Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Supplying wi-fi access for free

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    320

    Lightbulb Supplying wi-fi access for free

    Ok, here is the idea. My buddy lives in the appartments about 40 feet away from my back door. He has dial-up and I have DSL. I also happen to have a linksys wireless router. Now, I was thinkin about supplying him (and pretty much everyone who live in his appartment) wi-fi access through my DSL connection (some of his neighbors are really cool and have no internet). I realize that this is a security risk, but I am confident enough that I can supply network access without my local machines being compromised...

    I know that my connection could be used to launch an attack against other machines on the inet, and I don't really feal like being held responsible for some idiot's cheap fun. I was thinking...

    How can I supply inet (more specifically www) access w/o providing a platform to launch attacks ?

    I was thinkin of setting up a firewall to allow only port 80 access, but that doesn't solve the problem of application (or any higher than transport) layer attacks (SQL, cross-site scripting). Is there anything that can do scanning for this type of thing ? (Maybe an IDS/firewall type solution ?)

    Also, I know I may be in violation of my TOS, but I would really like to be kind...
    (although I was wondering. My TOS says - "computers on my local network".. So technically I could say that these people are on my 'local network')

    If there really is nothing I can do without protecting my own security... I guess the typical wireless security (to allow my buddy through) will have to do.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  2. #2
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    I have the same problem. I havent had time to really see what i can do with my router yet but I was thinking of something along these lines.
    a: Block access on the wifi side to only a specific list of mac addresses.
    b: set up a proxy on a server on the wired network side.
    c: Block direct access to the internet from the wireless network and force all connections to go throught the proxy.
    d: Of course log all activity on the proxy.
    e: Limit the times of day that they can connect. Everyone knows that computer geeks are like gremlins. If you let them on a computer after the sun goes down and there is a full moon then they change into evil, destructive monsters bent on world domination.

    Ok maybe the last point is a bit excessive but that is hwo far i got with it so far. If anyone else has anyother ideas I too would be interested to hear them.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Opening up port 80 wont do anything except allow him to view a webserver in the local host. The better option would be to install a proxy and then only open the port of the proxy. We a user calls a webpage, they access a higher port (3000ish). If you can limit traffic to one specific port (8080) it woudl be a little easier to lock things down. You could also look into wireless bridging. Get him an access point and set it to use your wireless router as a bridge, his traffic will then go from his access point to you router.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    You may want to look at implementing QoS too. You want to have the highest priority and give everyone else the extra. Nothing worse than not being able to use your own connection.

    You said you have a linksys wireless router. Do you have a wrt54g or wrt54gs? If so, look into the sveasoft firmware. http://wrt54g.thermoman.de/ You'll want the "freeman" version, take the latest build. 1.0.4 right now.

    They have a lot more features than the standard linksys firmware.

    You're a lot nicer than I am. I wouldn't be doing all that work just to let other people on. If they are that close, then they should be able to dish out the $ and get their own connection.

    I let my neighbor on ours, but she is an elderly woman who never uses it except to check email once and a while and bid on ebay items. I wouldn't be letting my whole neighborhood on. Mainly because I don't want to keep tabs on what everyone is doing. I don't want to get hauled into court trying to prove that I didn't do something and it was my neighbors that did it.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Very true, what happens if your buddy commits credit card fraud? I guess its a matter of trust and you wouldnt let this guy on your network unless you did trust him.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    Ok first off I would agree with the wireless security. If you put on mac filtering that would cut down the number of machines. With WEP the people might give out there wep info to friends and so on. If they want access they need to go threw you. This would be good because you would cut down the users by alot. Im wondering if maybe you firewalled everything that you could force the users to run threw a proxy. Im not sure if that would cut out the scanners at all but it would probibly stop some. Im thinking the network setup would be something like

    ===FIREWALL/PROXY BOX ==== WIRELESS ROUTER
    MODEM===SWITCH<
    ===YOUR ROUTER===YOUR LAN

    -This is breaking your TOS! for sure
    -This many users might put you over the bandwitdh usage and you might have to pay $1 per gig or something horribly exspencive
    -They might scan or even worse. kiddie porn!
    meh. -ech0.

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    ech0 has a good point. WEP/WPA, mac filtering, and let them come ask for access if they want it. You could do some viral marketing or something...

    I'd also look into IPSec for your own machines. Regardless of what you do with MAC filtering and encryption, you should keep anything on the network that you don't have direct control over from reaching your machines.

    This is an interesting concept. I've recently removed ALL my wireless devices, turned off encryption, shunted the AP into a VLAN (separate from the hardwired network) and changed my SSID to "Parasite.net" to let whomever needed it use it...kind of a personal social experiment. Haven't had any takers yet, according to my logs. I mean, if you wanted to be a nice guy and put a private telephone on a pole in front of your house with local calling only, how much liability could you incur? You're just trying to help others out by sharing your phone service, right?
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I mean, if you wanted to be a nice guy and put a private telephone on a pole in front of your house with local calling only, how much liability could you incur? You're just trying to help others out by sharing your phone service, right?
    I'm not sure about the laws and regulations that ISPs must follow... keeping logs for x amount of time, reporting users who violate X law or Y law, etc. But, by offering up your access point, you are becoming an ISP, right? Maybe not... webopedia defines it as
    Short for Internet Service Provider, a company that provides access to the Internet. For a monthly fee, the service provider gives you a software package, username, password and access phone number. Equipped with a modem, you can then log on to the Internet and browse the World Wide Web and USENET, and send and receive e-mail.
    Or, they also call them IAPs
    Short for Internet Access Provider, a company that provides access to the Internet. IAPs generally provide dial-up access through a modem and PPP connection, though companies that offer Internet access with other devices, such as cable modems or wireless connections, could also be considered IAPs.
    http://www.webopedia.com/TERM/I/ISP.html
    http://www.webopedia.com/TERM/I/IAP.html

    So, since you are not a company and you are not charging... does this make you an ISP/IAP?

    @ http://www.bitlaw.com/internet/isp.html , they call an ISP "Internet service providers (or "ISPs") provide Internet access service to customers in exchange for a fee." So, does this mean if you are not charging... then you are not liable? What if you just play the ignorence card? "I didn't know people could connect to my internet connection... I just bought it, plugged it in and it worked!"

    Either way... I'd still not offer access to a lot of people. I offer access to my neighbor to get her off the slow AOL connection since I've been doing maintenance on her PC anyway. It is in my interest to connect to my highspeed line next door for downloading updates, and etc.

    Also, check out this discussion about a business owner thinking about offering free wifi to its customers. Maybe find out how other businesses do it and what they have to do in order to offer free wifi. Coffee shops and whatnot often offer free wifi... I'd hope they've already researched this before they started giving out access.

    http://ask.slashdot.org/article.pl?s...&tid=187&tid=4
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    You guys bring up some good points. I don't think I want to allow everyone to go about the internet as they please, through my connection. Only those that I trust and know. (no friend of a friend crap here)
    Looks like it is gonna be proxied with IPtables firewall.
    MAC whitelist, WPA w/ tkip (maybe AES). And my cisco switch will be segregating the home lab network from everything else with a VLAN. (maybe another firewall, just in case)
    thanks guys

    /edit I still kind of want to try this out just as an experiment, to see if it could work w/o liability issues... might try it for a week or two... see how it goes /edit
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  10. #10
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    Thanks guys,
    That more or less answers my questions as well. Brought up some very good points i didn't consider.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •