Someone using my open wifi

Discussion in 'Community Discussion' started by jared_kipe, Feb 18, 2006.

  1. jared_kipe macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #1
    I just discovered someone was using my wifi, that I opened for a friend who was having a problem with WPA. I don't want to be malicious to him, but I want to send him a message about what he's doing, and maybe see if he wants to keep using my bandwidth (maybe for a fee). Is there any way on my macs to get his email address or AIM or something. Like a Man in the Middle attack, but only using osx?

    Or some other way to track him down?
     
  2. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #2
    Does your router show a list of DHCP clients? MAC addresses?
     
  3. joshysquashy macrumors 6502a

    Joined:
    May 13, 2005
    Location:
    UK
    #3
    he probably lives nearby, so knock on a few doors?!
     
  4. unixfool macrumors 6502a

    Joined:
    Jan 21, 2006
    Location:
    Northern VA
    #4
    Knocking on doors is the better way, IMO. Also, either close the WAP or secure it in a better way that it currently is (MAC address authentication may cover that).

    Hacking someone with the intent of sending them a message most likely isn't lawful in itself, nevermind the fact that he's using your open WAP in an unauthorized manner.
     
  5. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
  6. jared_kipe thread starter macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #6
    oh yeah, I have his IP and MAC obviously. Secondly I don't know what doors to knock on. The computer is a name which doesn't appear on any of my apartment's current resident list.

    Secondly, I legally OWN this network. So I don't see how it would be legally questionable for me to send him a message. And I don't mean send him a message like is in the Godfather sense. ;)

    Oh and I plan on securing it once I get in touch with him. I plan on either giving him the WPA password or not.
     
  7. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #7
    So your going to track them down, just so you can give them your password?

    Just close up your network and call it a day.
     
  8. jared_kipe thread starter macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #8
    Not only does he/she show up on my DHCP table he/she has the coveted ip address 192.168.1.101

    I'm using a Linksys WRT 54GS with current firmware.

    Thats no fun at all. And not exactly helpful.
     
  9. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #9
    I don't see the complication, block the MAC address. Job done.
     
  10. jared_kipe thread starter macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #10
    Oh wow, this has been super helpful. :rolleyes:

    For one thing blocking MAC address wouldn't be anwhere near as useful and WPA. They could always use a router, or spoof their MAC address.
     
  11. Koodauw macrumors 68040

    Koodauw

    Joined:
    Nov 17, 2003
    Location:
    Madison
  12. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #12
    Why do you want to know who it is?

    If it bothers you that someone is using your internet, enable WPA, and create a closed network.

    OR...

    If it doesn't bother you, just leave him/her alone.
     
  13. Marky_Mark macrumors 6502a

    Marky_Mark

    Joined:
    Sep 30, 2005
    Location:
    UK
    #13
    It's more likely to be opportunist bandwidth theft. Block the MAC address and see if that gets circumvented. If that happens, set up your router to only grant access to specific MACs and add your friend to the list. All others will be refused a connection.

    I'm sure more technical members will tell me there are a dozen ways to get around this too, but, I'm sure it is just opportunist and it's happening simply because there are no restrictions whatsoever at the moment.
     
  14. greatdevourer macrumors 68000

    Joined:
    Aug 5, 2005
    #14
    I didn't know there was an option to block only certain MACs (partly because it's utterly pointless). Also, on the subject of spoofing MACs, while it's a doddle for wired interfaces, spoofing on wireless is very hard and requires kernel modding and constant reboots (and that's even if there's a way of doing it for your chipset - the Broadcom in the APE was only done a short while ago, and it was very messy
     
  15. unixfool macrumors 6502a

    Joined:
    Jan 21, 2006
    Location:
    Northern VA
    #15
    I really don't mean to be rude here, but even if you own the access point, that does NOT give you the lawful right to crack his machine. What I offered earlier is considered wise advice. I once heard via my work connections that someone had logged into someone's machine that had been trojaned and was spamming IRC channels. That someone logged into that machine to clean the trojan. While his intentions were good, he got sued later on.

