Info About Unsecured Access Point

Some resident in the vicinity is running an unsecured access point and we can get all the usual services (nntp, http, smtp, etc.).

At first.

Then we find that the services are blocked: no smtp or nntp. When we get on the web browswer, we see activity to retrieve the page, but then we see a web page rendered from Comcast (clearly their ISP) in which the user of the host is to authenticate the host, IP assigned by DHCP. The authentication apparently involves downloading software (which we are unable to do!) and probably filling out a username/password (which we create? or one given by Comcast?).

We find that when we disable the adapter and/or "repair" the connection, or perhaps just after some timeout, we don't get the interception of the Comcast web page and we get the resumption of services. This blocking and unblocking of access to services cycles back and forth.

We are curious why it behaves like this. Why wouldn't the Comcast ISP block service all the time to the "unauthenticated" host? Is the Comcast- provided software providing some sort of bit setting in the packet headers in the client before assembling the packet?

Reply to
Seni Seven
Loading thread data ...

So what you are basically saying is that while stealing service from someone who is not smart enough to lock thier door you are occasionally being blocked by the service provider. My suggestion would be to pay for your own service and not steal from someone else.

Reply to
kbloch2001

Do you have permission to use their "open" access point? Is there any indication that it's available for your use, such as an SSID of "free wireless" or something similar? If not, get permission before continuing. Usually, what happens is that they ask for some small conribution to subsidize their internet connection.

All good things must come to an end.

Chuckle. Let me guess(tm).... It doesn't matter what web page you select, you always get the same Comcast web page that wants you to download the activation program? Sound familiar? (Sorry, but I'm too lazy to dig out the exact URL).

Well, what possibly (not sure) that means is that your victim didn't pay their bill for some extended period and Comcast has pulled the plug on them. If they want to continue service, they have to reapply and reactivate using that web page.

Yeah, you can bypass the page by selecting your own DNS server, but Comcast eventually catched on and blocks the MAC address until you phone them.

I think (not sure) that "unathenticated" means "didn't pay the bill".

Reply to
Jeff Liebermann

Jeff Liebermann wrote in alt.internet.wireless:

No, you didn't understand what is happening.

At times we are able to get access, often when first connecting to the network, or when we make an effort disconnect and then re-connect. In fact, this post is being made from the connection...once I juggle it open again.

If the bill is not paid, then there should never be a moment when we can gain access to the service except to that Comcast authentication page. But we do get access to the services, and then as if there is some arbitrary timeout on the access, we start seeing all services blocked and if we get on an http client, we see the web page.

By the way, we are all in temporary living situations until 1 September and don't want to sign up with anyone bringing fiber/wire/cable to the residence until we get more permanently situated. However, there is this one service called "Instaconnect" and it seems they have a rather weak signal. I might sign up at $40 a month for a month if this service is reliable and/or has a good reputation. Any thoughts?

Reply to
Seni Seven

Seni Seven hath wroth:

True. I did some guessing as to what was happening.

Such connect/disconnect exercises are typical of either a low signal level, interference, or both. How's your signal level and signal quality (SNR)? If it's a really far away connection, you'll probably have problems staying connected.

Try a simple continuous ping test to the cable router. Ideally, it should be a fairly low latency (about 2-8 msec) depending on range and hardware. However, it should also be exactly the same latency for every packet. Any increases above a base value is indicative of packet loss. In extreme cases, you'll see a "no response" message.

I just tried the signup page and found that it had changed. It formerly went directly to the signup page, but that now only seems to work inside the Comcast network. From outside, it asks for a long and password. Try:

Is that the page you're seeing?

See my previous comments on the signup page. If you're getting this page, it's because the Comcast DNS server it redirect all your DNS lookups to one specific IP address (68.87.66.135). That's not normal. However, I can't deduce exactly what's happening without the cooperation of the owner of your borrowed connection.

