniel

While someone may have encroached on your network, YOU are the one who allowed him entry. So. while you may not be guilty, you ARE at fault, not him.

If you were my IT employee charged with the security of my network, I would dismiss you immediately for allowing him to get on in the first place.

Donald L McDaniel

A friend demonstrated to me recently how many networks in the immediate neighbourhood were still totally unprotected, including my neighbour and even some commercial sites.
Can someone come up with ideas for a well meaning but impressive "reminder" for these people (other than emails)?-))

The oldest trick used to be sending the computer administrator an email "hey, your system is open, here's how I got in and how you can fix it" - from the administrators own email account.

More recently, the trick was to icq or phone people when you found an open system. A friend almost got kicked out of university for notifying another student in residence that they had BackOrific on there system. They called campus IS and claimed he'd infected there system. He explained to IS what had happened and walked away with a job offer.

Now, in this day of paranoia, either of these things are more likely to result in legal action. There is just no sense of humour among network admins and the scared public (thanks local media outlet) now. I've often thought of dropping "hi, need help securing your wifi?" text files on people's desktops but the loss of humour keeps me from doing it (even in one case where the wifi was a total mess).

Yes, it happens... a lot.

There are just too many "techs" out there selling serveces they know too litle about, and they know their client doesn't know the difference, etc., and guys at home who figure, "I plugged it into my cable modem and I was on... that was all there was to it..."

I like to:
A) Lock it down for them - sure, it will kick them out, but it will be secure... welcome to factory defaults, my friend...
and:
B) Change the SSID - Something sure to get attention - yes, cruel, but strangely, there is still a faintly detectable access point in my neighborhood broadcasting "KidPorn12"

Someone made the analogy of going door to door checking if they are locked and leaving a "hi, your back door was unlocked" note on the kitchen fridge. From that view, I can see why people would get upset.

Your Trick A is a nice touch but I wouldn't want to lock someone out of there own hardware, I'd rather teach them to use it.

Your Trick B is nice but an SSID such as the one you quoted could destroy a person within there community or draw undue legal attention since police would use the SSID to lead to a search (and if such media where discovered; a very justifiable search). I like the idea of changing it to something funny and harmless though.

After SSID and access settings, I always disable "remote administration" so that only a wired connection can admin the router.

You make a good point though; too many people want gadgets to read there mind and work rather than them reading the manual and learning how to make it work.

A coworker of mine was checking his mail with his laptop from a parking garage in the middle of a major city. When he browsed for available networks, he found one where someone had changed the SSID to "Change your BLEEPin admin password dummy." Moral of the story, don't forget the basics...like changing the default password to something more secure.

I wouldn't argue that this is "more" legal than using their email account, but it would be freakier and still less invasive:
Send a doc to the printer with your message of choice written on it.
"Help! I feel so unsecure!" (not insecure)
"Buddy, your network is showing"
or some such.

You get to hear some fun stories. One was about fellow who thought it would be funny to send a document from his local office to a printer at another base. The MPs where at his desk in under half an hour. I didn't hear what happened after that.

I realy miss the good old days when people still had a sense of humour about technology and SPAM was only a monty python song.

Having been the Technical Director of the US Army's Network Enterprise Technology Command aka NETCOM/9th Signal Command, I can tell you that you shall not screw around in their systems.

They can't keep out everyone else, but they have some very nice traffic logs....

No specific details...

I was assigned to install a piece of software, I explained the IT department at that location that the installation process included the creation of AD objects and the install account didn't have enough privileges to do so. They just went "try it". After making sure I will not be responsible of any wrongdoing, I started the install.

Obviously the installation failed miserably and 10 minutes after that the MP showed up, asking a lot of questions.

Being a foreign national (Mexican), you better cover yourself pretty good, mine was written on paper.

It is easy to peeve about how stupid the end user is but what about the tech "geniuses" at the equipment manufacturers? They could make the devices that will require changing password on first login to the admin page. Make the default option for wireless is secure and trust me a lot of users will set it up if they know it is there. If after all this, the user decides to leave their network unprotected, then it is thier choice.

What do you say?

If so, they better make sure there is a "Reset to Default" button available for those who forget or fail to record their admin password. It may also be nice if it fails to accept the obvious "password", "P@ssw0rd" and other overtly unsecure and guessable passwords.

Every wireless router I've worked with has an option to reset to the default settings. And, if they choose to use a guessable password, that is their problem. At least it isn't the default.

And, while they are at it, offer to change the SSID at the same time.

All one has to do is read through the damned user manual to setup security and change the password from the defaults. As someone else mentioned, the average user expect the router to be a psychic device and secure itself without any intervention. Sorry, but this is year 2007, not 2037, and networking devices don't read minds yet.

I run my wireless as an open system because I live in a neighborhood where many people cannot afford internet service. I watch security and run my internal network through a separate server. The SSID is Star. Abuse and lose! All the users are notified that should I see illegal traffic I will block the MAC address. So far in six months, I have seen no questionable activities. The question I have is why do you need to lock down your wireless?

Why lock down your wireless? The most obvious I can think of is keeping people from using your internet connection for illicit and illegal activities which will be traced back to your IP, while they drive away to leech off of someone else's open wireless access point.

Someone could also use the wireless access to hack the other computers on the network, but if you have your personal network behind a firewall seperate from the wireless then it's no different than if the person was hacking from anywhere on the internet.

