Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
Dan Farrell wrote: On Wed, 10 Oct 2007 18:07:19 -0600 Ted Ozolins [EMAIL PROTECTED] wrote: In Canada you can download/upload all the music you want legally,( we've paid for it ten times over via a levy against all recording media) huh? would you do just a little elaborating? In Canada there is a levy/tax on all blank media (CD's, DVD's, it may be extended to flash media and ipods in the near future). This money is then distributed to artists to compensate them for money lost due to copying of their music under the Private Copying provision of the Copyright Act. There have been a number of court rulings that strongly indicate uploading/downloading of music in Canada falls under this provision, although to my knowledge there has not been a direct challenge of this fact as of yet (I suspect mostly because the CRIA knows they would lose). More info: http://en.wikipedia.org/wiki/Private_copying_levy#Canada http://www.michaelgeist.ca/content/view/2238/125/ http://laws.justice.gc.ca/en/showdoc/cs/C-42/bo-ga:l_VIII//en#anchorbo-ga:l_VIII (NOTE: This last link is to the Private Copying section of the Copyright Act) Ophi -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
Hello Albert Hopkins, Search Google for if someone uses your property to commit a crime and, somewhat surprisingly, the first hit you get is this: http://www.techdirt.com/articles/20060320/1636238.shtml As it says, you could be arrested. you may not be charged, but your arrest would be on record. that wouldn't be so bad if someone had used your network to download music, but what about kiddie porn, or visiting al-Quaeda related web sites? Once you get into that area, all pretense of presumption of innocence and reasonable doubt goes out of the window. If you can't prove conclusively that it wasn't you, you will end up on a watch list. Maybe you still end up on it if you can prove it wasn't you. -- Neil Bothwick One-seventh of your life is spent on Monday. signature.asc Description: PGP signature
[gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
I have my WiFi network on a hostapd controlled 10.10.10.* range and my wired LAN on a 192.168.1.* range. I try to be a nice guy and leave the WiFi 'open' (no WEP) as it's segregated and I use some proper shorewall rules to route things nicely for my various privileged devices. Also, some WiFi devices I have just don't support WEP, and it's a real hassle to get others working with WEP. I don't mind the occasional person jumping on to check movie times or traffic or get email or whatever. I think bandwidth should be free for everyone and it is sure a life saver when you need to quickly get online for something. Anyways, sometimes I have stupid neighbors who don't quite get it and will just blindly let their computers connect to my WAP. UGH! They sit on it for hours and days and generally piss me off. How can I boot someone off my network? I usually add them to my shorewall blacklist file, and then: /etc/init.d/dhcp restart /etc/init.d/shorewall restart But I still see them on there it seems. http://daevid.com/examples/dhcp (essentially it's doing an 'arp -n' and then I parse that info and make it pretty) daevid dhcp # arp -n Address HWtype HWaddress Flags Mask Iface 10.10.10.7 ether 00:06:25:12:4A:D8 C wlan0 10.10.10.27 ether 00:19:7E:C5:02:AB C wlan0 67.168.160.1 ether 00:01:5C:23:D7:02 C eth0 10.10.10.69 ether 00:02:6F:21:DF:5C C wlan0 192.168.1.18 ether 00:0C:F1:A8:F7:F3 C eth1 I googled and found this little nugget that I thought would work: http://www.linuxforums.org/forum/linux-newbie/5752-dhcpd-iptables-deny-m ac-addresses.html # iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP But I still see this squatter. And I can feel my network being sluggish as they're probably downloading a lot of stuff. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
On Wed, 2007-10-10 at 10:10 +0200, Alan McKinnon wrote: On Wednesday 10 October 2007, Daevid Vincent wrote: Anyways, sometimes I have stupid neighbors who don't quite get it and will just blindly let their computers connect to my WAP. UGH! They sit on it for hours and days and generally piss me off. How can I boot someone off my network? I usually add them to my shorewall blacklist file, and then: You run dhcp? Just exclude that MAC address from getting a lease. No IP address = no route = problem solved For a second level of teach-them-a-lessonness, iptables has a 'mac' extension. Use that to match the MAC address and DROP all patches in your outgoing firewall FORWARD chain Better yet.. redirect them to a (random) page that shows everything about cats. I read this one from google. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
