ODDREE.COM

IP THIEF

Seems like it's been a while since I blogged. Truth is, I did about two days worth on my laptop and then didn't copy it off before replacing the hard drive. You wouldn't believe what a pain in the ass that was. But Audrey has gone from 3.2GB to 18.6GB. I had suspected that little drive was going bad. When I pulled it out, it rattled. Are they supposed to rattle?

Well now I am getting ready to start a night class. Hooray. Been a tough day really. I thought I would play on lunch in the McDonalds parking lot like I had been. But when I got there I found that my bandwidth was SUCKING. I needed to download a few things. A few packages to make ethereal work, the newest version of KisMac for wardriving, and maybe a few songs to listen to on the way home.

I was getting an average of 1.2k per second on my downloads. What the hell? I thought maybe my signal was weak. So I re-parked the car a few times. No difference. Seeing how I didn't have Ethereal, it would be tough to see what the hell was happening. So I ran tcpdump. Sure enough, someone was stealing all the bandwidth for gnutella traffic. Ass monkey.

I decided I would let him know what I thought about him.

Ray-Haques-Computer:/sw/bin root# smbclient -IM 216.206.239.145 "You should turn off some of your filesharing bullshit. You are saturating this network. Have some respect."

Then I got pissed and drove off into town in search of better bandwidth. I found a pretty nice AP serving up a signal strength of 32! Nice! It seemed to be a tunneled network of some kind though, and the AP was ignoring me. I thought "hell, now is my chance to change my MAC address". I was sure that this AP was using MAC filtering as a means of security (no WEP). Imagine my disappointment when I was told "not permitted" when changing it. I would later learn that I can change the MAC address of my built in Ethernet, but not the WiFi card. That's gay.

After some frustration, and a dirty look from a redneck on her porch who was probably calling the local police on my loitering ass, I was headed back to McDonalds. Still, all the bandwidth was being consumed and I was pissed.

Here is how I achieved vengeance.

1. Run tcpdump to get the IP address of the evil bandwidth hog.
   
2. Assume that IP address as an alias to my own network card (ifconfig alias)
   
3. Ping the gateway/router.
   
4. Laugh, and enjoy all the bandwidth

It's not nice at all. But what I basically did is tell the router that the bandwidth whore's IP address had moved onto a new MAC address (my own). The router then starting sending his packets to me. Realizing what had happened, his computer stated a conflict to the user, and then went back to the router asking for a re-association through the ARP process. Naturally, he didn't stand a chance. I was playing a much more aggressive game at this tug-o-war battle.

Watching the packets dumping by in terminal I could see all of his downloads were timing out, and bombing, until I was seeing very little traffic headed his way. My downloads shot up to 34k. Not bad.