Three ways to kick people off your Wi-Fi network

Originally published at: How to kick people off your Wi-Fi network

…

Having problems with your neighbours, Mark?

Years a go you could have turned all the images they view upside down but then that pesky HTTPS had to ruin everybody’s fun.

Or if anyone connected to your Wi-Fi, that you don’t recognize, is automatically subjected to every 0-day you could get your hands on… …not that I would ever advocate that, of course.

A good password is also important, don’t just change it from Myname23 to Myname24.

The Bitwarden generator is nice because has a good passphrase option:

You can still do that. They’d have to ignore the certificate warnings, but you can still MITM it if you control the network.

If they don’t ignore it, they don’t get access, if they do you can do what you want to the traffic. win-win.

If you need something quick and dirty, there’s always nmap.

sudo nmap -n -sn 192.168.1.0/24

(sudo will lookup the MAC to give the chip maker.)

The past few WAP I’ve had do that on the UI, listing the MAC and maker. My current one also puts an icon for what it thinks it is too, controller for a console, laptop for computer etc.

I suspect that this would be a lot of hassle for a joke that’s only actually marginally funny; but I’d be entertained to see this article wander off into 802.1x and choosing your EAP type and RADIUS configurations and IDS operation while remaining entirely deadpan about the whole thing, as though there had been no change in tone or subject matter whatsoever,

I have sound effects too, with a special one for previously unseen MACs.

2023-12-07-213246_1920x1080_scrot938×603 82.1 KB

I need to make changes for the new Raspberry OS dark theme, as well as a general refactoring.

(4) Surround your walls, floors and ceiling with a copper mesh, creating a Faraday cage to stop the WiFi signals from reaching your neighbors.

4, SSID: “FBI_Surveillance_Van-A33” or “COVID-Vaccine-Activator-657”

I’m a fan of the captive portal page Lee Hutchinson set up during his Arstechnica review of some APs. This was back when “Jade Helm 15” was all the rage in conspiracy circles; and I think he was doing it in Texas, so it probably torqued a few loose screws:

image900×784 137 KB

there’s also the slightly less polite method

Maybe an alternative use for a $5 wrench?

SAML backed 802.11x with certificates please.

Look, the simplest thing to do is to get a router that doesn’t advertise, you have to know the name to log in. Most offer it in their GUI as a checkbox.

Speaking of routers that have a GUI, they also let you see who is logged in, you can boot them. Best to limit access then to only those devices known, though. That too is often a checkbox in the GUI, or a radio button.

So if someone is on your net that you don’t want on, change and hide the network name, and lock it so that only devices already on can continue logging on.

This doesn’t actually work as a security measure and is actually counterintuitive to security.

Normally SuperSecretNetwork says “here I am, rock me like a hurricane” and clients listen for that and initiate a connection. It’s a passive thing.

If you hide SuperSecretNetwork from broadcasting its name, how do clients connect to it? It’s not magic — clients have to actively poll, “hey SuperSecretNetwork are you there?” everywhere they go when they aren’t connected to SuperSecretNetwork. If SuperSecretNetwork is there it says, “I’m here, let’s chat”. This all happens unencrypted and can be sniffed by anybody. Now you’re leaking your preferred wireless networks everywhere you go and someone can use this to more easily spoof your network.

In all it’s a false sense of security because it’s not really a security feature. It’s not even required by 802.11 standards so not all devices will support it. It affects device battery life because now they have to poll every single hidden network when not connected. It’s just inconvenience with no real benefit.

If you want to secure your network, use good encryption (WPA3 if possible, otherwise WPA2). Also have good monitoring of wireless devices on your network so if something unexpected joins, you can take action.

The goal here as I see it isn’t so much security but getting the mooching neighbor off of your network. Or the ex boyfriend/girlfriend. Or the cheap LED light.

Security is a question of effort and depends on the actual threat faced as well as the value of what is being protected. All we need here are quick wins against low effort moochers.

You don’t have a password set in your network? Hiding your SSID will only prevent casual joining and does little in the way of security (if anything it’s a net negative because it hurts your devices’ battery life and gives you a false sense of security).

It won’t prevent your mooching neighbor from joining if they already know the name or can use any of the numerous “Easy Button” tools that will expose your SSID hidden or not.

Setting a good password and using WPA3 or WPA2 encryption is the minimum bar for keeping undesirables off of your network. Hiding your SSID is just security theater.