Post by: Gewehr98 on December 12, 2005, 08:27:42 PM
Last night, I decided I'd do some troubleshooting, so I had my youngest stepson turn his computer off. He volunteered because he was complaining the loudest about lag. His computer is the only one, besides my laptop, that uses the 802.11b wireless connection to the rest of the network, by means of a Wireless Access Point in my office/lab. Everything else is wired 100-BaseT. When he yelled from across the house that his machine was indeed off, I watched the Wireless Access Point. It was flashing activity continuously, as if my stepson were playing his online game or downloading a file from the Web.
I knew my laptop was turned off, so what's sucking through the wireless system? I clicked on My Network Places, and then Entire Network. Voila'! In addition to my normal home Workgroup, there was an additional network workgroup name there, installed nice and pretty. Clicking on it gave the computer's name and a partial description, and it wasn't a computer I'd set up in my house. Going to the internal webpage of my Linksys router and displaying clients confirmed we had an imposter. Son of a Biscuit, I had a leech!
Now, our houses are pretty far apart in my neighborhood, and the military house to the west of me is vacant. The unit to the east is a good friend of mine, with his own cable modem. That left the houses to the north and south of me. The houses to the north of me are mostly vacant, save for one guy. He's a single Air Force meteorologist who is on leave away from the local area until after the holidays, so I really didn't think it was him. Now, behind my house to the south, we have neighbors who are, shall we say, visited by the Satellite Beach police department on a fairly regular basis. They also have their house lit by candles on occasion, because their power gets cut off by FPL for non-payment. My guess is that it was them, and I'll do a little snooping to see if the personal name on the computer I found leeching is in some way connected to the occupants of that rental unit.
Now, it was my fault that we had a leech. A couple weeks ago, my wife brought a friend's laptop home to me to install an 802.11g wireless card, and I disabled WEP on my network to get that laptop working without having to type in my personal encryption key. Like a dummy, once I got that laptop working on the Web just fine, I forgot to re-enable WEP. I left the door wide open to my network.
So last night, while my erstwhile neighbor was sucking bandwidth through my Wireless Access Point, I logged into the WAP's internal website, selected 128-bit Wireless Encryption Protocol, and created a new encryption key. I hit the "accept" icon, and watched as the WAP's activity light went from solid green to dark, that quickly. ahole, I fixed your little red wagon right quick, didn't I? Tonight, everybody in the house was tickled pink how quickly their computers accessed the Web, sent and received email, transferred files, printed documents, and did the multiplayer thing sans lag.
Later this weekend, I'm going to run a couple WiFi utilities on my laptop, and walk around the perimeter of my backyard, looking for signal strength and the same computer name I just disconnected from my WiFi network. Maybe I can upload a virus or worm onto that machine if I find it. Other than that, I doubt there's anything in the legal or law enforcement world I can do.
But I learned an important lesson - if you have WiFi, use encryption. Period.
Post by: Harold Tuttle on December 12, 2005, 08:38:41 PM
you should be able to see where he was going to via your connection
with that kind of bandwidth suction, i would suspect .torrent downloads of movies
Post by: Sindawe on December 12, 2005, 09:38:36 PM
http://www.jiwire.com/wi-fi-security-home-networks-1.htm
Remember. Paranoia is not a mental illness. It is a survival trait.
Post by: mtnbkr on December 13, 2005, 02:27:05 AM
Chris
Post by: cfabe on December 13, 2005, 03:32:53 AM
And as mentioned, regardless of your opinions of said neighbor, it could easily be accidential. I had my neighbor's kids laptop on my network a few times when I had left it open. I'm sure she wasn't intentionally stealing my access, probably just clicked 'connect' to whatever network windows found her.
Post by: garrettwc on December 13, 2005, 03:55:41 AM
Post by: charby on December 13, 2005, 04:15:39 AM
Post by: Preacherman on December 13, 2005, 04:52:49 AM
Post by: roo_ster on December 13, 2005, 06:24:30 AM
Of course, I use WEP, do not broadcast SSID, and have changed the admin password.
Post by: Guest on December 13, 2005, 06:38:13 AM
Post by: Guest on December 13, 2005, 06:44:28 AM
Let's say you have an apple tree in your back yard. One year it puts out a monster of a crop, so you take a big basket, fill it up, put a sign on it saying "free apples" and stick it in your front yard next to the curb.
