Wireless use [Matthew's Journal]

We have an open wireless access point, which allows anyone to get to the outside world (only some ports, most especially not SMTP), as a matter of policy (such things are useful, IMO, and so running one is a good thing).

Sadly, it seems someone (presumably one of the near neighbours), which I guess means next-door in the semi (as the other way is away currently) is making extensive use of our wireless during the chargable period - we've used 1.38G chargable this month, compared to an average of about 570M for the previous 3 months. I don't think we want to start paying extra for others to use our wireless internet.

I can see a few options:
i) turn the wireless off during chargable hours (except on days when someone is working at home)
ii) rate-limit the wireless to 512K/s (with some baroque tc runes?) during charging hours
iii) redirect all web-traffic to a stunt webserver that puts up a page saying "you're running up our bandwidth costs - please email

emperor if you want to carry on doing this"
iv) assume my guess is right and go and talk to the neighbours

I'm not interested in playing games like redirecting them to goatse or inverting their images or any of that sort of thing.

October

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25 1
26	27	28	29	30	31

Sun

Mon

Tue

Wed

Thu

Fri

Sat

I'd go for iii) if you're not prepared to just secure it.

[link] [reply]

Stunt webserver that watermarks all inbound audio, coupled with a directional microphone listening out for the watermark, so you find out who's doing it? :-p

Frankly, DDTT; my wireless is locked down, because that was easiest.

To maintain your policy, you could set up some sort of traffic shaper which severely limits access for people who haven't logged on to it or devices not on the "friendly" MAC list or somesuch. The problem is already solved; the likes of BT OpenZone let you only connect to the pay-us page. You'd want something slightly different like a punitive rate- or bandwidth-limit for unknown devices coupled with a welcome page saying "hi, this is our wireless, we're making it available as a public service, it's rate-limited, if you want to make nontrivial use of it contact [...]"

I tried googling for such software.. eventually, diy wireless hotspot turned out to be a good set of search terms. http://www.publicip.net/ and http://nocat.net/ look like they may be useful.

[link] [parent] [reply]

I'd go talk to the neighbours. Good chance they either a) haven't realised they're connecting to your AP rather than their own, and/or b) don't have a clue that this is costing you money.

If you don't think the neighbours are likely to take kindly to it I'd do a combination of i and iii.

I think that if you don't want people to make excessive use of your wireless AP then you need to make that clear somehow if you're going to have it be open. A hotel-style thing where first web access gets you to a page stating terms and then a maximum limit on downloads for a given MAC/IPaddr would be sensible.

If that all sounds like too much effort, then the other approach is just to secure the thing. That's what I do.

My preference would be rate-limiting on a do-as-you-would-be-done-unto sort of way. My second preference would be cutting out non-text traffic, possibly by redirecting such traffic to an image saying 'You're running up our bandwidth costs, please email...'

I'd rate limit; quite severely, leaving it realistic for someone to check their email but not to download that night's film.

Edited Date: 2008-06-30 07:20 pm (UTC)

Our wifi is secured, and I suggest that yours should be as well. Although it is not very likely, in principle someone could use your wifi to do something illegal online, leaving you with the problem of proving that it wasn't you.

OK, the risk is small, but the consequences are dire.

OTOH, if you do something illegal, you now have plausible deniability.

I keep making this point.

It's probably even more valid with 42 days rules.

leaving you with the problem of proving that it wasn't you

English law still overwhelmingly works the other way around.

(S)

For now. Don't hold your breath!

I used to take the view that the worst that having an open wireless connection would get me is some difficult explaining, but with the flip-side of plausible deniability. However, now my commitment to the idea of free exchange of plentiful resources isn't strong enough to be willing to sit around in prison for 6 weeks until I get my chance to tell a judge my side of the story after there's "evidence" of my IP address coordinating a terrorist attack.

I suspect that you'd find that i) stopped the problem. Your neighbours are probably using it as their main connection and would stop if it was intermittent and get their own.

I'm confused - you are providing open access so that anyone can use it, and you're upset because someone's using it?

I think you need to be clearer here about what you're trying to achieve. Because if you start switching it off, you're no longer providing that open access. And I'm not sure that just talking to your neighbours is going to stop them. Seems to me there's only two reasons why a neighbour would use your signal (deliberately) - either so you pay for *all* their surfing or so that they can do all the surfing on your account that they don't want tracking back easily to their own, whether for reasons of legality, cost or whatever.

