Shared internet troubles.

[Meatwad]

Originally posted by FBplmmr

Cant cut a wireless signal with wire snips


Check the network and see if his laptop is wide open. If it is, "accidentally" delete the C: drive.

[Ack-Ack]

Originally posted by thrila
I live with a house of 5 people and we share the internet.  Basically after 2 years of no internet i paid for it to be installed and pay the bills for it ( my housemates pay me their share).  I more or less got the internet so i could play AH and other online games.  After 2 years internet cold turkey i just couldn't and went out and got it.  

Well, the problem is this- it is unplayable as of late.  I cannot play online games because  within the last couple of months have been getting massive variations in ping 100-800ms and lately heavy warp.  During one attempt at team fortress 2 when the warp was horrid I went to the prime suspect's room (yeah i probably shouldn't have if i had any morals) and looked at his laptop.  He had limewire open and was downloading porn.  

I've asked him if he does large d/ls or has any p2p programs installed, which he denies.  How exactly do i go about proving him wrong, without it being known that i went into his room and rumaged through his latop?  When i got the internet i made it clear that d/ls were to only happen during the day or overnight when i'm not playing online- which was the primary reason for the net in the first place.

I hate to be an arse, but i'm considering changing the password to the wireless router and not giving it to him.  Any suggestions how i can force him to admit that i know it's him ruiing the internet for the rest of the house (other housemates play online too).

Your router should have access and active session logs.  Just look at those logs to determine whether or not he's been using a P2P client or what he's been downloading, you can even see what sites he's been too.  You can also block the specific ports he needs for his P2P client or as with most routers, put a parental lock on his IP address.

If you feel particularly cruel, set the access to enable access to the Internet  by MAC address only.  Set the router to MAC address only and only those MAC addresses specified by you will be allowed to access your network.  Then change the network name to "NO PR0N FOR YOU!" so he can see it when he tries to connect.


ack-ack

[Vulcan]

Ummm... how many times do I need to repeat this... mac address filtering is a waste of time. Changing mac addresses is fairly easy on most cards these days.

thrila, $300-$500 depending on the model.

The P2P stuff relying on PNP is not true, common peer-to-peer maps don't need port forwarding (look at how skype functions for a lesson in this).

How is your wireless network secured?

[KK9]

Thrilla from Manilla!!

Wireless internet sucks for gaming, and sharing internt with others only gonna make things worse.. you cant expect good connection from such terrible setup..

stop sharing, or at least use wired connection.

[WilldCrd]

Originally posted by KK9
Thrilla from Manilla!!

Wireless internet sucks for gaming, and sharing internt with others only gonna make things worse.. you cant expect good connection from such terrible setup..

stop sharing, or at least use wired connection.

sorry but your mistaken. I used wired AND wireless for gaming. I have a 15/15 m/ps connection with verizon fios. It ussually runs about 15.5 wired and 14.8 wireless.

Vulcan: since your paying for the connection AND you already set down rules simply explain to EVERYONE again that it is primarily for your gaming fix in the evening then allow ONLY your mac addy during those times. IF someone needs access for something YOU deem important enough you can open your router up on a case by case basis.
It might seem harsh at first blush but, its YOUR acct. any illeagle activity will come back to YOU not them. YOUR paying for it not them.
By telling them that if they NEED access during your unwinding/playing time and that your more than willing to allow them access then  I think that is very reasonable and mature and will be accepted by the majority of your roomies since your being honest and respectful and fair as well as willing to grant them access if they really need online, maybe even....playing AH and blowing them outta the sky muhahahah!

your not pointing fingers, not accusing anyone of anything. Its YOUR time, YOUR acct. and YOU are responsible for its use.

One last note, read your tos. I install verizon Fios, and reselling our service is a strickt violation ie. charging your roomies to be able to connect is actually reselling the service. Now honestly i doubt very seriously anyone will come after you since its all in the same house BUT you can use it in your argument (last resort kinda thing)
Be diplomatic. dont bring up what you found on your roomies pc and his usage of YOUR internet connection unless he puts his foot in his mouth and brings it up then....go for the jugular

Just be straight with your friends, you already have told em up front what your requirements are, if they abuse it then they or he is taking advantage of your friendship.

[eagl]

Vulcan,

MAC address filtering is fine when used as a measure to foil retards.

It doesn't sound like we're dealing with a pron addicted rocket scientist, so MAC addy filtering might work just fine.  At the very least, it would take maybe 5 minutes to set up the block and it would serve as a test to see how technically competent he is.

If he works around the MAC addy fix, we'll know that at most we'll slow him down and maybe throttle his pron addiction, but probably can't completely cut him out without a little more effort.  But if the MAC filter thing works, then it means he doesn't know much about networking and relatively simple workarounds might be possible to let the guy keep using the network while slowing him down a bit.  Turning off UPnP and blocking specific ports is one of those things that might help.  If he knows enough to change his MAC address, he'll probably know how to switch ports or otherwise bypass simple router filters.

That's why people keep recommending MAC addy filtering even though it's easy to bypass.  It's only easy to bypass if you know enough about networking to recognize the problem and attempt to fix it.  It's a good test.  I guarantee you that even my Mom, who has been making a living programming ("real" programming, with fortran, C, etc on everything from PCs to supercomputers) for the last 15 years would have a really tough time diagnosing and working around a blocked MAC address.  She just doesn't have the background in networking even though she's a really talented programmer and works with all sorts of computers for a living.

[Vulcan]

You're still misisng one vital point eagl, how is his wireless network secured?

[eagl]

Another thing Vulcan...

You're right, most P2P apps don't *require* UPnP, but many need it to work well out of the box.  As a simple example, azureus is a pretty popular bittorrent client and I can't use more than 1/10th of my bandwidth using default client settings if UPnP is off.  For that matter, the only way to max out my UL and DL with bittorrent is to have UPnP enabled AND explicitly forward a couple of ports.

Yea that's probably just as much my router's fault as it is Azureus not being the most elegant application, but it illustrates my point that if you change the router's settings to require the user to go in and fiddle with ports, MAC addys, port forwarding, or in any other way change the default settings, you can slow down a whole lot of people who really don't know what they're doing.

Heck, comcast was doing this sort of thing to mess with file sharing before they got caught.  All they were doing was inserting packets that told the apps or the computer to drop the connection.  This could have been counterproductive since it could cause retry storms and actually increase network traffic, but in effect what they did was use forged packets to limit the number of P2P connections their users could make simultaneously by semi-randomly forcing closed some connections.  Yea, a true geek could totally spoof this and get around it, but how many people simply wondered why they weren't getting the bandwidth they paid for?

[WilldCrd]

Eagle is right,
however i would like to clarify one thing. If you only allow YOUR mac address AND set the router to only allow 1 pc access online AND change the pswrd to the router then unless he really has some hacking skills then he is effectively stopped. you can workaround that which wont let you have ANY access.
If he does have skills then let us know, between us all and maybe the great skuzzinator we can make his life a sad miserable porn exempt existence to say the least

EDIT: I still believe trying some diplomacy first is best. You still have to live with the guy (in a non gay strictly platonic kinda way) plus you will have the support of the other people in the house if he does get stupid since it will effect whether or not they can ever use your internet connection in the future. Thats what I was trying to get at in my earlier post

[eagl]

Originally posted by Vulcan
You're still misisng one vital point eagl, how is his wireless network secured?

It almost doesn't matter since the point of MAC filtering is to mess with him and see if blocking him out temporarily helps.  If you encrypt the network and change the password, it becomes obvious that he's being messed with.

But yes, technically the easiest way to cut him out entirely is to use WPA/PSK and change the password.  But that opens up a social problem that may make the technical problem moot.

I'd personally check the router logs and settings to see if his P2P software is actually using UPnP to manage ports.  If it is, I'd turn off the router's UPnP and see if it helps.  I might also consider turning on QOS and modifying the QOS priority list to put P2P traffic at the bottom and AH at the top, but not many routers let you do that so it might not even be an option.