On Wednesday 10 October 2007, Daevid Vincent wrote: Anyways, sometimes I have stupid neighbors who don't quite get it and will just blindly let their computers connect to my WAP. UGH! They sit on it for hours and days and generally piss me off. How can I boot someone off my network? I usually add them to my shorewall blacklist file, and then: You run dhcp? Just exclude that MAC address from getting a lease. No IP address = no route = problem solved For a second level of teach-them-a-lessonness, iptables has a 'mac' extension. Use that to match the MAC address and DROP all patches in your outgoing firewall FORWARD chain alan -- Optimists say the glass is half full, Pessimists say the glass is half empty, Developers say wtf is the glass twice as big as it needs to be? Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
Your iptables rule is almost ok, if I were you i'd do something like this: iptables -t nat -A PREROUTING -m mac --mac-source 00:19:7E:C5:02:AB -j DROP and iptables -A INPUT -m mac --mac-source 00:19:7E:C5:02:AB -j DROP That should do the job Daevid Vincent pisze: I have my WiFi network on a hostapd controlled 10.10.10.* range and my wired LAN on a 192.168.1.* range. I try to be a nice guy and leave the WiFi 'open' (no WEP) as it's segregated and I use some proper shorewall rules to route things nicely for my various privileged devices. Also, some WiFi devices I have just don't support WEP, and it's a real hassle to get others working with WEP. I don't mind the occasional person jumping on to check movie times or traffic or get email or whatever. I think bandwidth should be free for everyone and it is sure a life saver when you need to quickly get online for something. Anyways, sometimes I have stupid neighbors who don't quite get it and will just blindly let their computers connect to my WAP. UGH! They sit on it for hours and days and generally piss me off. How can I boot someone off my network? I usually add them to my shorewall blacklist file, and then: /etc/init.d/dhcp restart /etc/init.d/shorewall restart But I still see them on there it seems. http://daevid.com/examples/dhcp (essentially it's doing an 'arp -n' and then I parse that info and make it pretty) daevid dhcp # arp -n Address HWtype HWaddress Flags Mask Iface 10.10.10.7 ether 00:06:25:12:4A:D8 C wlan0 10.10.10.27 ether 00:19:7E:C5:02:AB C wlan0 67.168.160.1 ether 00:01:5C:23:D7:02 C eth0 10.10.10.69 ether 00:02:6F:21:DF:5C C wlan0 192.168.1.18 ether 00:0C:F1:A8:F7:F3 C eth1 I googled and found this little nugget that I thought would work: http://www.linuxforums.org/forum/linux-newbie/5752-dhcpd-iptables-deny-m ac-addresses.html # iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP But I still see this squatter. And I can feel my network being sluggish as they're probably downloading a lot of stuff. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
On Wednesday 10 October 2007, Ow Mun Heng wrote: On Wed, 2007-10-10 at 10:10 +0200, Alan McKinnon wrote: On Wednesday 10 October 2007, Daevid Vincent wrote: Anyways, sometimes I have stupid neighbors who don't quite get it and will just blindly let their computers connect to my WAP. UGH! They sit on it for hours and days and generally piss me off. How can I boot someone off my network? I usually add them to my shorewall blacklist file, and then: You run dhcp? Just exclude that MAC address from getting a lease. No IP address = no route = problem solved For a second level of teach-them-a-lessonness, iptables has a 'mac' extension. Use that to match the MAC address and DROP all patches in your outgoing firewall FORWARD chain Better yet.. redirect them to a (random) page that shows everything about cats. I read this one from google. Since you mention Google, I remember reading about a NASA style AP authentication which may be of interest to the OP: Essentially you run a web server with SSL authentication so that only users who authenticate with user name/passwd that you have provided, are issued with an IP address by your dhcp server. In this way you can control who's using your bandwidth; what they use it for; e.g. only mail; or mail http; etc. If you are interested in providing this as a service then you issue usernames/passwds to applicants via email. Additionally, you can run QoS and throttle http, or bitorrent (ab)users, a proxy caching server, and what not. PS. Where I live I have to pay for bandwidth (although where I currently work I don't). So your concept of offering bandwidth for free seems somewhat strange to me. Furthermore, I would be concerned what different people may be using the Internet for and what trouble I could get into, for being the registered owner of the particular public IP address. That said, I would looove being your neighbor! :) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