I'd go for (ii) if you're determined to leave it unsecured.

I presume he means allowing it for guests not anyone in the neighbourhood. I've been provided with a wireless key when staying with people but this could be hassle if you have lots of guests.

I want occasional users to be able to use it; I don't want someone in the neighbourhood to use it all the damn time rather than using their own.

I think you're being unrealistic, tbh. People will take as much as you allow them to, and then they'll try to take a bit more for good measure. If you don't want them downloading huge files, you'll have to stop them downloading huge files.

I have a WPA password on a bit of paper attached to the wall.

WEP[1], and what's the point?

[1] On this particular AP.

can you set the runeage so that the available bandwidth tends to zero as data transfered goes up?

you could set the numbers so that visitors are fine, but anyone using it for more than a polite period would find it getting slower and sssllloooooowwer

Just secure the damn thing. There are too many cretins out there who don't know how things like this work or don't care that they are stuffing things up for other people. If you want to allow your friends & guests to make use of it simply give them the appropriate key to get access when they're there.

I've generally found that it's impossible to get people's secured networks to work with my PDA when visiting, to the extend that I just pinch their neighbours wireless because it's easier.

Personally I prefer string: higher bandwidth, less drop-out, more reliable. "Here have a network cable" is a lot less hassle I've found. The only trouble is that small mobile devices don't have a network socket.

Hm. You could google for "Fscking wireless router. The effing thing is only this big, but you can only connect if you're less than foot away!", and buy it, and put it on the end of an ethernet, and hand it to mobile device users to keep on their lap :)

Rate-limit it for clients that don't provide authentication.

Open wireless is a good thing for a variety of reasons, practical and political ones among them, and you should arrange things so that you like the balance between the cost to you and the general benefit.

(S)

Secure your network and have an easy to enter password. My WPA key is massive, but I keep it on a USB stick for adding new devices. Juggzy just gave me her password to connect to her network.

When I'm at Ma's, I can sometimes get a very weak signal that's barely sufficient to get email, but I feel bad about using someone's unsecured network.

(deleted comment)

i have more problems connecting to WEP tbh.. i've never managed to get my ipod touch to understand a hex key.

I gave up on trying to get

1ngi's MacBook and the router to <agree to talk WEP to each other, and opened the access point with (under normal circumstances) MAC filtering to the machines which are known to be regular users. I figure that's probably about as secure as WEP these days anyway 8-). At some point I will get around to buying a modern router, honestly….

I second this recommendation. We did use MAC-address filtering (it was an easy option on our router) for a while, and gave up when it proved too much faff. We give out the shared key to anyone visiting who wants to use wireless, and most machines seem to then save it.

I think Bridget may have had some difficulty with her EEE.

Our main 'problem' is that my brother uses massive amounts of bandwidth, and needs occasional reminding to stay in the non-chargeable period. On the other hand, the ISP allowed us to set up a 'PAYG' option so if we go over our limit, they just charge us a bit more at not extortionate rates. And what he costs us occasionally in ISP, he more than makes up for in childminding and gardening.

I can't remember where you do the dhcp on your setup, but a variant of i) would be to only provide DHCP leases between 6pm and 7am (with 60-minute leases) and have a couple of addresses set aside in the range you can give people for statics. This is probably sufficiently awkward to deter the casual leecher.

Kill them.

Kill them all.

I'd be inclined to do iii) or iv). But if iii) isn't especially easy, and iv) doesn't yield results (or is too intimidating), you could do i) or ii) if you wanted.

I'm broadly in favour of leaving wireless access open, at least until the law trips even further towards "guilty until proven innocent". (Our own wireless network is secured, because that's

woodpijn's preference, and I don't feel that strongly about it.)

Open unlimited wireless when you're not even on a flat rate tariff seems setup for fail.

I'd either lock it down, or rate limit any traffic from unknown hosts to something really painful for anything more than a quick terminal session, 28k8 is probably about right.

my laptop has (had. I think I've stopped it) a slightly annoying tendency to try and connect to a neighbour's wireless when I'm in my bedroom - the more annoying because the neighbour's wireless doesn't appear to be attached to an internet connection. It's possible that they aren't doing it deliberately.

A friend of mine got a lot of gnutella-ish packets slowing his unsecured wireless, and changed the essid of the network to no-gnutella-please, which apparently solved the problem. I think it rather depends how much they know what they're doing, whether something simple like "oy, we've noticed, please don't" works, or not.

Matthew's Journal

Wireless use

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

October