[PLUG] can't login to my ar410w router

Russell Senior russell at personaltelco.net
Thu Dec 16 18:55:47 UTC 2010 

>>>>> "wes" == wes  <plug at the-wes.com> writes:

Russell> With a few precautions, sharing is safe.  With a few
Russell> facilities, abuse can be effectively dissuaded.  With those
Russell> two things covered, that just leaves the gift-culture spirit.

wes> is there a guide to these precautions and facilities somewhere?

Not as a literal guide.  They are kind of built in to the way we build
our router configurations.  Generally speaking: isolate
sensitive/vulnerable computers from the public; monitor usage somehow
(munin/cacti/nagios,etc); have tools like tcpdump, iftop (or similar),
iptables available on the gateway router so that abusers can be
identified and interdicted.

I have a favorite one-liner for detecting bit-torrenters:

  tcpdump -n -i $iface 'tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack == 0 and not src and dst net 127.0.0.0/8'

where $iface is the interface on which the public client's traffic arrives.

That basically looks for new TCP connections.  Bittorrent spews TCP
connections like crazy, dozens a second, to random high-numbered
ports, on random hosts.  Then, with the IP address of the abuser, you
get their macaddress from the DCHP leases or ARP table and you nuke
them with something like:

  iptables -v -I FORWARD -m mac --mac-source $macaddr -j REJECT

In our experience, people who are connecting to an open wifi network
are extremely happy to have access to tubes.  Withdrawing that access
has a strong influence on their behavior.  Most of the time, the
'abuse' is not done knowingly.  That is, the perpetrator does not
realize that they are making the network difficult for others to use.
Temporarily blocking them provides a feedback signal that helps
moderate their behavior.  Without that kind of feedback, the 'abuse'
is likely to continue indefinitely, because the abuser only gets
positive reinforcement ("ooh, look our free gigantic file has arrived
from thin air!  this is AWESOME!"), and eventually drive the network
host to 'lock' up their wifi network.  In our experience, our
technique seems to solve 99% of our problems.

We can provide routers configured and ready to go, on an indefinite
loan basis, to anyone who agrees to host a Personal Telco node.  The
loan lasts as long as you remain a Personal Telco node.


-- 
Russell Senior, President
russell at personaltelco.net

More information about the PLUG mailing list