Jump to content
The mkiv Supra Owners Club

Bandwidth theft


JohnA

Recommended Posts

I hadn't realised how widespread this was, although I've always suspected it.

 

I live in a quiet area, not tightly populated, with pensioners as neighbours mainly - so I thought that bandwidth theft via the wireless would be unlikely, and easy to spot if it happens. Hence I had no encryption on the hub, slowing things down.

 

Now I live near the train station, so it is normal to have the odd car parked outside with the driver sitting in, waiting for someone to pickup, especially late evenings. Paranoid fellar I am, but even I didn't think that these people could be part of a country-wide network where they share addresses of people with unencrypted wireless networks and sit parked outside doing all their mega-gigabyte downloads AT YOUR EXPENSE:no:

 

But that was happening indeed.

 

There is a whole underworld of free-loaders out there, and with capped download limits becoming the norm, they all want to squeeze someone else's connection for their stupid videos, or whatever else they can't download at home.

 

I wouldn't have a problem with the odd person browsing while waiting in the car --- I think that's healthy and I could have the same perk while waiting outside someone else's place.

 

But what these people are doing is outright theft --- they come equipped with laptops ready to do full-blown heavy downloads that their own ISP won't allow.:whip:

 

I had seen some stray chalk marks on the pavement some months ago, thought nothing of it. It might have been related.

 

64-bit encryption now, let's see how they like them apples:devil:

If they break it (unlikely) I'll go for 128-bit (slows things down a bit, so best avoided if possible...)

Link to comment
Share on other sites

Cheeky bast***s! Id go out while they are out there and offer them a brew as well as the use of your internet, while they wait for the police to arrive. Or even better, the night before, attach a large chain to a near by lampost, then when they arrive, sneak out and attach it to their exhaust, chassis etc. Go back in and wait for the them to connect, then calmly walk out, and repeat the offer of the brew. Watch and roll on the floor laughing as they the back end of their car to shit. That would teach em.

Link to comment
Share on other sites

You seriously think somebody is going to sit in their car for hours on end outside your house downloading stuff? Seems unlikely to me.

I don't think. I know.

It's very quiet here, and you can hear a car door closing blocks away, let alone a car parking. These people park outside pretending to be waiting for a commuter, but they never pickup anyone, they stay in the car all along with the lights off. For hours.

I had wondered many times in the past why the throughput was suddenly down to a trickle, even though none of us was using it, and come to think of it, it's always been while a 'dodgy' car was parked outside.

 

I just read about someone successfully sueing for £500 in a similar case, and suddenly everything fit like a dream.:idea:

 

Do you have a download cap?

Yes, if you look closely on on the 'terms & conditions' everybody has a cap, even if it's not spelled out. (implied cap via a 'reasonable' or 'normal' clause)

Mine is monthly (30gb/month, I pay extra for this, normally it was 2-3gb/month). With the girlfriend downloading 1 gig/day it's an issue, yes:looney:

Does it cost you extra if you go over it? Have you ever gone over it?

typically ISPs bring you down to dialup transfer rates until the end of the month.

If you're paying for broadband, this is not funny.

Link to comment
Share on other sites

Out of interest how do you do it ???

I have a Belkin card in my laptop so how would you find over wireless connections (I am asking purely out of interest) :D:

 

Go through the card's software and look for available networks. Then leech.

 

What I read now is that they go around with scanners and get the connection details for every postcode they can get, then share them via internet groups.

It makes sense, and I wouldn't mind sharing bandwidth with strangers if it could get the same treatment in other parts of the the UK, if I needed to.

 

But what these people are doing is downright theft. They're not browsing, they are downloading massively all the time, if you feel your 2Mbit service slow to a trickle ----> this is not browsing matey.

(You can see your own throughput in realtime via freeware like net.medic)

 

Then you hear the car drive away and your connection is full blast again.

Hellooooo?

I had not made the "connection" until now, lol....

Link to comment
Share on other sites

The other way of preventing this is by setting your router to not dish out IP addresses DHCP and just use fixed IPs on an uncommon range like 192.168.6.0

They'd have to work out your IP range before being able to connect and are more likely to get bored and move on.

 

If your router has a firewall you can also block all traffic other than that from your specific internal IP addresses.