If I couldn't slow down his usage with UPnP or forwarding common limewire ports to the bit bucket, then I'd temporarily block his MAC address and see if overall network responsiveness perked up.  If it did, then I might be tempted to keep his MAC addy blocked until he figured out a way around that.

I don't know how sensitive limewire is to router resets, but rebooting the router every once in a while and listening to the screams is a good way to mess with people using standard FTP or http transfers without a download manager.

[AWMac]

HEY!!!!

I had NOTHING to do with this or my address!!!

Mac

[eagl]

Originally posted by WilldCrd
If you only allow YOUR mac address AND set the router to only allow 1 pc access online AND change the pswrd to the router then unless he really has some hacking skills then he is effectively stopped. you can workaround that which wont let you have ANY access.

Good point.

My router lets me set up MAC filtering in one of two ways.  First way is to explicitly block certain MAC addresses.  The second way is to explicitly allow only listed MAC addresses.  thrila could get the MAC addys of the guys in the house who follow the rules, and list those ones in the allow-only list.

Then he'd have to use a sniffer like ummm airsnort? to pull MAC addys from the traffic and attempt to hijack a connection.  But if I recall correctly, that only works during the initial handshake before the connection goes encrypted, so he might have to wait a while.

[Vulcan]

Originally posted by eagl
Good point.

My router lets me set up MAC filtering in one of two ways.  First way is to explicitly block certain MAC addresses.  The second way is to explicitly allow only listed MAC addresses.  thrila could get the MAC addys of the guys in the house who follow the rules, and list those ones in the allow-only list.

Then he'd have to use a sniffer like ummm airsnort? to pull MAC addys from the traffic and attempt to hijack a connection.  But if I recall correctly, that only works during the initial handshake before the connection goes encrypted, so he might have to wait a while.

wrong, you can 'push' wep handshakes pretty easily. Most of the wireless hacking tools available are fairly simple and automated such that kids can operate them.

mac + wep = speedbump ... nothing more.

mac addresses to track activity = good way to put the blame on someone else.

WPA or WPA is a different story.

WPA2 with EAP is the ultimate and fairly easy to setup (depending on the router). You just need a wireless router and a radius server (like ISA on a Win 2k or 2003 box) and you're off. I'm sure some freeware radius software could do it too.

[eagl]

Vulcan,

Right.  I haven't mentioned WEP in...  what... over a year now I think.  I don't consider it encryption and therefore haven't mentioned it.

My wireless gear theoretically supports WPA2 but I never could find a setup between my laptop, my wife's laptop, and 2 routers at separate houses that would reliably connect with WPA2.  So I'm using WPA and what I hope is a long enough non-trivial password.

Still, I think that a simple MAC filter is a good way to temporarily cut someone out and measure both how much they know about networking, and how determined they are to get back on the network.  Yea it's easy to work around but only if the person has the requisite knowledge.

I have a few friends who like the pron, but not one of them would know how to change their MAC address, get a wireless "hacker toolkit", distinguish between WEP and WPA, or know a packet from a packard.  They turn on the laptop, click on the pretty antenna icon, and hope the light turns green.  That's how it is for most people.

[eagl]

I remember a couple of friends giggling over a 5 minute boobie clip...  I pointed them at the pirate bay's hidden forum and they swore off of internet pron within an hour.  Shocked they were.  They had NO IDEA.

I'm not a pron fiend or perv, but these guys really thought they were on to something with the 5 minute clip of some cinemax midnight movie that they'd found.  I hated to destroy their safe little internet worldview with a couple of keypresses, but I couldn't resist.  Plus, they have kids and I figured they ought to at least glimpse the true nature of the dark side so they could choose suitable defensive postures for their home internet access.

I think that for them it was a bit like discovering that santa doesn't exist, but at age 37.

If those guys knew that it would probably take me less than 2 hours to get into their computers from my dorm room, they would probably never turn the things on ever again.

Teh Funnay.