IP THIEFSeems like it's been a while since I blogged. Truth is, I did about two days worth on my laptop and then didn't copy it off before replacing the hard drive. You wouldn't believe what a pain in the ass that was. But Audrey has gone from 3.2GB to 18.6GB. I had suspected that little drive was going bad. When I pulled it out, it rattled. Are they supposed to rattle?
Well now I am getting ready to start a night class. Hooray. Been a tough day really. I thought I would play on lunch in the McDonalds parking lot like I had been. But when I got there I found that my bandwidth was SUCKING. I needed to download a few things. A few packages to make ethereal work, the newest version of KisMac for wardriving, and maybe a few songs to listen to on the way home.
I was getting an average of 1.2k per second on my downloads. What the hell? I thought maybe my signal was weak. So I re-parked the car a few times. No difference. Seeing how I didn't have Ethereal, it would be tough to see what the hell was happening. So I ran tcpdump. Sure enough, someone was stealing all the bandwidth for gnutella traffic. Ass monkey.
I decided I would let him know what I thought about him.
Ray-Haques-Computer:/sw/bin root# smbclient -IM 18.104.22.168 "You should turn off some of your filesharing bullshit. You are saturating this network. Have some respect."
Then I got pissed and drove off into town in search of better bandwidth. I found a pretty nice AP serving up a signal strength of 32! Nice! It seemed to be a tunneled network of some kind though, and the AP was ignoring me. I thought "hell, now is my chance to change my MAC address". I was sure that this AP was using MAC filtering as a means of security (no WEP). Imagine my disappointment when I was told "not permitted" when changing it. I would later learn that I can change the MAC address of my built in Ethernet, but not the WiFi card. That's gay.
After some frustration, and a dirty look from a redneck on her porch who was probably calling the local police on my loitering ass, I was headed back to McDonalds. Still, all the bandwidth was being consumed and I was pissed.
Here is how I achieved vengeance.
- Run tcpdump to get the IP address of the evil bandwidth hog.
- Assume that IP address as an alias to my own network card (ifconfig alias)
- Ping the gateway/router.
- Laugh, and enjoy all the bandwidth
It's not nice at all. But what I basically did is tell the router that the bandwidth whore's IP address had moved onto a new MAC address (my own). The router then starting sending his packets to me. Realizing what had happened, his computer stated a conflict to the user, and then went back to the router asking for a re-association through the ARP process. Naturally, he didn't stand a chance. I was playing a much more aggressive game at this tug-o-war battle.
Watching the packets dumping by in terminal I could see all of his downloads were timing out, and bombing, until I was seeing very little traffic headed his way. My downloads shot up to 34k. Not bad.