Ask Slashdot: Best Way To Leave My Router Open? 520
generalhavok writes "I read the story on Slashdot earlier about the EFF encouraging people to leave their WiFi open to share the internet. I would like to do this! I don't mind sharing my connection and letting my neighbors check their email or browse the web. However, when I used to leave it open, I quickly found my limited bandwidth dissappearing, as my neighbors started using it heavily by streaming videos, downloading large files, and torrenting. What is an easy way I can share my internet, while enforcing some limits so there is enough bandwidth left for me? What about separating the neighbors from my internal home network? Can this be done with consumer-grade routers? If the average consumer wants to share, what's the easiest and safest way to do it?"
Think again (Score:5, Insightful)
Wasn't it just this week that we had the lovely account of someone getting the SWAT treatment [slashdot.org] just for leaving their router free and open?
Just be careful with that (Score:5, Insightful)
That said, I leave my wifi router open as well, but if you're going to do it you have to do it knowing the risks. Being accused of kiddie porn, for instance, is going to stick with you forever, regardless of guilt or innocence.
Better check your ISP TOS (Score:3, Insightful)
Your ISP may be none to happy when they find out you're sharing your connection, I'd double check their terms of service just in case.
Re:I do this all the time! (Score:5, Insightful)
Yes, and locks can be picked, so it's useless to use locks on doors too! (You aren't stupid enough to lock your door are you?)
I hate that argument. Even a weak lock is a lock which says "unauthorized not welcome." And MAC address filtering requires that someone knows what a MAC address is and how to change theirs. You have to admit, this is not "casual technical knowledge." True what you say, but that depends mostly on what demographic you are speaking about. If you are talking about your average Facebook/twitter/Youtube user on the net, you'd basically be wrong.
Re:I do this all the time! (Score:4, Insightful)
There is a whole world of difference between a pickable lock on a car door and security on a router:
Someone sits there spending 30 minutes by a car door. People eventually will notice and either drop a note to the local gendarmes, or approach the person with pointed questioning. Especially people know the owner of that car.
Someone parked in a car spending 30 minutes on a laptop or cellphone to crack open a WEP protected router, few would notice, much less care about the issue.
MAC address filtering also is a switch flippable by anyone on a router. Yes, it gives a speed bump, but use it for what it is designed for -- keep honest people honest (say after a LAN party, you turn it on to kick everyone off but your stuff before you change your key.)
I highly recommend using MAC address filtering as the icing on the cake, but if you don't use WPA2 (or if forced to, WPA), you are asking to be hacked.
Re:Two routers (Score:5, Insightful)
Those don't do anything. MACs can be found by outsiders not connected to your network despite how encrypted the network is. Hidden SSIDs aren't anything either. The same tools that will display the MACs will also show all hidden SSIDs within range.
Sure, they block the average user, but anyone who wants to get in will have no trouble at all.
Re:Two routers (Score:3, Insightful)
Here's the way we do it
We have an old router which is plugged into a spare port on our optical switch (fiber to the home), and has an open wireless G for anyone to use, configured to assign DHCP addresses from 192.168.200.x where x is 175-200, and with SSID of "All Connections Logged".
What good does it do to "log connections" if the MAC address can be spoofed?
What you need to watch out for is someone pulling up on the street, downloading mass child porn, and heading off into the sunset. The FBI will be well aware that you could be "spoofing" a MAC address yourself. You might not be convicted, but it sure as heck would be a major hassle - and what is the benefit again? Let the freeloaders buy some bandwidth themselves...
Re:Think again (Score:5, Insightful)
You, and the many other commenters who agree with you have it completely backwards. Your linked story is exactly why more people should open up their networks.
Fear of the police abusing their power is a terrible reason to avoid doing a perfectly legal action. Yes, it's more convenient, but if everybody goes along with the police abusing their power in that manner, it implicitly becomes acceptable. Providing internet to other people is not illegal, and not a good reason to get your door kicked in, and the police should know this. The consequence for the police not knowing this should NOT be more people cowering in fear. It should be that whoever is affected files suit against the police and the police are sanctioned for their actions.
Nobody wants to go through that, of course. But we should.
Re:Think again (Score:4, Insightful)
I agree with #3, just route all traffic through Tor.
If you have a Linux server, you could set up Squid to reduce web bandwidth usage. To reduce torrent bandwidth usage, you could also host an FTP server on one of your PCs, so they don't have to go out to the internet. But then that opens up a whole new legal can of worms.
Reminds me of a time when I worked at my school's I.T. department, and they were considering whether we should block pornography in the dorms because it was consuming a lot of bandwidth. My solution? Host our own porn server!
My proposal was rejected.
Re:Two routers (Score:5, Insightful)
and what is the benefit again?
Living in the kind of world where other people might do the same for you.
Comment removed (Score:5, Insightful)
Re:think again? u aint thunk yet (Score:4, Insightful)
I don't think you even have to go through the motions of a straw man arguments you made. Fact is small ISPs get pushed around by law enforcement all the time. I've work for some of the biggest and some of the smallest and it's a night a day difference how law enforcement treats you for the exact same thing. It's not uncommon for law enforcement to threaten to confiscate your data center because you dared to stand up for your legal rights. It's not uncommon for law enforcement to harass your employees or call the larger upstream providers and peers to talk about their theories. Small ISPs have been run out of business by Attorneys, Cops and Feds who knew nothing about technology but had a gut feeling something was off.
On the other hand working at a large ISP the Cops and Feds are practically at your beck and call. In exchange we processed their wiretap orders (usually dozens to hundreds daily.) And they better have had their paper work in order or we weren't going to do jack squat for them. They wanted to tangle we could lawyer them hard. The cops were going to burn a lot of OT pay in deposition, let alone the other legal fees we could create.
Star Bucks, McDonalds, Dunkin Donuts, etc, they don't worry about free WiFi. They're big companies.
The law is not about being right in either a legal or moral sense. It's about resources, connections and power.
Re:Think again (Score:5, Insightful)
...prove you are innocent...
I'm no longer so naive that I can't recognize the futility of saying "You can't prove a negative, and under our system of jurisprudence, the burden lays on them having to prove you are guilty, not you having to prove you are innocent"....but that's no longer true is it, if indeed it ever was. It makes me sad that we are falling into that.
My other point, if there's any to be made, is that if you allow your router to have open access for all, you can claim common carrier status and be exempt from the actions of your "users". Comcast doesn't get arrested for someone downloading kiddie porn using their network, why should you?
3rd point and this is the most important, is that there is an increasing digital divide between those who have and those who don't. If you are poor, out of work, etc, it's a lot easier to get a laptop than it is to get internet service. I don't want my bandwidth abused as I am a heavy downloader but I have WRT-DD installed and I'll be looking into segregating and rate limiting my wireless connection.
The older I get, the more I realize that it's going to be important for the good of all for people to start breaking free of the corporate binds. In the future, I can't help thinking that there might be some poor kid, with an old laptop, and having even a 5k connection (remember that?) might mean the difference between having a future and not having one.
So, do what you want, all of you but I'm the type of guy who runs tor on his laptop hooked to his iphone all night just to piss off ATT. Flooding our corporate overseers with lots of misleading info is one good way to hide yourself. There's a lot of good reasons to consider doing this but separate VLAN and rate limiting are mandatory first
Re:Think again (Score:5, Insightful)
People really need to stop changing their behavior out of fear, and start standing up like men again.
If you aren't willing to stand up for what is right, please go somewhere else. I rather liked America when it was the land of the free and independent.