Upside Down Internet


My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun.
Split the network

I’m starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. We use the DHCP server to identify mac addresses to give out the relevant addresses.

ddns-updates off;
ddns-update-style interim;

shared-network local {

subnet *.*.*.* netmask {
range *.*.*.* *.*.*.*;
option routers *.*.*.*;
option subnet-mask;
option domain-name "XXXXX";
option domain-name-servers *.*.*.*;
deny unknown-clients;

host trusted1 {
hardware ethernet *:*:*:*:*:*;
fixed-address *.*.*.*;

subnet netmask {
option routers;
option subnet-mask;
option domain-name-servers;
allow unknown-clients;


IPtables is Fun!

Suddenly everything is kittens! It’s kitten net.

/sbin/iptables -A PREROUTING -s -p tcp -j DNAT –to-destination

For the uninitiated, this redirects all traffic to kittenwar.

For more fun, we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine.

/sbin/iptables -A PREROUTING -s -p tcp -m tcp –dport 80 -j DNAT –to-destination

That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of it’s local webserver.
The redirection script

$count = 0;
$pid = $$;
while (<>) {
chomp $_;
if ($_ =~ /(.*\.jpg)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/space/WebPages/images/$pid-$count.jpg", "$url");
system("/usr/bin/mogrify", "-flip","/space/WebPages/images/$pid-$count.jpg");
print "$pid-$count.jpg\n";
elsif ($_ =~ /(.*\.gif)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/space/WebPages/images/$pid-$count.gif", "$url");
system("/usr/bin/mogrify", "-flip","/space/WebPages/images/$pid-$count.gif");
print "$pid-$count.gif\n";

else {
print "$_\n";;

And if you replace flip with -blur 4 you get the blurry-net

original site with pictures

Leave a Reply

Your email address will not be published. Required fields are marked *