Turning Network Free-Riders' Lives Upside Down

An anonymous reader writes "You discover that your neighbours are using your unsecured wireless network without your permission. Do you secure it? Or do you do something more fun? A few minutes with squid and iptables could greatly improve your neighbours' Web experience ..." Improve is a relative term, but this is certainly gentler than certain other approaches.

Re:It could be worse...

I'll just have to turn my monitor upside down! Oh crap, I'm using a laptop.

Goats

I'm surprised the guy didn't send every link to goats.ex... He was being way too nice.

Re:Goats

If you don't secure a wireless connection that spills onto other people's property, why shouldn't they use it until told otherwise? You could argue that you're not really encroaching, but I guarantee you that's not true. There's another network near us that was too weak to always show in the list of nearby nets, but was just strong enough to cause intermittent signal pollution until one day I happened to move the router to get at something else, and noticed it next time I connected.

If you let your signal spill over onto other people's space, too bad.

In fact, I wouldn't be mad if someone were using my connection without my approval unless they were encroaching on my space to do it. In fact, I only secured it because of bandwidth concerns and the potential for other people to use it for illicit purposes.

Re:Goats

I chose to leave my wireless network open so that if someone nearby needed a connection it would be available for them. If someone was to impose an unreasonable load on the network I might do something about it but so far (12 months) I've had about half a dozen people connect and download relatively small amounts of data - my guess is they were checking email. Why would I object to that? No . . . why would *you* object to that? The way I see it it's a chance to do something nice for other people, why not get yourself some good karma.

Re:Goats

I've lived in two places where I set up my access point with no encryption. In both places, I've fired up iTunes to see someone else sharing music on my LAN. This didn't bother me until I read the name of the share: "(name)'s LimeWire Tunes."

I don't mind if people want to check their e-mail on my WAP. I do mind when they idle on file sharing services, using lots of bandwidth and exposing me to potential legal liability.

It's a shame that I have to protect my router somehow, especially because one of my devices (a Nintendo DS) doesn't support WPA at all.

Re:Goats

It shouldn't be too hard to set up some fixed IP addresses for your home machines, and let "guests" use a different IP range, for which you have implemented port blocking for all but 80, 25 and a few others for https and sending email, if you wish.

Re:Goats

That's exactly what I've setup at my wife's salon, where she has an open wireless for her customers. The office computers have full internet access, any wireless guests have their ports limited to the basics. The cheapy D-link router had this capability built-in, making it a no brainer.

Re:Goats

Your router is giving them permission to associate, is providing them with an IP address, and is allowing them to pass traffic. Heck, I'm guessing your AP is even broadcasting its SSID and telling people its available for them to connect to. When the client associates it acts just like a web page request, it says "Hey, can I connect here?" and if your router replies with a "Sure thing!", then as far as I'm concerned you've given them permission to use your network. If you don't want strangers using your Internet, you've got TONS of options, turn off DHCP, use WEP, use WPA, limit access only to those MAC addresses you approve, turf off SSID broadcast. Obviously some of these offer better security than others, but ANY of these will prevent a casual user from using your network.

Re:Goats

It's a shame that I have to protect my router somehow, especially because one of my devices (a Nintendo DS) doesn't support WPA at all.

A really easy method is to allow access only to specific MAC addresses. I hate encryption since it's such a pain and I don't do anything secure wirelessly anyways. Now all I have to do is set the MAC address on the router and I'm in!

Re:Goats

It is trivial for somebody to sniff your wireless card's MAC and spoof it. However, it requires enough knowledge to operate a sniffer and a MAC spoofer, thus eliminating 99% of the population. And even at that, they have to catch you while you are using the computer in order to find out your MAC, which potentially requires a time investment. After that, they might have to flood the ARP tables (does this even work over wireless?) if your computer is still on while they are trying to spoof your MAC. I guess trivial is a relative term... Why I am even posting this? Somebody please mod me down...

Re:Goats

The DS supports WEP. While WEP is immeasurably inferior to WPA, it does at least make your intentions absolutely 100% clear.

While some in the tech community continue to believe they have implied "permission" to use your network if it's not secured, that isn't how the courts see it. Nonetheless, you can satisfy both schools of thought by securing your network even if it's just with WEP. Anyone who persists in connecting to your network will not merely have difficulty using the non-existant permission argument, but they can't pretend they used it by accident either.

At the same time, as you've taken reasonable precautions to prevent misuse of your network, your liability for anything the person who broke in did will be considerably lower too.

Re:Goats

At the same time, as you've taken reasonable precautions to prevent misuse of your network, your liability for anything the person who broke in did will be considerably lower too.

But it'll be harder to prove it wasn't you.

Re:Goats

That's why whenever I go to the park, I always run toward the large flocks of pigeons while flapping an umbrella and crying out "PAKAW! PAKAW!" Sure, it's a little embarrassing, and the people who get droppings on them in the ensuing mass migration get a little upset, but if it saves even one pigeon, then it's worth it.

Unfortunately, I believe it's only scaring them away from people who charge them with umbrellas while screaming which, in my experience, is not a significant number. I fear I'll soon have to resort to more drastic measures, like holding out some popcorn and then cold-cocking the first sonofa dove that makes a lunge for it. Of course I'll tell them it's only for their own good, and it hurts me more than it hurts them.

Re:Goats

Note to vindictive mods: thanks for giving meta-moderation a chance to remove your privileges. I stand by my original post, and in addition to that, I fart in your general direction.

Re:Goats

Yeah, that's what I do too. My neighbors also have open access points mostly. I check the logs every so often, but I've never seen anyone but me having connected. Still, if someone wants to check their email, it's there. I don't have a problem using open points to check mail while I'm travelling, might as well return the favor. I'd lock it down if someone were leeching 24/7, but I don't see any of my neighbors doing that.

