Info About Unsecured Access Point

Some resident in the vicinity is running an unsecured access point and we
can get all the usual services (nntp, http, smtp, etc.).

At first.

Then we find that the services are blocked: no smtp or nntp. When we get
on the web browswer, we see activity to retrieve the page, but then we see
a web page rendered from Comcast (clearly their ISP) in which the user of
the host is to authenticate the host, IP assigned by DHCP. The
authentication apparently involves downloading software (which we are
unable to do!) and probably filling out a username/password (which we
create? or one given by Comcast?).

We find that when we disable the adapter and/or "repair" the connection,
or perhaps just after some timeout, we don't get the interception of the
Comcast web page and we get the resumption of services. This blocking
and unblocking of access to services cycles back and forth.

We are curious why it behaves like this. Why wouldn't the Comcast ISP
block service all the time to the "unauthenticated" host? Is the Comcast-
provided software providing some sort of bit setting in the packet headers
in the client before assembling the packet?

So what you are basically saying is that while stealing service from
someone who is not smart enough to lock thier door you are
occasionally being blocked by the service provider. My suggestion
would be to pay for your own service and not steal from someone else.

On Tue, 31 Jul 2007 19:03:58 GMT, Seni Seven
<(E-Mail Removed)> wrote:

>Some resident in the vicinity is running an unsecured access point and we
>can get all the usual services (nntp, http, smtp, etc.).

Do you have permission to use their "open" access point? Is there any
indication that it's available for your use, such as an SSID of "free
wireless" or something similar? If not, get permission before
continuing. Usually, what happens is that they ask for some small
conribution to subsidize their internet connection.

>At first.

All good things must come to an end.

>Then we find that the services are blocked: no smtp or nntp. When we get
>on the web browswer, we see activity to retrieve the page, but then we see
>a web page rendered from Comcast (clearly their ISP) in which the user of
>the host is to authenticate the host, IP assigned by DHCP. The
>authentication apparently involves downloading software (which we are
>unable to do!) and probably filling out a username/password (which we
>create? or one given by Comcast?).

Chuckle. Let me guess(tm).... It doesn't matter what web page you
select, you always get the same Comcast web page that wants you to
download the activation program? Sound familiar? (Sorry, but I'm too
lazy to dig out the exact URL).

Well, what possibly (not sure) that means is that your victim didn't
pay their bill for some extended period and Comcast has pulled the
plug on them. If they want to continue service, they have to reapply
and reactivate using that web page.

>We find that when we disable the adapter and/or "repair" the connection,
>or perhaps just after some timeout, we don't get the interception of the
>Comcast web page and we get the resumption of services. This blocking
>and unblocking of access to services cycles back and forth.

Yeah, you can bypass the page by selecting your own DNS server, but
Comcast eventually catched on and blocks the MAC address until you
phone them.

>We are curious why it behaves like this. Why wouldn't the Comcast ISP
>block service all the time to the "unauthenticated" host? Is the Comcast-
>provided software providing some sort of bit setting in the packet headers
>in the client before assembling the packet?

I think (not sure) that "unathenticated" means "didn't pay the bill".

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

Jeff Liebermann <(E-Mail Removed)> wrote in
alt.internet.wireless:

> On Tue, 31 Jul 2007 19:03:58 GMT, Seni Seven
> <(E-Mail Removed)> wrote:
>
>>Some resident in the vicinity is running an unsecured access point and
>>we can get all the usual services (nntp, http, smtp, etc.).
>
> Do you have permission to use their "open" access point? Is there any
> indication that it's available for your use, such as an SSID of "free
> wireless" or something similar? If not, get permission before
> continuing. Usually, what happens is that they ask for some small
> conribution to subsidize their internet connection.
>
>>At first.
>
> All good things must come to an end.
>
>>Then we find that the services are blocked: no smtp or nntp. When we
>>get on the web browswer, we see activity to retrieve the page, but
>>then we see a web page rendered from Comcast (clearly their ISP) in
>>which the user of the host is to authenticate the host, IP assigned by
>>DHCP. The authentication apparently involves downloading software
>>(which we are unable to do!) and probably filling out a
>>username/password (which we create? or one given by Comcast?).
>
> Chuckle. Let me guess(tm).... It doesn't matter what web page you
> select, you always get the same Comcast web page that wants you to
> download the activation program? Sound familiar? (Sorry, but I'm too
> lazy to dig out the exact URL).
>
> Well, what possibly (not sure) that means is that your victim didn't
> pay their bill for some extended period and Comcast has pulled the
> plug on them. If they want to continue service, they have to reapply
> and reactivate using that web page.
>
>>We find that when we disable the adapter and/or "repair" the
>>connection, or perhaps just after some timeout, we don't get the
>>interception of the Comcast web page and we get the resumption of
>>services. This blocking and unblocking of access to services cycles
>>back and forth.
>
> Yeah, you can bypass the page by selecting your own DNS server, but
> Comcast eventually catched on and blocks the MAC address until you
> phone them.
>
>>We are curious why it behaves like this. Why wouldn't the Comcast ISP
>>block service all the time to the "unauthenticated" host? Is the
>>Comcast- provided software providing some sort of bit setting in the
>>packet headers in the client before assembling the packet?
>
> I think (not sure) that "unathenticated" means "didn't pay the bill".

No, you didn't understand what is happening.

At times we are able to get access, often when first connecting to the
network, or when we make an effort disconnect and then re-connect. In
fact, this post is being made from the connection...once I juggle it open
again.

If the bill is not paid, then there should never be a moment when we can
gain access to the service except to that Comcast authentication page.
But we do get access to the services, and then as if there is some
arbitrary timeout on the access, we start seeing all services blocked and
if we get on an http client, we see the web page.

By the way, we are all in temporary living situations until 1 September
and don't want to sign up with anyone bringing fiber/wire/cable to the
residence until we get more permanently situated. However, there is this
one service called "Instaconnect" and it seems they have a rather weak
signal. I might sign up at $40 a month for a month if this service is
reliable and/or has a good reputation. Any thoughts?

Seni Seven <(E-Mail Removed)> hath wroth:

>No, you didn't understand what is happening.

True. I did some guessing as to what was happening.

>At times we are able to get access, often when first connecting to the
>network, or when we make an effort disconnect and then re-connect. In
>fact, this post is being made from the connection...once I juggle it open
>again.

Such connect/disconnect exercises are typical of either a low signal
level, interference, or both. How's your signal level and signal
quality (SNR)? If it's a really far away connection, you'll probably
have problems staying connected.

Try a simple continuous ping test to the cable router. Ideally, it
should be a fairly low latency (about 2-8 msec) depending on range and
hardware. However, it should also be exactly the same latency for
every packet. Any increases above a base value is indicative of
packet loss. In extreme cases, you'll see a "no response" message.

>If the bill is not paid, then there should never be a moment when we can
>gain access to the service except to that Comcast authentication page.

I just tried the signup page and found that it had changed. It
formerly went directly to the signup page, but that now only seems to
work inside the Comcast network. From outside, it asks for a long and
password. Try:
<https://spdns.cmc.co.denver.comcast.net>
Is that the page you're seeing?

>But we do get access to the services, and then as if there is some
>arbitrary timeout on the access, we start seeing all services blocked and
>if we get on an http client, we see the web page.

See my previous comments on the signup page. If you're getting this
page, it's because the Comcast DNS server it redirect all your DNS
lookups to one specific IP address (68.87.66.135). That's not normal.
However, I can't deduce exactly what's happening without the
cooperation of the owner of your borrowed connection.

>By the way, we are all in temporary living situations until 1 September
>and don't want to sign up with anyone bringing fiber/wire/cable to the
>residence until we get more permanently situated.

Bummer. Getting temporary broadband service is a problem. There are
some services that offer monthly contracts, but they want a big chunk
up front and generally charge too much.

>However, there is this
>one service called "Instaconnect" and it seems they have a rather weak
>signal. I might sign up at $40 a month for a month if this service is
>reliable and/or has a good reputation. Any thoughts?

These people?
<http://www.instaconnect.net>
I don't know anything about them. Also, their web server seems to be
comatose. The weak signal is going to be a problem. Got a big 24dBi
dish available? Most wireless ISP operators will loan you a test
login to see if it's going to work.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann <(E-Mail Removed)> wrote in alt.internet.wireless:

> Seni Seven <(E-Mail Removed)> hath wroth:
>
>>No, you didn't understand what is happening.
>
> True. I did some guessing as to what was happening.
>
>>At times we are able to get access, often when first connecting to the
>>network, or when we make an effort disconnect and then re-connect. In
>>fact, this post is being made from the connection...once I juggle it
>>open again.
>
> Such connect/disconnect exercises are typical of either a low signal
> level, interference, or both. How's your signal level and signal
> quality (SNR)? If it's a really far away connection, you'll probably
> have problems staying connected.

The report is a 25-30% signal with a 75-85% link quality, with the software
used by the Airlink 101 device.

>
> Try a simple continuous ping test to the cable router. Ideally, it
> should be a fairly low latency (about 2-8 msec) depending on range and
> hardware. However, it should also be exactly the same latency for
> every packet. Any increases above a base value is indicative of
> packet loss. In extreme cases, you'll see a "no response" message.


C:\Documents and Settings\user>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : Belkin
IP Address. . . . . . . . . . . . : 192.168.2.74
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1

C:\Documents and Settings\user>ping 192.168.2.1

Pinging 192.168.2.1 with 32 bytes of data:

Reply from 192.168.2.1: bytes=32 time=4ms TTL=64
Reply from 192.168.2.1: bytes=32 time=4ms TTL=64
Reply from 192.168.2.1: bytes=32 time=3ms TTL=64
Reply from 192.168.2.1: bytes=32 time=4ms TTL=64

Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms


What do you think?


>>If the bill is not paid, then there should never be a moment when we
>>can gain access to the service except to that Comcast authentication
>>page.
>
> I just tried the signup page and found that it had changed. It
> formerly went directly to the signup page, but that now only seems to
> work inside the Comcast network. From outside, it asks for a long and
> password. Try:
> <https://spdns.cmc.co.denver.comcast.net>
> Is that the page you're seeing?

No, the URL is actually the same as we enter it. But instead of the
content of the URL, Comcast inserts a page that it describes as an
"installation process" and that new customers will download install
software and create an email address and password and activate the account,
whereas existing customers are asked to just follow instructions. Anyone
who reads the page must turn off firewalls, virus protection, and popup
blocking software and download the software. I tried downloading it---the
link is <URL:http://cdn/downloadable_install_wizard.exe> which is clearly
not valid outside this intranet---but could not get the target object---no
download. Again, you see the download-this-install-exe page, but the
string of the URL is actually the string of the page you entered into the
URL address entry box, the content you wanted.

>>But we do get access to the services, and then as if there is some
>>arbitrary timeout on the access, we start seeing all services blocked
>>and if we get on an http client, we see the web page.
>
> See my previous comments on the signup page. If you're getting this
> page, it's because the Comcast DNS server it redirect all your DNS
> lookups to one specific IP address (68.87.66.135). That's not normal.
> However, I can't deduce exactly what's happening without the
> cooperation of the owner of your borrowed connection.

Without the ability to triangulate the transmission signal of the access
point, we don't even know which direction the residents of the house live
in. However we know the first names of the girls who operate the access
point: they used them to make their SSID. We only need to knock on the
doors of several dozen homes.

>>By the way, we are all in temporary living situations until 1
>>September and don't want to sign up with anyone bringing
>>fiber/wire/cable to the residence until we get more permanently
>>situated.
>
> Bummer. Getting temporary broadband service is a problem. There are
> some services that offer monthly contracts, but they want a big chunk
> up front and generally charge too much.

This Instaconnect service charges as low as $28 a month for a 12-month
contract, $40 month-to-month. But as I check now the detectable networks,
it does not register as I sit on the 1st floor of the townhouse. I
probably might see it in the upstairs room, but then who will pay for an
intermittent network signal?

>
>>However, there is this
>>one service called "Instaconnect" and it seems they have a rather weak
>>signal. I might sign up at $40 a month for a month if this service is
>>reliable and/or has a good reputation. Any thoughts?
>
> These people?
> <http://www.instaconnect.net>
> I don't know anything about them. Also, their web server seems to be
> comatose. The weak signal is going to be a problem. Got a big 24dBi
> dish available? Most wireless ISP operators will loan you a test
> login to see if it's going to work


I see no offer of a trial here. Perhaps that in itself is a sign.

Seni Seven <(E-Mail Removed)> hath wroth:

>The report is a 25-30% signal with a 75-85% link quality, with the software
>used by the Airlink 101 device.

The signal seems on the weak side, but the link quality is quite good.
I forgot to ask at what wireless speed are you connecting? That's a
good indication of signal quality. A low signal level or interference
will cause the speed to drop. My guess(tm) is that anything over
9Mbit/sec is acceptable.

> Reply from 192.168.2.1: bytes=32 time=4ms TTL=64
> Reply from 192.168.2.1: bytes=32 time=4ms TTL=64
> Reply from 192.168.2.1: bytes=32 time=3ms TTL=64
> Reply from 192.168.2.1: bytes=32 time=4ms TTL=64
>What do you think?

Well, it's difficult to tell from just 4 pings. However, it looks
quite good so far. Try running ping for a minute or two continuously:
ping -t 192.168.2.1
<ctrl>C to stop. Try to get a feel for how consistent the signal
remains. Also try it when the connection switches over to the Comcast
web site.

>(...) Anyone
>who reads the page must turn off firewalls, virus protection, and popup
>blocking software and download the software. I tried downloading it---the
>link is <URL:http://cdn/downloadable_install_wizard.exe> which is clearly
>not valid outside this intranet

Yep. That's an internal URL setup by the cable modem/router. It gets
expanded to something like:
cdn.sanjose.ca.sanfran.comcast.net
You might enjoy reading this mess:
<http://www.michigan-sportsman.com/forum/showthread.php?t=101214>
Like I mumbled... Comcast thinks the modem is not registered or the
cutomer hasn't paid the bill.

>---but could not get the target object---no
>download. Again, you see the download-this-install-exe page, but the
>string of the URL is actually the string of the page you entered into the
>URL address entry box, the content you wanted.

Ok, got it. My 2nd guess(tm) is that when you get that URL, it means
that the modem has either deregistered from the CMTS or some kind of
connection or authentication problem. Probably connection because the
http://cdn/ did NOT get expanded by the Comcast DNS server into the
full URL, which is why clicking on download, doesn't do anything.

>Without the ability to triangulate the transmission signal of the access
>point, we don't even know which direction the residents of the house live
>in. However we know the first names of the girls who operate the access
>point: they used them to make their SSID. We only need to knock on the
>doors of several dozen homes.

Well, you could at least make the attempt. Grab a laptop and
directional antenna or reflector and take some bearings from different
locations. Where they cross is the likely location. If it's a big
apartment building, you already have the names which should help.

>This Instaconnect service charges as low as $28 a month for a 12-month
>contract, $40 month-to-month. But as I check now the detectable networks,
>it does not register as I sit on the 1st floor of the townhouse. I
>probably might see it in the upstairs room, but then who will pay for an
>intermittent network signal?

Well, I don't think you're expected to be able to roam around the
house with such a distant and weak signal. However, a big dish
antenna and a local wireless ethernet bridge, should produce a much
better signal. If you can pick up anything with an inside laptop, you
should be able to do much better with an outside antenna.

>I see no offer of a trial here. Perhaps that in itself is a sign.

Call or write them. The usual line is that you want to try their
service but you're not sure you can maintain a connection. You won't
get a 30 day free trial. More like a few days to test if you need a
better antenna or antenna location.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558