With all the traveling I've been doing over the past year, I've started to get annoyed at airports that don't have free wireless.

You know the drill: You open up the laptop, and it shows an unencrypted access point with five bars of signal strength. You cheer, only to find that the first web page that comes up is asking you for your credit card.

It's rarely worth it to me to pay $7.95 just to log in and check my email. That's just highway robbery.

Sometimes, you can connect to the airport wireless system, and usernames and passwords like "foobar" will work, but I've actually only done that trick successfully once.

So here's something fun to try. I read about this somewhere, and thought it would be a lot harder to do than it was. Turns out it worked like a charm, was easy to do, and I haven't got the slightest moral compunctions about doing it, for reasons which I shall explain below.

Okay, when you get that page that charges you $7.95, how does it authenticate you? Usually, by your wireless card's MAC address. And what do you do with that connection? You check your email, you answer it maybe, perhaps you surf the empeg BBS for 5 minutes, then your plane starts boarding and you have to shut down your laptop. You've still got an hour and a half of time left on that $7.95, and it's sitting there unused, like a parking meter with time left after you've pulled out of the parking spot.

I have no compunctions about grabbing that parking spot with time left on the meter. Do you? Here's how to do the 802.11 ethernet equivalent of snagging the parking spot (windows XP directions given):

- Before you leave on your trip, copy the ethereal installer to your laptop's hard disk. (And the installer for the Winpcap driver if ethereal still needs it to function... I have an older version of ethereal, I dunno if they've streamlined the product lately or not.)

- Connect to the wireless router.

- Surf to any web page so that the "enter your credit card number" screen appears.

- Install Winpcap and Ethereal. Packet sniff the wireless card for a moment. Promiscuous mode, with name-resolution turned off.

- Sort the data by Source Address.

- Some of those addresses will be MAC addresses instead of IP addresses. Copy them down.

- Supposedly, you're supposed to keep sniffing until you stop seeing one of those addresses, thus indicating that they've finished using their connection and the parking spot is now empty. I was in a hurry, and actually just went straight on to the next step, and I'm hoping to discuss the potential repercussions of doing this later in the thread.

- Go to your 802.11 card's advanced properties, and where the property of "Network address" says "Not Present", change it to one of the MAC addresses you just copied down. On my network card, I had to remove the colons and put it in uppercase, yours may be different. (Note: Some network cards don't have this option in their driver. There are supposedly third party tools that will help you spoof your mac address in that case. I never needed to try them.)

- The icon on the task bar will disappear and reappear, indicating that XP has reset the network card and is obtaining a new DHCP address. When it indicates it's connected, try surfing and see if you still get the payment options screen. If not, try another MAC address in the wireless card's properties.

- Lather, rinse, repeat until you get a working connection.


I did this in the Detroit airport yesterday, and it literally took me about three minutes to do, and that's counting the time it took me to install Winpcap and Ethereal.

Now, the first MAC address I tried didn't work. I'm assuming that was someone who tried to surf but didn't pay for the service. The second MAC address worked spotty, with timeouts and broken connections. Lots of red X's where graphics were supposed to be. I'm assuming this was someone who was still using the connection, and our browsers were fighting over who gets to keep the returned packets. I disconnected this and tried a third MAC address, which worked perfectly and with no lost data. I'm assuming this was someone who had just shut down, or at least had stopped surfing at that moment.

So does anyone have any better idea of what would happen if I used the MAC address of an existing, active user? Would it behave like the second address I tried in my example above?

Tony that is an excellent hack! Thanks!

Yup, your suspicions are correct on the poorly loading pages. When I was in middle school when they rolled out The Internet, the Novel consultant configured every last machine in the library with the same IP address and had exactly the same symptoms. I fixed it in short order. Eventually they hired me to help, but I still didn't get paid half as much as the Novel consultant.

Matthew

Mmn... and I'll be at an airport next month ;-) The thoughts have gone through my head about this sort of thing, but I am rarely around those sorts of places.

Another idea is that if the hotspot has fully open DNS then you can tunnel over that.

I suppose this all works on the assumption that you don't 'log out' of whatever service you're using after you've finished before some prick tries to hop on your connection.

Ah right, never come across ones like that. They've always had a login/countdown timer/logout procedure.

Very useful if you use it regularly for short periods like I used to when I had weekly visits to London and spent a lot of time in stations waiting for trains. I could make £10's worth of access last several weeks.

This scenario is like using the rest of somebody's 1hr parking ticket when they have only used 20 minutes of it. Except rather than them handing it to you as they leave, you are picking it out the bin

Aw, man. Novell "professionals" were the worst. I had several similar experiences telling them how to do their jobs, and them getting paid beaucoup money for my work.

Isn't that tantamount to stealing?

There's a fairly simple counter-measure to prevent this sort of theft: they could pop up an SSL-based browser window on the corner of your computer that phones home once per minute. Once the window is closed, the connection is terminated. They do something vaguely like this with NoCatAuth.

As to the ethics of the hijack... you're on your own with that one. I figure market forces will eventually correct the situation. If you're the hard-charging business traveller, you'll shell out for a nationwide cellular data card (maybe $70/month, for all you can eat). So long as that's cheaper than airport wireless, the business traveller will go with the cellular solution.

That leaves people for whom the wireless is non-essential, and they'll vote with their feet.

It's a bit of a special case by normal american thinking: where's the victim? The girl who just shut off her machine to board the plane isn't losing anything. The wireless provider has already been paid for the full access interval.. no victim, not really a moral crime.

From what was mentioned in the "How to" thread it sounds like she would be allowed back on but the system would not operate correctly. Your example is the same one I was thinking of......a user that has paid and has stopped using for some reason and than wishes to log back on.

OK, here is my take....

I'm all for getting stuff for free, but I also believe that if you want something bad enough and someone has been kind enough to provide it, you should stump up the cash.

In my opinion what Tony desribes here is a crime, I'm not worried about who is the victim, all I know is if I wanted WiFi at the airport that badly and someone has put in place that service, however faceless and highly priced it may be, they the asking price should be paid in full.

Put yourselves in the place of the people who have set up the service, imagine if you made your living that way, I think you would see it differently. It's people abusing the service, which again in my opinion Tony was, that keep the price high, can everyone remember how expensive mobile calls were?

The same goes for the music argument, I download music I admit that, but I also buy the stuff I really like, I'm not stupid enough to buy music I will never listen to again, and I may wait until the price comes down but I do buy it. People make their living from it, and should be rewarded if they do it well.

How would you feel if someone parked on your drive while you were out at work without asking? I mean you weren't using it, but does it make it right for me to? I don't think so.

Cheers

Cris.

Or a similar case - in London, a day ticket is often cheaper than the commute cost, so you regularly see people giving away their ticket for free once they have made their final journey of the day. Technically wrong, but morally right:-)