Link to comment
Share on other sites

netstumbler & a gps device is the tool of choice for this sort of thing :)

 

Seriously, turn on encryption. Forget WEP, use WPA or if you can WPA2 (AES encryption). It's done in hardware so I should expect the slowdown to be neglegible and certainly still leave you well above the maximum throughput you could ever expect from your ISP.

Link to comment
Share on other sites

Hacking something to get a freebie has been going on for decades now....

 

Do you have a Firewall on your PC ? WHY ?

Do you lock/alarm your car ? WHY ?

Do you leave your home secure when you are out ? WHY ?

 

WHY = Control of access

 

Then why haven't you secured this entry point into your "private world" ?

 

No control/protection in any area above will always leave you out of pocket!

 

- It just makes matters worse £££'s when you have a volume based tariff from your ISP.

 

Yes, it is theft in my book but, if the owner does not take appropriate measures to secure their own property/services/Connections.......

 

Would your insurance pay out for your car if you left the door open and the keys in the the ignition ? No - so, why leave the door open to your ISP conneciton ?

 

I'm sorry if I offend you John, it's not my intention but, when it comes to security, it's a black and white subject to me.

Link to comment
Share on other sites

The other way of preventing this is by setting your router to not dish out IP addresses DHCP and just use fixed IPs on an uncommon range like 192.168.6.0

They'd have to work out your IP range before being able to connect and are more likely to get bored and move on.

 

If your router has a firewall you can also block all traffic other than that from your specific internal IP addresses.

 

Just set your router to restrict access to the MAC addresses of your PC(s).

Link to comment
Share on other sites

..I'm sorry if I offend you John, it's not my intention but, when it comes to security, it's a black and white subject to me.

I'm not sure you've read my first post Peter.

 

I chose to leave it unencrypted from day one. I couldn't get the router to talk to the cards with encryption, so I said "sod this, who's gonna leech my bandwidth out here anyway?"

I have explicit IP addresses internally, so nobody got access to my PCs

 

Turns out that I was wrong in 'bandwidth sharing' though:badidea:

It wasn't neighbours but people driving here just for this purpose (how sad...)

It's on a hill so even my garden doesn't get a decent signal, there is a handful of houses that could potentially get a signal, and their occupants are unlikely to even program a video recorder successfully:p

 

Now I've spent half an hour and made encryption work, no big deal. It's just a whole underworld of "bandwidth bandits" that I knew nothing about, that's what prompted this thread.

Link to comment
Share on other sites

128 bit with MAC access control here and no noticable performance loss despite running 3 machines on the connection 24/7, I do have "Turbo Mode" switched on though ;)

 

I must admit to borrowing a bit of bandwidth on my PDA once in a while but normally I can only pick up the commercial stuff where you need to have an account and willing to pay £6 for an hour.

Link to comment
Share on other sites

This is all very common, bluejacking, orinocco cards on the old palms and even psion organisers. It's been going on years. In actual fact, some companies set up honey-traps precisely to watch of this sort of thing.

 

There are two schools of thought on this, in my network security role we offer a number of services for combating this for personal and corporate users. The one I like best is the honeypot trap....

 

A minor restriction on the network which prevents anyone accidentally stumbling accross it, anyone that gets past that is then detirmined, then we have fake folder alias', local cached sites (such as google) which makes it look like they are achieving something. Then we log every movement, as much information as we can get (mac addresses, cookies from cookie traps to see where else they are visiting, cached usernames etc) and after 4 minutes the mac address of the node is added to the block list and all logs are emailed. It's pretty effective and fairly easy to set up with the right equipment.

 

In my experience, if you concentrate on preventing any access you a) feel TOO secure and miss easy things, and b) present more of a challenge to somebody intent on gaining access.

 

If anyone requires more info, I'm happy to release some of our company whitepapers and commissioning documents.

Link to comment
Share on other sites

I just did this this morning while checking out my poor performance issues. I'd advise this (you can spoof a MAC address but if they manage to guess your MAC correctly.... they're bloody good)

 

No need to guess, most machines will happily tell you their mac if you ask. Most routers also still have default passwords applied so with any list you can normally get access to see the allowed addresses.

 

As stated above, I'm happy to provide some tips and pointers to people FOC if required.

 

Lewis

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.