Bummer. Getting temporary broadband service is a problem. There are some services that offer monthly contracts, but they want a big chunk up front and generally charge too much.

These people?

I don't know anything about them. Also, their web server seems to be comatose. The weak signal is going to be a problem. Got a big 24dBi dish available? Most wireless ISP operators will loan you a test login to see if it's going to work.

Reply to
Jeff Liebermann

Jeff Liebermann wrote in alt.internet.wireless:

The report is a 25-30% signal with a 75-85% link quality, with the software used by the Airlink 101 device.

C:\\Documents and Settings\\user>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : Belkin IP Address. . . . . . . . . . . . : 192.168.2.74 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1

C:\\Documents and Settings\\user>ping 192.168.2.1

Pinging 192.168.2.1 with 32 bytes of data:

Reply from 192.168.2.1: bytes=32 time=4ms TTL=64 Reply from 192.168.2.1: bytes=32 time=4ms TTL=64 Reply from 192.168.2.1: bytes=32 time=3ms TTL=64 Reply from 192.168.2.1: bytes=32 time=4ms TTL=64

Ping statistics for 192.168.2.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 4ms, Average = 3ms

What do you think?

No, the URL is actually the same as we enter it. But instead of the content of the URL, Comcast inserts a page that it describes as an "installation process" and that new customers will download install software and create an email address and password and activate the account, whereas existing customers are asked to just follow instructions. Anyone who reads the page must turn off firewalls, virus protection, and popup blocking software and download the software. I tried downloading it---the link is which is clearly not valid outside this intranet---but could not get the target object---no download. Again, you see the download-this-install-exe page, but the string of the URL is actually the string of the page you entered into the URL address entry box, the content you wanted.

Without the ability to triangulate the transmission signal of the access point, we don't even know which direction the residents of the house live in. However we know the first names of the girls who operate the access point: they used them to make their SSID. We only need to knock on the doors of several dozen homes.

This Instaconnect service charges as low as $28 a month for a 12-month contract, $40 month-to-month. But as I check now the detectable networks, it does not register as I sit on the 1st floor of the townhouse. I probably might see it in the upstairs room, but then who will pay for an intermittent network signal?

I see no offer of a trial here. Perhaps that in itself is a sign.

Reply to
Seni Seven

Seni Seven hath wroth:

The signal seems on the weak side, but the link quality is quite good. I forgot to ask at what wireless speed are you connecting? That's a good indication of signal quality. A low signal level or interference will cause the speed to drop. My guess(tm) is that anything over

9Mbit/sec is acceptable.

Well, it's difficult to tell from just 4 pings. However, it looks quite good so far. Try running ping for a minute or two continuously: ping -t 192.168.2.1 C to stop. Try to get a feel for how consistent the signal remains. Also try it when the connection switches over to the Comcast web site.

Yep. That's an internal URL setup by the cable modem/router. It gets expanded to something like: cdn.sanjose.ca.sanfran.comcast.net You might enjoy reading this mess:

Like I mumbled... Comcast thinks the modem is not registered or the cutomer hasn't paid the bill.

Ok, got it. My 2nd guess(tm) is that when you get that URL, it means that the modem has either deregistered from the CMTS or some kind of connection or authentication problem. Probably connection because the http://cdn/ did NOT get expanded by the Comcast DNS server into the full URL, which is why clicking on download, doesn't do anything.

Well, you could at least make the attempt. Grab a laptop and directional antenna or reflector and take some bearings from different locations. Where they cross is the likely location. If it's a big apartment building, you already have the names which should help.

Well, I don't think you're expected to be able to roam around the house with such a distant and weak signal. However, a big dish antenna and a local wireless ethernet bridge, should produce a much better signal. If you can pick up anything with an inside laptop, you should be able to do much better with an outside antenna.

Call or write them. The usual line is that you want to try their service but you're not sure you can maintain a connection. You won't get a 30 day free trial. More like a few days to test if you need a better antenna or antenna location.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.