RE: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
-Original Message- I was wondering what would happen if someone downloaded some music illegally or some child porn? How would you prove it was them and not you? Being a good neighbor is nice but you need to be careful for sure. Dunno. I suppose I'd show some logs from the DHCPd server or HostAPd or something that showed the MAC addresses used at that particular time of the infraction? How do Coffee shops handle that? They have open WiFi -- many of them (here in Seattle at least), you can just jump on from anywhere. Hell there are about 12 WAP right here in my building that I can see and several are not WEP or WPA. When our network goes down, sometimes I just jump on them. :) Besides, most sites that actually LET you download these days require some sort of login anyways. So that hypothetical person in your scenario would have that on their computer, whereas I would not. ;-p I don't really think about it too much. I've thought about setting up a hotel page type system, but it's just one more thing I don't have time to futz with. If push came to shove, I'd just start blacklisting ALL MAC's (or I should say whitelisting *my* MACs actually). I'd really like to be part of a mesh, but where I live I'm in the middle of suburbia. D.Vin http://daevid.com (check out the free code section!) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
Dale wrote: Mick wrote: PS. Where I live I have to pay for bandwidth (although where I currently work I don't). So your concept of offering bandwidth for free seems somewhat strange to me. Furthermore, I would be concerned what different people may be using the Internet for and what trouble I could get into, for being the registered owner of the particular public IP address. That said, I would looove being your neighbor! :) I was wondering what would happen if someone downloaded some music illegally or some child porn? How would you prove it was them and not you? Being a good neighbor is nice but you need to be careful for sure. Just a thought. Dale :-) :-) :-) It all depends in what country you live in. In Canada you can download/upload all the music you want legally,( we've paid for it ten times over via a levy against all recording media) as for illegal material, if its not on your computer, its not in your possession. Cheers. Ted Ozolins (VE7TVO) Cranbrook, BC -- [EMAIL PROTECTED] mailing list
RE: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
On Wed, 2007-10-10 at 16:50 -0700, Daevid Vincent wrote: -Original Message- I was wondering what would happen if someone downloaded some music illegally or some child porn? How would you prove it was them and not you? Being a good neighbor is nice but you need to be careful for sure. Search Google for if someone uses your property to commit a crime and, somewhat surprisingly, the first hit you get is this: http://www.techdirt.com/articles/20060320/1636238.shtml -- Albert W. Hopkins -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
On Wed, 10 Oct 2007 18:07:19 -0600 Ted Ozolins [EMAIL PROTECTED] wrote: In Canada you can download/upload all the music you want legally,( we've paid for it ten times over via a levy against all recording media) huh? would you do just a little elaborating? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: how do I kick a MAC address off my hostapd WiFi network?
On Wed, 10 Oct 2007 16:50:30 -0700 Daevid Vincent [EMAIL PROTECTED] wrote: I've thought about setting up a hotel page type system, but it's just one more thing I don't have time to futz with. If push came to shove, I'd just start blacklisting ALL MAC's (or I should say whitelisting *my* MACs actually). I'd really like to be part of a mesh, but where I live I'm in the middle of suburbia. MAC addresses can be spoofed, and, i've been convinced, sniffed out very easily. MAC address filterning isn't safe, but does make sure anyone abusing your net the way we're talking about here uses your mac addresses and not their own. on the other hand, you could make them digitally agree to a user agreement and I bet that would go a long way in court. I've been wondering about this too. I'm trying to think of a way to integrate a webpage with server routing and such. -- [EMAIL PROTECTED] mailing list
