RSSUpside-Down-Ternet: Having Fun With Wireless Interlopers
I'm a big fan of open wireless access points. As long as my neighbors are respectful, I've got more downstream bandwidth than I really need most of the time. That said, I can understand the frustration with having a persistant freeloader, so I can really appreciate this hack which allows you to send a "knock it off" message, without having to close down your blessed open network.
The Upside-Down-Ternet works like this:
- You set up a DHCP server to assign addresses from one IP netblock to known MAC addresses, and another "untrusted" netblock to unknown MACs.
- The trusted netblock is routed normally, but the untrusted netblock gets all port 80 traffic forwarded to a transparent squid proxy using iptables.
- The squid proxy filters all HTTP traffic, looking for URLs ending in jpg or gif.
- If a jpg or gif is encountered, the image is flipped using morgrify and the untrusted user is sent the upside down image instead of the original.
This could be easily modified to default to giving normal access. You could then direct known abusers to the crippled network. Another option would be to provide "degraded" access using a blur or desaturate filter on images. This would allow people to make use of the free service, but would require them to ask permission to be on the trusted list before having full access.
How do you like to deal with wireless interlopers? What's your ideal wireless setup - one that balances security, ease of use for legitimate visitors or passers-by, and quality of service? Give us a shout in the comments!
Posted by Jason Striegel |
Mar 29, 2007 08:19 PM
Network Security, Wireless |
Permalink
| Comments (3)
Recent Entries
- Poromenos' hello world curve
- USB CapsLocker and Sun keyboard simulation
- Robosapien has a coil gun
- Faster Windows shutdown
- Assign USB drives to a folder
- Little drummer bot
- CSS ad blocking for Firefox and Safari
- Design Coding: web standards rap
- Shredz64: Guitar Hero for C64
- BATMAN: adhoc mesh routing
Comments
Newest comments listed first.
| Posted by: LBonanomi on March 31, 2007 at 8:21 PM |
I run my wireless off a pfSense router and a premium cable connection. I don't mind providing a signal to guests in my home, but in the past some users had abused my courtesy by parking laptops overnight and downloading enormous torrents. I grit my teeth and firewalled outbound p2p, but this just led to guests demanding that I attend to their "connection problem".
To give my visitors a fair warning about firewall restrictions, I broke open /usr/local/captiveportal/index.php and made a few changes. If you replace the line: 'portal_reply_page($redirurl, "login");' with:
else { /* display captive portal page */
$banned_services = array('445' => 'CIFS', '6881'=> 'Bit Torrent');
foreach($banned_services as $banned_port => $banned_service)
{
if (@fsockopen($_SERVER['REMOTE_ADDR'],$banned_port,$errno,$errstr, 1))
{
print "Sorry, Port $banned_port is open. $banned_service is not allowed.
Try turning the responsible application off before reconnecting. Firewall
rules will prevent it from connecting anyway. This message is provided
as a courtesy. -The Mgmt.";
exit;
}
}
portal_reply_page($redirurl, "login");
}
then your wireless guests will be gently informed that their p2p traffic can be taken somewhere else. Remember that this isn't much good unless firewall rules are in effect to actually block traffic later.
If you're running a freenet and want to stop bandwidth leeching p2p but still pass all other traffic, you can replace:
portal_reply_page($redirurl, "login");
with:
{ portal_allow($clientip, $clientmac, "unauthenticated"); }
to automatically pass users who aren't soliciting p2p client requests.
| Posted by: loegc on April 29, 2007 at 3:06 PM |
Inspired a mode of SiteLife, where you can type in the URL of a website, then click on the 'change view' button (letter 'c' in top right) three times. Changes from normal view to source code, then blurry images (useful to simulate bad eyesight), then inverted images.
| Posted by: Paul Chilton on February 29, 2008 at 12:37 AM |
SiteLife update to TheirView. Basically a transforming proxy that can do the upside down images as well as other web developer applications.
No software install, works across most browsers.
www.theirview.org
Bloggers
Welcome to the Hacks Blog!
Brian Jepson
Jason Striegel
Phillip Torrone
Categories
- Ajax
- Amazon
- AppleTV
- Astronomy
- BlackBerry
- Blogging
- Body
- Cars
- Cryptography
- Data
- Education
- Electronics
- Energy
- Events
- Excel
- Excerpts
- Firefox
- Flash
- Flickr
- Flying Things
- Food
- Gaming
- Gmail
- Google Earth
- Google Maps
- Government
- Greasemonkey
- Hacks Series
- Hackszine Podcast
- Halo
- Hardware
- Home
- Home Theater
- iPhone
- iPod
- IRC
- iTunes
- Java
- Kindle
- Knoppix
- Language
- LEGO
- Life
- Lifehacker
- Linux
- Linux Desktop
- Linux Multimedia
- Linux Server
- Mac
- Mapping
- Math
- Microsoft Office
- Mind
- Mind Performance
- Mobile Phones
- Music
- MySpace
- MySQL
- NetFlix
- Network Security
- olpc
- OpenOffice
- Outdoor
- Parenting
- PDAs
- Perl
- Philosophy
- Photography
- PHP
- Pleo
- Podcast
- Podcasting
- Productivity
- PSP
- Retro Computing
- Retro Gaming
- Science
- Screencasts
- Shopping
- Skype
- Smart Home
- Software Engineering
- Sports
- SQL
- Statistics
- Survival
- TiVo
- Transportation
- Travel
- Ubuntu
- Video
- Virtualization
- Visual Studio
- VoIP
- Web
- Web Site Measurement
- Windows
- Windows Server
- Wireless
- Word
- World
- Xbox
- Yahoo!
- YouTube
Archives
Recent Posts
- Poromenos' hello world curve
- USB CapsLocker and Sun keyboard simulation
- Robosapien has a coil gun
- Faster Windows shutdown
- Assign USB drives to a folder
- Little drummer bot
- CSS ad blocking for Firefox and Safari
- Design Coding: web standards rap
- Shredz64: Guitar Hero for C64
- BATMAN: adhoc mesh routing
www.flickr.com
|
Leave a comment