Three ways to kick people off your Wi-Fi network

My mooching neighbour couldn’t piss his own name in the snow without looking up how it is spelled on his ID card first. So yeah, simply hiding the SSID totally works. Low threat, low effort to deal with it.

Seriously, through: setting.a password on your Fritzbox ist easier and more secure.

And guests and relatives who want WiFi get access to the guest WiFi only.

Who said anything about not setting a password? The setup routine prompts you to do that.

I didn’t mention passwords or encryption because that would be repeating instead of supplementing. To get to these settings, you should have already changed the password and ensured that WPA2 at the least is on. I apologize for not being clear.

Right now WiFi is so ubiquitous that from my couch as I type I have over a dozen named networks in the list. Moochers will go for the low hanging fruit, so the advice here should be more geared to making it more annoying than it’s worth to break into your network where there’s nothing worth having anyway that they couldn’t get easier elsewhere.

It’s like the old saying: the lock should not cost more than the thing it’s protecting.

2 Likes

Totally works for what? It’s doing basically nothing to protect your network from malicious actors.

And what can you do with this information? Even when a SSID is “hidden”, it’s still trivial to discover it. It also hurts your privacy because your devices are broadcasting this in the clear where they go.

But if this makes you feel better then you do you.

1 Like

Speaking of SSID, back in 2020, because I had neighbors with signs for the last guy, I pulled out an old router and set it up to broadcast these networks.

The router wasn’t attached to anything, it just amused me.

One neighbor changed their SSID to f**k Biden. I just checked, one neighbor has trump 2024.

I’m going to have to plug in that router again.

As far as security, I’m on a very small private road, I used to share my internet back when it was new and we had a few weekenders. But I eventually pulled the plug when streaming started getting popular and they started abusing my niceness.

My very good neighbor gets to use it.

5 Likes

So, only invitees can get on your WiFi, and you still hide your SSID because someone ‘mooches’?

There’s another reason to hide networks: avoiding notice from the boss and visitors to the office. This is actually done at my company, where there is a wifi network set up just for developers with full access to the outside internet and no access to the private network. It’s an “outside” network that developers use with Maven, NPM and other SSL services that are blocked on the normal ethernet network.

It’s not ideal, but it was the only compromise we could get with the IT department. Our laptops are considered trusted for this purpose, but it’s hidden simply to avoid time-consuming questions from others in the building as to why we have yet another network name next to the official ones for general usage, the extra one for guests, and so on.

Note that the hidden network also has WPA3 and a truly random password, as well as only allowing known MAC addresses; any new laptop has to go to the sysadmin, who will “bless” it, and retired devices are pruned immediately. So it’s hidden mainly as a form of convenience to others so that it doesn’t keep popping up in the list of networks to choose from.

Oh yeah, I hide my name at home as well, because even though I renamed it from the default, I don’t want to spam the rest of the neighborhood with my name. It’s more of a courtesy to others than a way of keeping them out.

3 Likes

Interesting point, but as noted above, your device is now knocking on every door asking “are you Mynetwork123?” - which isn’t exactly spamming - but also not without a footprint.

Well, you do you, really. When I look at my neighbours networks, I can also see the odd SSID hidden. It’s not totally uncommon.

Just a thought which occurred to me: since geolocation also uses positions of known WiFi networks, maybe it is even a courtesy to broadcast your SSID to total strangers?

Nice story, I am impressed.
IT would roast me even for suggesting to set up any WiFi except the guest network the conference room has, which is physically decoupled from the internal LAN. They did roast me for suggesting we use WiFi bridges for a specific event to make it possible for esteemed guests to get a connection to said network in parts of the building where there is none. Despite that, there are at least two printers in the house which advertise their SSID. I suspect they are honeypots, but I’m not inclined to find out after my last run-in.

1 Like

This reminds me. I’ve been using authpf on a strange port as a precursor to allowing any other SSH or WireGuard connections on my main home/biz connection. “People who know” confirm this puts the network into Rubber Hose and Pipe Wrench Decryption-only space, which is where I want to be. All internal connections are also SSH-only after that, so even the wired connections are well protected.

I’ve been thinking of setting up a WiFi box on OpenBSD with the same facilities, since pf could then make sure packets went where they were supposed to and at a rate I can put up with. It would also get rid of the MAC-address malleability problem.

The consumer grade stuff would have an extra click to get on the network, I’d probably have to write the app for that click… :thinking:

1 Like

I wonder, what do you make of tailscale?

Hadn’t seen them before, thanks for the pointer. First impressions…

That doesn’t look half bad really. The people look credible. Open sourcing most of the product is always a good sign. The underlying toolkits they are using are my favourites. Traffic flow monitoring is a bonus.

It’s probably not for me, but I’m lucky enough to have just enough skills, and a small enough problem, that rolling my own with WireGuard wasn’t scary or particularly difficult.

I had someone point me that way myself, and I tried it yesterday. And it was so easy I that am immediately suspicious that it can’t be legit and qualitatively good. If I weren’t streched thin like to much butter on a toast currently, I would dive in and try to find out if that is the case. For now, my VPN to my home network stays on a different basis - one I trust as far as I can throw my phone. But I think I may give it a go at some point. So far, I’m using it to access a remote service, and I have to say it is more convenient then to SSH myself to that machine…

1 Like

I’ve noticed MAC address filtering has become a pain in the butt now that some (most?) devices default to “Random MAC” instead of the device’s real MAC. At least my Samsung phone & tablet do this.

I’ve been caught a few times where I am absolutely certain a device’s real MAC is on my router’s “Allowed” list, but no connection. Takes me a while, with much confusion, before I recall this device setting.

Maybe it’s just a Samsung thing?

This topic was automatically closed after 5 days. New replies are no longer allowed.