If somebody takes one, are they stealing?
This is *exactly* what you did. Your system was electronically broadcasting "free internet!" to your whole neigborhood. That's how WiFi works, the system broadcasts it's availability. Don't like it, don't use WiFi or at least throw a password on it.
IF they had to crack a password to get in, that's another thing entirely, a felony on their part.
The fact is, any number of people, groups and even government entities are deliberately serving free internet to various areas for various reasons. It is NOT up to the user to figure out the motivations or to decide when use of a free internet connection is going to be percieved as "stealing".
In short, you have no right to complain, no legal recourse...UNLESS they were doing something illegal on your net like kiddie porn or piracy or whatever.
Unless you're prepared to go prove that, I suggest you NOT contemplate the various felonies you just discussed in "retaliation" (deliberate uploading of a virus, worm, etc.).
The only potential criminal activity you've described here is your own.
Post by: mtnbkr on December 13, 2005, 06:57:19 AM
Start the paper trail now in case they did use your connection for illegal activities. Having an official complaint on file will support your case that you did nothing wrong and attempted to take action.
Chris
Post by: Vodka7 on December 13, 2005, 08:33:44 AM
It's a bad analogy, but if someone stole your car I'd feel bad for you. I'd feel a lot less bad if someone stole your car because you left it running with the keys in the ignition. Despite what the law says, common sense says you should take a few steps to protect your valuables (not something I thought would ever need to be pointed out on this forum.)
Post by: Chris on December 13, 2005, 09:57:00 AM
Post by: Guest on December 13, 2005, 09:57:05 AM
Quote from: mtnbkr
Nonsense. Open wifi, however unwise, is not an invitation to tresspass any more than an unlocked or even open door is an invitation to enter a house.
False analogy. There was no trespassing. In fact the access point was broadcasting its signal into the home of whoever it was that used it.
Post by: BryanP on December 13, 2005, 10:11:17 AM
Post by: mtnbkr on December 13, 2005, 10:14:02 AM
Quote from: cas700850
And this is exactly why I am opposed to WiFi in our home and for secure purposes. Sufing the net is one thing. Secured business should be hard wired. My .02.
You can secure wifi to the point that all but the most talented and determined hackers can get in (those folks won't need wireless to get in though). Put an IPSEC VPN encryptor between the wifi device and your network. Sure, they might connect to the wifi (if they can bypass that device's security), but they still have to authenticate to the VPN encryptor. That's a bit tougher than sniffing someone's WEP settings. Of course, every system that needs to access your network via wifi will need a VPN client of it's own, but it'll work fine. Even better, VPN vendors are developing their clients to be more compatible with wifi, including features such as IP mobility, which maintains your "tunnel" when moving from one wifi access point to another.Quote
There was no trespassing.
They were sending packets across a hostile network without the owner's permission. Personally, I wouldn't be bothered by most rogue users, but these folks were using the system pretty heavily, heavy enough to be noticed by the owners. I would take action simply as a CYA measure in case they were doing something naughtier than checking their email.
Chris
Post by: Phyphor on December 13, 2005, 10:33:13 AM
Quote from: mtnbkr
Nonsense. Open wifi, however unwise, is not an invitation to tresspass any more than an unlocked or even open door is an invitation to enter a house.
Start the paper trail now in case they did use your connection for illegal activities. Having an official complaint on file will support your case that you did nothing wrong and attempted to take action.
Chris
Um, it's not tresspassing, unless they actually took steps to hack his wireless router. However, since he admitted to turning off WEP, he basically had an open 'free' hotspot. It's not up to everyone else to determine whether that hotspot is supposed to be freely availible, it's up to him to secure it.Start the paper trail now in case they did use your connection for illegal activities. Having an official complaint on file will support your case that you did nothing wrong and attempted to take action.
Chris
Now, I'd understand him being pissed if, say, they'da come in his house and plugged a cat-5 into his router, but using unencrypted signals? He's actually pretty fortunate that they didn't do something like plant viruses / trojans / skim his machines for whatever info they could.
(This is another reason why I only run wired networks, it may be a PITA to run Cat5 all over the house, but at least I know for sure nobody's gonna leech my connect, and they sure as hell aren't gonna screw up my machines)
Post by: Phyphor on December 13, 2005, 10:35:28 AM
Quote from: BryanP
You were broadcasting open WiFi with no password protection. You've got nothing to complain about. You've turned on encryption and set a password. If he uses readily-available tools to break the (laughably vulnerable) WEP encryption and *then* gets on your network again, you've got a legitimate reason to be upset.
Oh, most certainly. He should definitely keep logging enabled. (And does the router he uses keep track of MAC addresses? If so, he needs to get that MAC and save it somewhere where it won't get lost, ) If they do in fact hack his router, he DOES have a computer tresspass case, and should certainly nail them to the wall.Using a widespread, unencrypted, unprotected connection is one thing. Actually breaking into one is quite another.
Post by: MillCreek on December 13, 2005, 10:55:37 AM
Amazing to me that my neighbors have no concept of network security.
Post by: pauli on December 13, 2005, 11:13:34 AM
Quote
Later this weekend, I'm going to run a couple WiFi utilities on my laptop, and walk around the perimeter of my backyard, looking for signal strength and the same computer name I just disconnected from my WiFi network. Maybe I can upload a virus or worm onto that machine if I find it. Other than that, I doubt there's anything in the legal or law enforcement world I can do.
your post was great till you got here.you've secured the network. now let the matter rest.
Post by: Gewehr98 on December 13, 2005, 11:44:48 AM
But I also know nobody "accidentally" installs their workgroup on my home network, and then starts sucking so much bandwidth that I had a hard time working through my cable modem. This wasn't somebody simply checking emails every now and then. This was somebody pulling serious downloads, like torrent mpegs, Limewire, WinMX, and the like. They helped themselves to two weeks of free internet through my network, and they made serious use of the connection until I nipped it in the bud. The wireless access point lit up the room, the activity light was going continuously.
Did I expect neighbors to tap into my 802.11B WiFi cloud? No. Reception inside my cinder-block home is spotty enough, and that's with the wireless access point in my office just a few feet from the intended recipient, who had to use a high-gain antenna just to get signal inside the house. As I tried with my own laptop, reception outside was for the most part absolutely horrible by the time I'd gotten to the back fence separating the two properties, and their house is another 100 feet or so from that fence. That means they probably have an aftermarket antenna, perhaps one of the Hawking or other high-decibel gain versions, aimed at my office window in the cinder block south wall. Accidental, my posterior.
Post by: Nathaniel Firethorn on December 13, 2005, 12:32:55 PM
Quote
So last night, while my erstwhile neighbor was sucking bandwidth through my Wireless Access Point, I logged into the WAP's internal website, selected 128-bit Wireless Encryption Protocol, and created a new encryption key. I hit the "accept" icon, and watched as the WAP's activity light went from solid green to dark, that quickly.
I sent back a Belkin access point because it only spoke WEP. We wanted at least WPA-PSK.I haven't got the SSID turned off. I think I'll leave it that way in case Mrs. Firethorn wants to connect a stray box while I'm not around.
- NF
Post by: mtnbkr on December 13, 2005, 12:46:08 PM
I would be tempted to set up a firewall between the access point and your network and maybe even put a honeypot in the network between the firewall and access point for shits and giggles. Just make sure you set the firewall to block the honeypot in case it gets compromised. IIRC, there's a way to send logging info directly to a printer so it's printed immediately (and old dot matrix printer and a box of that linked paper would be ideal for this).
Actually, that could be fun and educational at the same time if you have some 'haxor' wannabes in your area.
Chris
Post by: Gewehr98 on December 13, 2005, 04:01:41 PM
WEP has worked fine so far, but I will probably implement all the extra precautions Sindawe listed.
Good to see Jim March again, even if he's berating me. How ya doin', Jim? Hopefully, your software savvy is keeping Diebold at bay.
Post by: Guest on December 13, 2005, 05:04:06 PM
Post by: mtnbkr on December 13, 2005, 05:19:06 PM
I use dynamicDNS and port forwarding to run a website from my server here at the house. It works most of the time, but sometimes dyndns.org doesn't update or just shuts down my dns entry (I'm using the free service, that's probably why). When it works, it works well though.
Chris
Post by: onions! on December 13, 2005, 06:11:11 PM
I'm glad you guys speak English on THR.
Geez.
Post by: garrettwc on December 14, 2005, 03:28:13 AM
http://www.channelcincinnati.com/health/5520020/detail.html
Post by: roo_ster on December 14, 2005, 04:08:45 AM
Your leeches may be using something a bit more sophisticated thanone of the commonly available directional antennas made for WiFi. My neighbor crafted a smokin' receiever out of his old Dish Network satellite dish. LONG range.
Post by: Brian Williams on December 14, 2005, 04:19:41 AM
Who has a good tutorial on accessing and securing a wireless router?
I have one from verizon DSL and was wondering if I could run all net access thru one computer even though all of them use the router for network access. I would like to use one computer for netaccess and firewall and appserver
Post by: roo_ster on December 14, 2005, 04:38:21 AM
1. Change the admin password. The default is generally the same for an entire line of routers.
2. Change the SSID, which is the name of little wireless network you set up
3. Change the router's name
4. Set up the highest level of encryption your machines' operating systems can handle. For instance, Win2000 can usually handle only up to 128 bit WEP.
5. Set up your router to NOT broadcast the SSID
Optional steps:
1. Set beginning DHCP addresses at something other than 192.168.1.1
2. Set up MAC address filtering. Every netowrk device (NIC, wireless card, etc) has an unique MAC address. You can set up your router to only allow those addresses to access the network.
Others have written about setting up a VPN. This is good, paranoid advice...which I have not gone to the trouble of implementing, as the above steps will prevent 99.9% of those who may try to leech.
Post by: Guest on December 14, 2005, 06:13:29 AM
Quote from: Brian Williams
Who has a good tutorial on accessing and securing a wireless router?
Honestly the manual that came with your wireless router should cover this in step by step detail. If you dont have an actual paper manual try checking the disk that came with it, there is most likely a detailed manual on there.
Post by: Phyphor on December 14, 2005, 08:50:23 AM
Quote from: Gewehr98
I actually considered that firewall/honeypot idea. I'm working on moving my website, blog, and file server (with all the nice Gewehr98 rifle pics) home to a cute little 3Com web server, and use Dynamic DNS to redirect the URL to this machine. I could unmask a honeypot and watch my leech neighbor pull the files down, maybe the entire Doom3 demo file, etc. Could be fun, but I'd rather keep unwanted individuals off my network, period.
That would be best...However, for your 'give 'em a virus idea'..... wouldn't that be poetic justice if your honeypot actually had viruses disguised as programs / whatnot? I.E, he thinks "ooh, free software, *yoink* "
(It's not like you'd actually be forcing it on him........ )
Quote
WEP has worked fine so far, but I will probably implement all the extra precautions Sindawe listed.
Good to see Jim March again, even if he's berating me. How ya doin', Jim? Hopefully, your software savvy is keeping Diebold at bay.
Hopefully, yea.
Good to see Jim March again, even if he's berating me. How ya doin', Jim? Hopefully, your software savvy is keeping Diebold at bay.
Post by: Nathaniel Firethorn on December 14, 2005, 09:14:51 AM
Quote
4. Set up the highest level of encryption your machines' operating systems can handle. For instance, Win2000 can usually handle only up to 128 bit WEP.
You're not nec. limited by the OS with the right hardware. For instance, I have a Westell VersaLink router and a USR 5432 MaxG bridge. Both support WPA without any help from the OS.- NF
Post by: MaterDei on December 14, 2005, 10:33:34 AM
What I'm trying to say is that the person 'leeching' might have had no idea that he was doing it and now he's wondering why his router broke.
Post by: mtnbkr on December 14, 2005, 02:14:57 PM
Quote from: Blackburn
I'm going to have to find instructions for the satellite dish thing- I've got an extra old... CRAP I threw it out! Dammit!
