>>>>> "wes" == wes <p...@the-wes.com> writes:
Russell> With a few precautions, sharing is safe. With a few Russell> facilities, abuse can be effectively dissuaded. With those Russell> two things covered, that just leaves the gift-culture spirit. wes> is there a guide to these precautions and facilities somewhere? Not as a literal guide. They are kind of built in to the way we build our router configurations. Generally speaking: isolate sensitive/vulnerable computers from the public; monitor usage somehow (munin/cacti/nagios,etc); have tools like tcpdump, iftop (or similar), iptables available on the gateway router so that abusers can be identified and interdicted. I have a favorite one-liner for detecting bit-torrenters: tcpdump -n -i $iface 'tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack == 0 and not src and dst net 127.0.0.0/8' where $iface is the interface on which the public client's traffic arrives. That basically looks for new TCP connections. Bittorrent spews TCP connections like crazy, dozens a second, to random high-numbered ports, on random hosts. Then, with the IP address of the abuser, you get their macaddress from the DCHP leases or ARP table and you nuke them with something like: iptables -v -I FORWARD -m mac --mac-source $macaddr -j REJECT In our experience, people who are connecting to an open wifi network are extremely happy to have access to tubes. Withdrawing that access has a strong influence on their behavior. Most of the time, the 'abuse' is not done knowingly. That is, the perpetrator does not realize that they are making the network difficult for others to use. Temporarily blocking them provides a feedback signal that helps moderate their behavior. Without that kind of feedback, the 'abuse' is likely to continue indefinitely, because the abuser only gets positive reinforcement ("ooh, look our free gigantic file has arrived from thin air! this is AWESOME!"), and eventually drive the network host to 'lock' up their wifi network. In our experience, our technique seems to solve 99% of our problems. We can provide routers configured and ready to go, on an indefinite loan basis, to anyone who agrees to host a Personal Telco node. The loan lasts as long as you remain a Personal Telco node. -- Russell Senior, President russ...@personaltelco.net _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug