0

If your neighbour was borrowing your wireless Internet connection, without your permission, and you wanted to teach them a lesson, what would you do? Pete decided to have some fun with a fairly simple Squid proxy and turned their online life upside down.

Literally.

What Pete did was split the network into two parts: trusted and not trusted, each with a different netblock. Using the DHCP server to identify mac addresses and hand out the relevant addresses accordingly. Initially he used iptables to redirect all unauthorised traffic to Kittenwar but that really is not fun enough, or at least was not fun enough for Pete. Oh no, he had a much better plan.

By setting iptables to forward everything to a transparent Squid proxy running on port 80, and using a trivial redirector to download all images and then apply Mogrify from ImageMagick to turn them upside down and serve them out of the local webserver, he literally turned the Internet upside down for any intruder hijacking his connectivity. Using various Mogrify commands, Pete also served up a flipped version with all text running backwards, and even a blurry web, which should have all hijackers worrying about their eyesight. Visit the page linked to above for some images of exactly what Pete served up to his victims; it will bring a little pleasure into your life today!

Of course, while this is all highly amusing, considering the chap has enough technical clout to be able to go to such extravagant lengths one cannot help wondering why he did not simply properly secure the damn network in the first place. Please note the used of the word properly, which implies that I am not suggesting you bother with WEP, which might keep the total newbie WiFi tourist out but is as much use as a chocolate teapot in the real world of WiFi security.

If you have a fairly new, fairly decent spec router from a fairly security conscious provider then the chances are it will support some flavour of WPA, preferably WPA-PSK (TKIP, AES) or better, so why not use it? A lot of the time I find that outside of the corporate world where someone is paid to deal with such things, home users are either still reeling from early experiences where they got burned by the complexity of setting up a working WEP arrangement (and the fault lays firmly at the door of the router manufacturers for poorly implemented configuration processes backed up by equally poor documentation) or just do not appreciate the risks of not securing their network.

Having written about domestic WiFi security for many years now, and being far from the only journalist so doing, I have to admit that one can only come to the conclusion that as with data backup, people assume the will not happen to me position until it does, by which time it is too late. Aside from being paid to go and slap every purchaser of a wireless router until they configure adequate security, or maybe better yet slap the router manufacturers until they ship kit with adequate security configured on by default, I am at a loss as to how to solve this problem. Which is a shame, as it is going to get a lot worse as wireless becomes the de facto Internet access method in our homes, and increasingly we move our personal and financial existence online...

4
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by PoppyViolet
0

is wep really that bad?

i have to use it as my pocketpc / cheapo made in china wifi card dont do wpa.

I do compliment this with a mac adress filter and hide the ssid though.

Its still kinda worrying tho as i use goddamn xp home (grrrrrr) which wont even let u put passwords on shares - win98 even lets u do that

0

Yes, I truly believe WEP is that bad. Better than no security at all, but only just.

As I say, it will keep the clueless accidental network tourist away, but not anyone who knows what they are doing or can use Google to read the instructions of someone who does.

0

Now that was a very funny blog post :cheesy:

Everyone should visit the link and see what that chap did, it really is very funny indeed. I wish I was tech savvy enough to do similar, although I would hope that my wireless network is secured sufficiently so as not to need it anyway. Hubby nods whenever I ask about such things, and he is in the IT security business so I am hoping he is right.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.