Writing

Software, technology, sysadmin war stories, and more. Feed
Tuesday, March 26, 2013

More on local-only ISPs, and an evil wifi idea

Municipal wireless access point

I've received some illuminating replies to my half-baked idea about ISPs which only give local service and transit is your problem. Victor wrote in to say that Russia has "Home Networks" where you have Ethernet service to your local community, but have to resort to PPPoE to get beyond that. This external service is metered, throttled, or both. It seems people sometimes set up local FTP servers to make the most of the fat local bandwidth. Pretty cool!

I also got a note telling me about an ISP in Wellington (NZ) which essentially did this back around 2005. They hooked you up to the interexchange point, and it was up to you to get out from there. Apparently prices weren't that bad, either - 100 Mbps service locally for NZ$130/month. That's pretty amazing, considering I can't get that kind of bandwidth to anywhere from where I live, and you can't throw a rock without hitting a co-lo around here.

Do I need that kind of bandwidth? Nope, absolutely not. I just want some way to keep Comcast on their toes. These guys usually don't start caring until someone else comes along and threatens their comfortable resting places.

WAP on a street light

This brings me to another half-baked and sort-of evil idea I had about 10 years ago. I was down in Corpus Christi (Texas) to spend a few days on the coast. At the time, the city had been installing wireless access points all over the place.

WAP above a street sign

Everywhere you looked, they had one of these boxes with two antennas sticking up. A quick scan with a laptop showed their "CCTEXAS" network with great signal coverage all over. It wasn't allowing much of the way of public access at the time, but I had an idea for how it could be used for great evil.

Imagine they're doing the typical "walled garden" thing, where you can associate with the wireless network but can't get out to the Internet. If they did it the relatively simple way I built my own wireless gateways, then it becomes possible to sling packets around on the wireless side of things. Two stations can communicate across that "fabric" without ever going out to the Internet.

Imagine if they further did some kind of bridging craziness such that a packet would magically find its way from one WAP to another across their city backbone if necessary. This might happen if they made it one single IP network for whatever reason. We used to do that with the school district wireless network, but the biggest setup was perhaps 3 WAPs. You could walk from one end of the building to another without having your IP address change or connections drop.

In our case, nobody really used that "walkabout" feature, but it was useful in fringe spots where both networks are sort-of visible but it varies, like when kids are moving around in a classroom and occasionally cause the signal from one side to drop out.

In any case, imagine this massively bridged network taken to extremes, and people looking to exchange data covertly. They could grab a laptop, use a boot CD, make up a MAC address, and use a yagi to plink a WAP somewhere relatively far away. The other person would do the same, and now they'd be using the city wireless to do their evil without ever leaving a trace.

I would hope that networks would now be designed to not let this happen, and indeed, not let "station to station" communications occur without a good reason, but my experience suggests otherwise.

Then again, perhaps this has already happened somewhere. It might be interesting to try it in a few places and see just how far things will go.