Just be like every other l33t haxor and use a pringles can.Chris
Post by: Gewehr98 on December 14, 2005, 03:28:04 PM
These cinder block military duplexes I live in are piss poor for WiFi signal, hence my argument that whoever tapped into my network and installed their own workgroup was really looking hard for an external connection. From my family room office, I had to jack the wireless access point up on a shelf near the ceiling, then install a Hawking high-gain antenna just so #2 stepson could get usable signal in his bedroom, not more than 40 feet from the transmitter. Even then, the cinder block walls and hallways degrade the signal strength to less than optimal. Walking around in my backyard with my laptop, the signal from my wireless access point is downright horrible, save for a very narrow corridor where the south window is lined up with the transmitter. I came real close to buying a Linksys WSB24 booster, before they got yanked from the market. Hence my misconception that the 802.11b node on my Ethernet network here was relatively safe from leeches. It was, before I forgot to restore WEP. That's a mistake I won't repeat soon, trust me.
Post by: Sindawe on December 14, 2005, 03:48:51 PM
Quote
Just be like every other l33t haxor and use a pringles can.
BWAHAHAHHAHA I forgotten about that. My ex-BIL and his friend did that to build a GPS receiver as one of their engineering projects in college back in '91, along with writting the code to read the signals and plot out the course they took. All hooked up to and run on an old AMSTRAD 640 (http://www.old-computers.com/museum/computer.asp?st=1&c=195) he'd gotten from his father.
Post by: Guest on December 14, 2005, 05:17:59 PM
http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html
Post by: matis on December 14, 2005, 10:38:55 PM
I have read of your continuing effort on behalf of the 2nd amendment.
Now I see how involved you are in stopping this computer voting fraud system being foisted on us.
My hat is off to you as high as I can hoist it!
matis
Post by: Phyphor on December 15, 2005, 12:22:28 AM
Post by: Gewehr98 on December 15, 2005, 11:33:41 AM
Still thinking about setting up that honeypot machine, sitting wide open on a DMZ through my router. If it's a felony to infect his network with a virus or worm via the push method, what's the legal repercussion of him tapping into my accidentally infected honeypot?
Post by: mtnbkr on December 15, 2005, 12:13:13 PM
Quote
If it's a felony to infect his network with a virus or worm via the push method, what's the legal repercussion of him tapping into my accidentally infected honeypot?
That's a bit more vague. Technically, he would be tresspassing on your property to get the files, but there's quite a bit of noise in the industry about honeypots and their legal status (the govt has no qualms about using them though). I'd leave out the virii and choose instead to log everything heavily with plans to press charges once you have proof of snooping on your network. Let the legal system do your work. Chris
Post by: K Frame on December 15, 2005, 12:18:31 PM
Get yourself a surplus rocket propelled grenade on the black market and show that SOB who's boss!
BE A MAN!
Post by: Sindawe on December 15, 2005, 12:24:44 PM
Quote
Get yourself a surplus rocket propelled grenade on the black market and show that SOB who's boss!
Whussy. Gewehr98, dust off and nuke the leach from orbit. Its the ONLY way to be sure. 
Post by: mtnbkr on December 15, 2005, 12:35:18 PM
Chris
Post by: Guest on December 15, 2005, 06:38:32 PM
http://www.bbvforums.org/forums/messages/1954/8556.html?1122679073
http://www.bbvforums.org/forums/messages/1954/8568.html?1122664155
Post by: Phyphor on December 15, 2005, 10:34:41 PM
Quote from: Gewehr98
Just used my handy-dandy laser/sonic rangefinder thingy, which normally sits in the drawer. 110 feet from my cinder block wall to the neighbor's wall across the back yard.
Still thinking about setting up that honeypot machine, sitting wide open on a DMZ through my router. If it's a felony to infect his network with a virus or worm via the push method, what's the legal repercussion of him tapping into my accidentally infected honeypot?
Your machine, your network. He entered your machine w/o permission. Hell, if I get infected with a virus from a website that I visit, whose fault is that?Still thinking about setting up that honeypot machine, sitting wide open on a DMZ through my router. If it's a felony to infect his network with a virus or worm via the push method, what's the legal repercussion of him tapping into my accidentally infected honeypot?
Not to mention the computer tresspass issues. If he's tapping into just the internet, fine. But if he actually accesses one of your machines, honeypot or not, he's committing computer tresspass.
You almost certainly can't get him on anything, but he certainly can't bitch. What's he gonna say "Well, I got into this dude's computer on his network, downloaded some programs off of it, and I got a virus! Can I sue?"