In my opinion, if you want to let your neighbors use your wireless access, you should lock it down with WPA and set the neighbors up to use the secured network. You could also only allow trusted MAC addresses and keep your neighbors MAC addresses in that list. Then you can still block any MAC address that has illicit activity, while only allowing users you know and trust to even think of accessing the network.

I recently read that a hacker can read the mac address off of the packet header, (or something like that, I have the article saved, but I am not going to look it up right now.) and copy a legitimate MAC address. Then clone that address into his own virtual adapter, and access is granted. This all takes about a minute to do once a valid MAC address is found.

If I did filter by MAC address, it would be in addition to the WPA2 encryption I'm using. I mentioned it as a way to shut down a trusted neighbor who abuses that trust and does something untrustworthy. That would be easier than generating new keys and disseminating them to the neighbors that are still trusted. Of course the untrustworthy neighbor could always be a hacker and still gain access, but there's no bulletproof solution to stop someone who really wants your network, especially on the consumer-grade level.

The technical school I attended had an encrypted wireless network, but also used MAC address filtering. I'm guessing it was so that students didn't share the keys with unauthorized users, thus negating the encryption.

I say as long as this guy's got an unsecured WAP, we should all go over to his neighborhood and get some free internet.

My wifi is always locked by WPA AES but the filtering means the router only listens to NICs it thinks it recognizes. It's more like telling my router not to talk to strangers.

In other words, your router is like a child to you? :P

"don't talk to strangers and don't talk to people you recognize unless they know the family password"

The little tyke hasn't wondered into anyone's van or accepted candy yet based on my logs (like any good security geek, I still don't consider that proof that no one's tried though). What can I say, computers offered me the ultimate puzzle long ago and I've been hooked since. My network is my baby as long as our rough housing doesn't effect the rest of the house's connection.

Read my post below to see what I mean. The average user won't do this, but someone who knows how to hack can.

It's more like teaching my router not to talk to strangers. Sure someone can pretend to be recognized but it still limits the amount of traffic my router cares about. The WPA AES provides the real security authentication.

I won't tell you what it is as it has dangerous implications, but I will tell you that the MAC is hashed in the registry and with the right conversion algorithm can be set to anything. With that stated, anyone with this utility and a WiFi NIC in their laptop can effectively become an access point and sniff traffic over the airwaves and capture data using a packet capture application like Ethereal or the builtin Windows Network monitor. Also, forging the MAC of a known access point will create a denial of service attack because packets will get dropped as they will see two devices with the same MAC address and won't know which one is the real thing. A man in the middle attack can also be performed. To counter hackers and lock down networks, one must think like a hacker and know all the tricks of the trade.

The message by Brian Mills asks "Why?".
Apart from the security issues already mentioned, here in the UK, the wireless router on my home internet connection is locked down because I'm on a reduced rate package that has a download limit of 2GB per month.
This is enough for most of what I do from home; email, general surfing, a bit of web design and a small amount of mp3.
I would be most miffed if one day I tried to download something only to find that my access was denied because my bandwidth limit had been used up by a "neighbour" who had been using my connection to download the latest videos.
When I set up a wireless connection for a client, locking down the router is the first thing I work on, once I have it connected.
Yes it still amazes me the number of open networks I can find.
Regards, Brian

Not a bad idea, but what's the easiest way to check if neighbors/visitors are using your wireless router connection. I'm using a Linksys WRT54G and I don't believe there is a menu/configuration to see how many wireless connections it has granted. When my own machines connect, they do not show up on the LAN table, and I can't find a similar report for wireless. Any ideas

I have yet to see a wireless router that does not have the ability to display connected hosts through its management interface (I've used Cisco, Netgear, Linksys and Dlink products). You dont even see your own machines? Are you sure they're connecting to your device and not some other unsecured device in your area?

Assuming that you're using the WRT54G DHCP server, you can go to Status -> Local Network and then click on the DHCP Clients Table button. You will get a list of clients, IP addresses, and MAC addresses that are currently connected to your router.

I was trying to remeber how I did it with my wrt54gs. I remember it being pretty easy under one of the config screens because I pretty much check it for interest any time I walk past my workstation. It's been too long though. Linksys stopped providing a newer firmware for the router so I switched to something else.

If your tech savvy, consider openWRT or Tomato. I put OpenWRT on my router three or more months ago and it's been great; enterprise router functions on my budget linksys soho hardware. I still check it out of interest any time I walk past my workstation but now the browser connects to the router admin through ssl and I get complete details.

Tomato seems to be a bit more polished firmware replacement but I'm happy with OpenWRT.org

DSL router with hardware firewall -> linux firewall using packet sniffing.

To the others: if you are so poor as to need to use my bandwidth, be my guest. I put the wireless up so that others that could not otherwise afford Inet could have access. But... do not think that this generosity is unprotected. I have had others attempt to intrude on the internal network, I have not yet logged the first success. Should someone be successful, I will learn how they did it.

I use a US Robotics USR8054 model and it even has the ability to email me the log through an SMTP relay. I can easily see who on my router, both wired and wireless, but I need not worry because I have TKIP setup and am not openly broadcasting my SSID as many others do.

Most internet providers do not allow you to share your internet access with anybody else.
You could be charged for this.