    In your case, I don't think that the "its my WAP" argument will cut it in court (not that I'm a lawyer, but I AM an IT security professional).

    You want your cake and you want to eat it. Be my guest but when you get into legal trouble, I don't think your excuse is going to fly.
     
  16. jared_kipe thread starter macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #16
    Thanks, it didn't find any Samba Shares though.

    EDIT: Is there maybe some way to make it so all html requests go directly to a website I set up that tells him to email me?
     
  17. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #17
    Just block him. It's some stranger. If he's doing something illegal (piracy, kiddie porn, whatever) then guess who the FBI will trace it back to...yep, that's right. You. I wouldn't give ANYONE access to my WiFi network unless I personally knew them.
     
  18. jared_kipe thread starter macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #18
    People get off file sharing suits all the time by saying they have an unprotected wireless network and that someone else must have done it. It must be true I heard it on the computer internet.

    EDIT: Looked up his MAC address and found the manufacturer is Intel, so its probably a centrino notebook. I'll try the smb thing again later, and told my router to keep logs.
     
  19. unixfool macrumors 6502a

    Joined:
    Jan 21, 2006
    Location:
    Northern VA
    #19
    Ignorance of facts don't mean you can't be held liable. "I didn't know the gun was loaded" comes to mind.

    If you've got an open AP, expect leechers to leech. I doubt they'll jump on your offering of services for a fee either.

    Also, this could be someone who may not have their internet settings set up correctly. Whenever I boot up my laptop, the first thing it does is connect to my neighbor's open AP (who happens to be my sister and brother-in-law).

    FYI, you can usually have an open AP and still be able to only service a few IPs. You should be able to tell your IP to only serve X amount of IPs, but this will depend on what make and model AP you have. I have mine set at 5. My particular AP also blocks given IPs.

    Contacting the person by SMB may or may not work either, as that person might be savvy enough to know how to turn off netbios and SMB sharing, if he even has a Windows machine. It could be a non-Windows OS on his machine. You can find out alot of what he's doing and what he's using if you sniff your AP's traffic (tcpdump via commandline can do this).
     
  20. climhazzard85 macrumors member

    climhazzard85

    Joined:
    Dec 28, 2005
    #20
    Is there not some way to make it so when the guy stealing the bandwidth attempts to load a webpage, it redirects to a specified file, that'd be an easier way to give him a message.
     
  21. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #21
    Give me your static, then allow and direct full access to the DHCP address he's using through your router. I'll do the rest. :)
    Actually, WPA will work for most people using casual access. The odds he/she is even ABLE to crack the security is remote.
    Go down the good path, not my scorched-earth method. :)
     
  22. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #22
    I'm not sure if the WRT54GS works like my WRT54G did, and I forget how the WRT54G worked before I installed the hacked firmware on it, but I believe you can set specific MAC addresses to allow as opposed to (or in addition to?) ones to forbid.

    So only allow MAC addresses of devices you know.

    If s/he hacks that, which is non-trivial (but possible), then go to straight to authentication and don't pass go - they're not being a good citizen.

    You could alter your network name to something indicating to call/see you for access... but that'd be a long name.... ;)
     
  23. 2nyRiggz macrumors 603

    2nyRiggz

    Joined:
    Aug 20, 2005
    Location:
    Thank you Jah...I'm so Blessed
    #23
    ^Yes indeed. exactly like that....lock up your network.


    Bless
     
  24. greatdevourer macrumors 68000

    Joined:
    Aug 5, 2005
    #24
    No, but there is a linux prog called airpwn (I think) which allows you to do that to other comps on a network
     
  25. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #25
    Have no idea how to implement it, but assuming the leecher is using DHCP, then they are probably using the nameservers provided by the router.

    So, set up your own name server, change the router to use your 'fake' nameserver (while you in turn have set your own machine(s) manually to use your ISP's)

    Then use your fake Nameserver to direct all Web addresses to a single webpage you setup that says "You be leeching MY network, fool! Pay Up."
     

Share This Page