Skip to Content
Uncategorized

Another Open Wireless Network (mine) gets closed.

I had an interesting security incident on my home network today which will appeal to readers interested in security.This morning I noticed that my DSL connection was running very slow. (It’s provided by Megapath and they’re normally very good.) A…

I had an interesting security incident on my home network today which will appeal to readers interested in security.

This morning I noticed that my DSL connection was running very slow. (It’s provided by Megapath and they’re normally very good.) A bit of sleuthing on my home server revealed that somebody was downloading all of the web pages. Some kind of robot called “Web Copy,” it seemed. This is the third time it’s happened this month, so I threw up a rule on the firewall to block their IP address, then I wrote a small program to prevent this from happening again. (Briefly, the program monitors a particular page on my web server — a page that nobody should ever access — and if the page is accessed, the web server automatically adds a rule to the firewall to block all access from that IP address. Simple and effective.)

Strangely though, the network didn’t get any better. A bit more checking revealed that some computer on my internal network was scanning the Internet, looking for vulnerable computers, and then trying to break into them. Sounded like an unpatched Windows computer that was infected with one of those worms, but I don’t have any unpatched Windows machines. I scanned my internal network and discovered that a computer at the internal IP address of 192.168.1.220 was to blame. Now things were getting interesting

Sitting down at my network patch panel, I started unplugging cables one by one, trying to figure out where 192.168.1.220 was coming from. Turns out it was coming from the Apple AirPort in my kitchen. One of my neighbors was using it!

(Normally this sort of thing would be hard to find out, because most people run their wireless access points as routers. This effectively hides all of the computers in the wireless cloud behind a single IP address that’s used by the wireless router itself. For just that reason, I run my wireless access points as bridges. This makes it easy for me to see all of the computers that are connected to them.)

Around this time I got an email from Megapath saying that a computer on my network was infected with the nachi computer worm. I’m not quite sure how they found out — they claim that somebody complained about me. From the looks of my MRTG traffic tab (see below), it seemed that the computer must have been infected at around 2:15am. Anyway, Megapath told me that they would disconnect me unless I dealt with this immediately. Cost for reconnection: $100



I did some port scans against the computer at 192.168.1.220 and discovered that it was running that Kazaa file trading program. Kazaa will helpfully give you the person’s registered Kazza username, and the name looked suspicious — that is, it looked like the name of my neighbor’s grade school son.

Now everything was beginning to fall into place. I like to keep my wireless network open, so that people visiting me can use their handheld devices without having to ask me for the password. As it turns out, my generosity was turned against me: the neighbor’s son had been using my network connection for file trading (possibly because his father monitors their DSL connection?). In the process, he had gotten infected with a worm, eaten up my outbound bandwidth, and nearly cost me my DSL service!

I did what I had to do: I reconfigured my wireless access points to use encryption. It’s not the strongest encryption, but it should be good enough to keep the grade school kids at bay. Then I called up my neighbor and left a message on their answering machine


All in all, an interesting story. But tracking down this guy was hard. Most people couldn’t do it. I’m increasingly concerned about the impact of open wireless connections in the hands of non-technical users.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.