Gargoyle Forum

Hello,

I'm having difficulties using a Fon 2201 running Gargoyle to manage shared wifi in the presence of one (or more) anonymous users who are evidently quite determined to run bittorrent.

Blocking access based on MAC is not effective since the user(s) can change his/her MAC, and I'm trying to avoid setting up WPA encryption, which I expect this particular user is capable of breaking anyway. The problem worsens since my ISP now sends me copyright infringement complaints resulting from this user's behavior, threatening disconnection.

As an attempted work-around, I've set up a QoS upload and download class named "blocked," with 1Kbit/s max bw and 1% max percentage, and I've associated all P2P-related L7 filters to this class. This is somewhat effective, but I can still see some P2P traffic bleeding thru, and attempts at large P2P downloads cause spontaneous reboots, presumably from the QoS queues eating up all available RAM.

Instead of delegating P2P traffic down to lowest QoS possible, is there a line I could add to /etc/firewall.user to simply block/drop all packets that match the P2P L7 filters?

Thanks.

First, I really doubt your hacker can crack WPA2 encryption. An open access point (or one with WEP encryption, which is trivial to crack) is always going to be vulnerable. Some sophisticated attacks are being developed against WPA, but as far as I know WPA2 is still quite secure.

So, while I strongly encourage you to merely use stronger encryption, I will also answer your original question. If you insist on using L7 filters, you can block traffic by adding rules for these filters in the Firewall/Access Restrictions section.

Also, Gargoyle87 is wrong: just because your hacker could get through WPA encryption doesn't mean he could hack the router password. The Gargoyle authentication system uses sha256 hashing which is also quite secure. (Of course if you're insecurely connecting to the router by http and not https, he could snoop the password... but that's not quite the same thing as hacking it.)

The router's root password is not dictionary-based, so that is less of a vulnerability.

Also, there is actually is portal service running, since this is a semi-public shared wifi.

Besides that, my concern is not so much that the user in question is capable of breaking WPA encryption outright, but that s/he could circumvent it with a crude brute force attack. (Or since this person is a neighbor, could possibly find out the WPA password thru creative social hacks.)

Basic Googling yields not only instructions for changing your MAC, but also how to do brute force password guessing via tools like aircrack.

The strength of encryption is really not all that relevant in this situation, hence my curiosity about simply dropping P2P packets regardless of where they come from. I need some viable solution since an obnoxious neighbor is putting me in jeopardy of having the plug pulled by the ISP.

So, thank you for answering my question. I will try it out to see how things works.

Why are you avoiding setting up WPA? In my view it should be mandatory for any wireless router. There are currently no feasible brute force attacks on WPA so you have no worries there. Social engineering is another matter though... Just encrypt with WPA and your annoying neighbor will bother you no more

http://www.dd-wrt.com/wiki/index.php/Us ... te_Listing

Check that script.

I was doing google research and asking on the DD-WRT forum
as well, because I usually don't mess with iptables myself.

From some of the long timers, the most secure way to block
any P2P or torrenting is going to be to block everything,
then allow standard ports/protocols through.

You can't just block standard P2P or torrent ports, because
they advise it could be encrypted or use non-standard ports.

That's probably your best bet to disable P2P/torrenting.