StarDestroyer.Net BBS

I accidentally reflashed my neighbor's router w/ OpenWRT (unsecured, default password, accidentally left WLAN card on)... Should I just pretend nothing happened? I don't even know who he/she is or where is it, and attempting to reflash it again over the wireless is dangerous.... internet .seems to work, but the webif is different and less functional..


Anyway, I exchanged my v5 WRT54G router w/ a v4, and it's pretty sweet (more reliable than the v5, set up WPA-EAP on it- need to transfer the radius server from my real server to the router for additional reliability (server disconnects due to tripped over LAN cords kill all wireless connections))... The only thing I dislike is that OpenWRT does not come w/ an HTTPS secured web interface, and editing iptables scripts by hand is awful.

You mean you accidentally thought your neighbor's router was yours? That's a weird event..

But anyway, morally speaking you probably should, but realistically speaking...don't ask, don't tell. Their fault for making their router that insecure, if you didn't do it someone else would've killed it sometime.

BloodAngel wrote: You mean you accidentally thought your neighbor's router was yours? That's a weird event..

But anyway, morally speaking you probably should, but realistically speaking...don't ask, don't tell. Their fault for making their router that insecure, if you didn't do it someone else would've killed it sometime.

Bullshit. Leaving your front door unlocked doesn't make it your fault someone accidentaly entered your house thinking it was theirs.

Pu-239, own up to your mistake. You broke it, you fix it.

Because a router is so analogous to a house.

Alyeska wrote:

BloodAngel wrote: You mean you accidentally thought your neighbor's router was yours? That's a weird event..

But anyway, morally speaking you probably should, but realistically speaking...don't ask, don't tell. Their fault for making their router that insecure, if you didn't do it someone else would've killed it sometime.

Bullshit. Leaving your front door unlocked doesn't make it your fault someone accidentaly entered your house thinking it was theirs.

Pu-239, own up to your mistake. You broke it, you fix it.

Uh, I can't- I don't even know who's it is. There are many different neighbors in the area. If I knew I'd have notified them ages ago about having an unsecured network in the first place (although there are asswipes who will think you've been hacking their network and press charges from another thread on this board...).

Should I go ahead and try reflashing it anyway, and risk bricking it?

It looks like some other idiot has set up yet another unsecured AP up... at least 6 unsecured in the area.

And the house scenario is pretty farfetched, since the houses must be in physically different locations.

Don't suppose they're running remote desktop, or linux with ssh? You could try logging into one of the clients, uploading the file then fixing it from there.

Are there any legal concerns about this situation, perchance?

Spyder: Nope- no access to any of the clients (and how would I know if they were wired?).

Not sure if it's even safe to upload a new flash over the OpenWRT web interface (right now they probably could care less, since most people don't bother enabling or even knowing what port forwarding and all the other settings are - they will notice if an attempt to reflash bricks it). I'm rather reluctant to attempt reflashing w/o physical access.

Apparently there is an option to download it to the RAM of the router and flash it from there, but then there may still be the bricking risks of me doing something stupid and flashing the wrong version in (I believe the firmware version was 4.20.6, since I checked mine in order to attempt to TFTP it over, which failed, which was when I used the web interface which caused this).
Should I just try this?

I suppose my options are:
A- Leave as is- it still works as an AP. If he/she notices, it can be flashable from the web interface (not sure how OpenWRT handles UPNP- checked the NVRAM, but it seems to have some stuff regarding that in it).

B- Attempt to reflash, and if that fails do C. Has a chance of needing to do C, and if that can't be done, he/she is even more fucked than if A was done.

C- contact my two immediately adjacent neighbors and attempt to explain to them (one of them already has somewhat of a grudge though against my extended family) immediately (it'd be somewhat odd to contact any of the others since I don't know them). Also, this opens up a legal can of worms, from what I gather from other postings about irate computer illiterates who think you are hacking and stealing whatever.

Pu-239 wrote:Spyder: Nope- no access to any of the clients (and how would I know if they were wired?).

Not sure if it's even safe to upload a new flash over the OpenWRT web interface (right now they probably could care less, since most people don't bother enabling or even knowing what port forwarding and all the other settings are - they will notice if an attempt to reflash bricks it). I'm rather reluctant to attempt reflashing w/o physical access.

Apparently there is an option to download it to the RAM of the router and flash it from there, but then there may still be the bricking risks of me doing something stupid and flashing the wrong version in (I believe the firmware version was 4.20.6, since I checked mine in order to attempt to TFTP it over, which failed, which was when I used the web interface which caused this).
Should I just try this?

I suppose my options are:
A- Leave as is- it still works for it's purpose of acting as an AP for the internet.

B- Attempt to reflash, and if that fails do C. Has a decent chance of needing to do C, and if that can't be done, he/she is even more fucked than if A was done.

C- contact my two immediately adjacent neighbors and attempt to explain to them (one of them already has somewhat of a grudge though against my extended family) immediately (it'd be somewhat odd to contact any of the others since I don't know them). Also, this opens up a legal can of worms, from what I gather from other postings about irate computer illiterates who think you are hacking and stealing whatever.

To be safe choose number A

You can get into plenty of trubble othervise.

Pu-239 wrote:Spyder: Nope- no access to any of the clients (and how would I know if they were wired?).

Ah, good point. If they're newbies chances are none of them are wired.

Anyway, this may be a situation in which doing the right thing may require some deceit on your part.

Rather then tell your neighbors that you broke into their routers, simply tell them that someone in the area is running an unsecured wireless internet connection.

Non newbie response: "Oh shit, that's me. Thanks for the head's up."
Non newbie goes to fix his router, discovers that it needs reflashing, fixes it himself.

Newbie response: "I've got this thing that sends internet to my laptop, is that what you're talking about? There's something wrong with it though..."

Then you explain how having it the way it is means that anyone in the neighborhood could be using it which could cost him money.

"I don't really know how."

Offer to show him, say it won't take a second. If he agrees take a look at it "Hey what do you know, it needs reflashing. Good thing I stopped by..."

Now you're a hero going from door to door fixing people's routers and ridding them of pesky bandwidth theifs.

Spyder wrote:

Pu-239 wrote:Spyder: Nope- no access to any of the clients (and how would I know if they were wired?).

Ah, good point. If they're newbies chances are none of them are wired.

Anyway, this may be a situation in which doing the right thing may require some deceit on your part.

Rather then tell your neighbors that you broke into their routers, simply tell them that someone in the area is running an unsecured wireless internet connection.

Non newbie response: "Oh shit, that's me. Thanks for the head's up."
Non newbie goes to fix his router, discovers that it needs reflashing, fixes it himself.

Newbie response: "I've got this thing that sends internet to my laptop, is that what you're talking about? There's something wrong with it though..."

Then you explain how having it the way it is means that anyone in the neighborhood could be using it which could cost him money.

"I don't really know how."

Offer to show him, say it won't take a second. If he agrees take a look at it "Hey what do you know, it needs reflashing. Good thing I stopped by..."

Now you're a hero going from door to door fixing people's routers and ridding them of pesky bandwidth theifs.

Good idea... however I've usually had difficulty convincing people to secure their networks- most simply express apathy (don't care if people steal bandwidth, believe that most people won't be malicious or f*ck something up, etc.). Anyway, broadband here is universally Cox (no DSL), and so it's flat rate anyway and doesn't cost them money, although there is a loosely enforced upload cap. I suppose one could claim theres the possiblity of creeps looking up illegal stuff...

People in the area are also leery of letting strangers in the house (I only know 3 of my neighbors- I might talk to them and ignore the rest - there has been a robbery earlier this year in the next townhouse unit. Also my sister is one of the bandwidth leachers... (sometimes uses it for large items instead of using our own due to aforementioned cap), so me getting it shut off will get me in trouble (although then she'll have no way of not paying half the cable bill if she doesn't feel like it, which is a good thing)).

The response to "I don't really care" is "ok". I consider that an acceptable resolution.

Alyeska wrote:Pu-239, own up to your mistake. You broke it, you fix it.

That is why I put the whole suggestion under "realistically"; if Pu-239's neighbors happen to be the obstinate kind, they will just hear "I broke your router," and not "sorry, I can help fix it."

It's a really big risk. Regrettable that such an event occurred, but trouble has to be avoided.

That wasn't me, was it? Cause I got a Wireless Netgear, I live in Virginia, in an area where DSL is scarce (I was lucky to be in the range of DSL, barely.),

You don't happen to be in my area do you?

Just Kidding.

Anyways, Spyders suggestion seems to be the best.

Davis 51 wrote:That wasn't me, was it? Cause I got a Wireless Netgear, I live in Virginia, in an area where DSL is scarce (I was lucky to be in the range of DSL, barely.),

You don't happen to be in my area do you?

Just Kidding.

Anyways, Spyders suggestion seems to be the best.

Actually, I do live in VA (there are two unsecured NETGEARs btw in the neighborhood).

But it was a Linksys.