Back to article
Foil Wireless Poachers and Have Fun Doing It (Part 1)
"I Could Encrypt It or I Could Have Fun"
January 22, 2007
A lot of folks have an unhealthily casual attitude towards securing their wireless networks. "Oh, it's nice to share" some say. Others think "I have nothing to interest a cracker, so why bother?" Both attitudes are inviting trouble. There is nothing to be gained from leaving your systems open to be used as warez, porn or mp3 servers, or Borged into a spam botnet. Or to find yourself struggling with slow network speeds because some freeloading hog is overloading your bandwidth.
It is nice to share, and it is wise to protect yourself. Smart network admins who really really want to share set up a separate subnet for sharing, securely wall off their LANs from whatever wandering moocher latches on to their signal, and throttle the bandwidth. Smarter admins, in this era of the MAFIAA, porn cops, and terrorists under every keyboard, don't share at all.
But those are the boring, old-fashioned methods. Today we're going to look at some ways of having a little fun with wireless freeloaders, and how to see who is doing what on your wireless LAN.
Peter Stevens, brilliant inventor of the Upside-Down-Ternet, kindly published the scripts he uses to torment wireless freeloaders. They invert images, turn images upside down, or re-direct moochers to Kittenwar.com, no matter what URL they try to access. You'll need iptables, Squid, Perl, DHCPD, and ImageMagick to make this brilliantly wicked scheme work.
Mr. Stevens' scripts are easily adaptable�you don't have to be an ace scripting guru to make simple modifications. If you don't like Kittenwar, substitute the IP address of a different site. Like this example that steers your freeloaders to Vegemite.com:
/sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 188.8.131.52
You'll want to use the source subnet and netmask that you have dedicated to sharing with freeloaders. Vegemite.com will educate visitors about this healthy, delightfully smelly, spreadable food thingy. The possibilities with this simple re-direct are endless. You could use your own custom Web page that delivers a warm, personal greeting, or send them to FBI.gov.
Messing with images on Web sites is more subtle, more evil, and more fun. Mr. Stevens shows how to use the
To make this work, you need to be running Squid as a transparent proxy. Then delete the Kittenwar iptables rule and replace it with a rule that directs poacher traffic to your Squid proxy:
/sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1
"/usr/bin/mogrify", "-swirl 30" "/usr/bin/mogrify", "-charcoal 10" "/usr/bin/mogrify", "-paint 10"
These are all beautiful and artistic, and will impress and amaze. These examples show the correct syntax to use in the
redirection script. To test
$ mogrify -swirl 30 [imagename]