Re:Goats

You've got two problems you've overlooked. If someone uses your connection for illegal activity (downloading Meet the Fockers, kiddie porn) it will be your IP address that the RIAA/MPAA/FBI will trace. Good luck convincing them it wasn't you. You might be able to do it, but it will take up time and money (lawyers) to clear your name. And in the case of kiddie porn or other criminal act, expect every computer, PDA, and cell phone in your home to be confiscated to be analyized for incriminating data. The second problem is you are allowing strangers access to not only your Internet connection, but also your LAN. I have multiple computers and put files in shared folders so I can access them from different machines. I don't want some strange to have access to those files, or worse, have their computer be infected with a worm/virus that propogates across the network.

Re:Goats

Unfortunately, not everyone is as kind (or patched/anti-virus'ed/etc.) as your neighbors are.

I spent three years as an abuse admin at an ISP, and spoke with a number of customers where the only likely culprit for an abuse complaint was someone "borrowing" their Wi-Fi connection (nmap [insecure.org] is a wonderful tool for finding likely infections/file sharing clients). In almost all of these cases, securing the Wi-Fi access point made the problem go away.

It's possible that my customers were lying and that they just latched on to the Wi-Fi excuse to get me off their backs, but after three years, it (usually) wasn't too hard to tell when someone honestly had no clue and when they were covering up :)

So *that's* why I object to people using my Wi-Fi without permission.

Re:Goats

If you don't secure a wireless connection that spills onto other people's property, why shouldn't they use it until told otherwise?

Conversely, if you find someone else's unsecured wireless network, why would you complain if they decided to flip all the images?

Re:Goats

Here's the proper analogy:

I put my garden hose in the street and leave it running 24/7. Is it stealing if you walk up and fill up a jug with water?

I asked a lawyer this once, and he said yes, but he's a jerk so I take it with a grain of salt.

Besides, the law is whatever the **AA buys.

Liability?

What are the odds that a neighbor would use your network and then sue you for the content that your are sending to him?

Re:Liability?

What are the odds that a neighbor would use your network and then sue you for the content that your are sending to him?

Yeah, ailurophobia is a bitch.

Re:Liability?

If you redirect a minor to goatsex, you might be in trouble.

If, on the other hand, you simply mangle the images that (s)he's looking for, then you could say that you're protecting the kid from nasty content.

It's not like you have a contractual responsibility to deliver something that (s)he never asked or paid you for.

It's not their fault...

How can you blame people for connecting to a wireless router with the ID "Free Porn"?

Granted, my neighbors didn't intentionally set their router up with that ID but they did leave it unsecured with the default password for the admin account. It was simply the neighborly thing to do to change their ID and resecure it with a new password (that, admittedly, they didn't know).

Should be legal

In our topsy-turvy legal system, it might not be. :( But it should be. The nieghbors have no right to expect anything so they should have to just accept whatever the router sends them. As allegedly was said by Truman Capote:

The trouble with living outside the law is, you put yourself beyond its protection.

Re:Should be legal

IANAL, but your machine is manipulating those bytes as they go by, and therefore you're tampering with their communications which may be legally protected.

As funny as this might be, I don't see it as being worth the potential liability. If the DMCA can attempt to outlaw drawing on your CD with a sharpie, then you could get in trouble for just about anything.

The funnest thing

After reading the article and it's comments, I've decided that the best would be to make it allways load an upside-down goatse

Could just watch

Could just watch their traffic, and when they try to bid on ebay, just slow their traffic down, then out bid them. They'll rue the day they tried to outbid 'yourneighborfromhell' on ebay.

Re:Could just watch

No, no, no. You increase each and every bid by a factor of 10, and then auto-confirm it.

Missing the point, I think

You discover that your neighbours are using your unsecured wireless network without your permission.

If your wireless network is unsecured, permission to use it is implied, and there are operating systems that will automatically use such networks, are there not?

Re:Missing the point, I think - absurd.

The analogy is not flawed. So the router is "visible", with an option to make it invisible. Big deal. My garden is visible from the street, but I can put a tarp around it to obscure its existence. What you are saying is that, unles I put a tarp up around my garden, everyone has a right to use it.

Wireless networks may make themselves conspicuous, but that does not confer an invitation to use them. The connection between "visible" and "inviting" is not legally or morally valid. (I am excepting the concept of "attractive nuisance", but I don't think open routers will come under that area of liability)

Re:Missing the point, I think - absurd.

What you are saying is that, unles I put a tarp up around my garden, everyone has a right to use it.

No, actually we're saying that if your garden pelts us with carrots and peas as we walk past on the public street, we're at liberty to catch them and consume them. Only if you place anti-vegetable-flight netting around your garden (or stop planting vegetables that lend themselves to comparison to an unsecured WAP) does it become incumbent upon us to behave as good citizens.

Hey! Analogies are fun! Somebody compare Internet privacy law to hunting and fishing licenses!

Re:Missing the point, I think

No, it's not implied. As the law stands, it's illegal unless you get something more explicit in terms of permission. Yes, illegal. Yes, people have lost in court. No, not civil court, criminal.

(And it makes sense that no implied permission is given by simply having your router be unsecured, given "unsecured" is the default configuration of most off-the-shelf routers.)

It really isn't an issue in practice. If you want to use someone else's network, all you have to do is ask them. With 802.11, you're close enough to be able to do so. There's no reason not to ask, other than knowing that "no" is likely to be the answer. And I think that's why people tell themselves the myth that somehow they have implied permission simply because the "door" was left unlocked.