Wednesday, July 16, 2008

Coffee Shop Warfare

It seems like I can't go to a coffee shop, conference center, or bar these days without some jackass on the network abusing the bandwidth. Running MMO games, BitTorrent, gnutella, or even just a large FTP/HTTP download will saturate the wireless access point, let alone the modest DSL line it's connected to, rendering it unusable for the other patrons there. This is just plain rude. And since the barrista can make a mean caramel cappucino, but doesn't have the ability to blacklist your MAC on the AP (which I realize isn't a very effective control, but hey - maybe you'd get the message then?), we're all stuck to suffer.

And I wouldn't do anything hostile on a public network. But in the name of network self-defense, there are a couple of tools you might want to take with you to the coffee shop next time.

  • Wireshark - The quickest, easiest way to identify the abuser's MAC/IP is with a sniffer like Wireshark, tcpdump, or iptraf.

  • Snort - Snort with flexresp2 enabled, bound to your wireless interface, and the p2p.rules set enabled and modified with "resp:reset_both,icmp_host" is an effective deterrent for people using P2P file-sharing software.

  • Ettercap - More severe than Snort, you can use Ettercap to perform ARP poisoning and essentially blackhole the client(s) of your choice by MAC address. You could also use this tool to sniff unencrypted traffic between clients and the AP (and points beyond). But you wouldn't do this. It would be uncivilized, and possibly illegal.

There are lots of other wireless tools out there that have some application here, but many of them either go to far to be civil (Void11) or legal (Hotspotter), so I don't recommend them. For that matter, what I do recommend is getting your own EVDO card. Then you don't have to put up with rude WiFi users in the first place.

No comments: