Computers & Mobile Technology

One of the frustrating things about traveling is the obligatory pay-wireless that so many hotels and airports provide. If you check your mail at the airport and again at the hotel, it’s pretty easy to run up charges equivalent to a month’s worth of broadband, not to mention that you have to give your credit card to an unknown access provider affiliate.

There are two traditional ways of getting around the captive portal: tunneling IP over DNS and tunneling IP over ICMP.

In most situations, the firewall will be set up to block or proxy all TCP traffic, and all HTTP requests are redirected to the authentication server that wants you to enter a credit card. DNS lookups and ICMP traffic (ping, for example) are quite often left untouched, however, allowing you to use these services to move data through a remote computer under your control.

The basic setup is the same for both scenarios, and you can use the same server as a DNS and ICMP proxy. All you’ll need is a public DNS server that you can manage and another server with a static IP that you can access remotely. Thomer Gil has written two excellent howtos, one for using NSTX (IP-over-DNS), and the other for using ICMPTX (IP-over-ICMP). Follow the guides, install and configure the two packages, and you can get free access in a pinch from just about anywhere.

NSTX (IP-over-DNS) HOWTO
ICMPTX (IP-over-ICMP) HOWTO

72 thoughts on “Getting free wireless in airports and hotels

  1. One of the frustrating things about traveling is having to pay a lot for rental cars. In this article, we take a look at ways to “borrow” (wink-wink) rental cars using “keys” made from coat hangers and screwdrivers. Learn how to switch license plates to frustrate authorities.

    I’m more and more disappointed with Make every few months, when another one of these comes out.

    1. While I can agree with you in sentiment, it’s still a nice hack to be aware. There are reasons for doing such things other than ‘stealing’ broadband access. Restrictive corporate firewalls, ISP proxying, etc. If you’re so disappointed, read something else. Most of us don’t give a crap about your feelings on a given article.

      1. what i think he’s saying is the technology isn’t the crime here (read blog posting)his problem is the title and content of the posting.

        it specifically says “how to get something that is usually charged a fee, for free”

        it’s an ethical grey area (aren’t they all?) but it’s still there.

        i’m sure that if the post was re-worded to say just the content and not the application, maybe a off-site link for the application would satisfy him.

        MAKE: is usually about making things, this is actually promoting circumventing a digital signal which is a violation of the DMCA and the Patriot act. and don’t get me started on those. i’m going to keep my opinions on those to myself.

        feel free to respond to me directly if you really want my opinion. lunaciesofhim (G)mail

        1. This is not a violation of the DMCA. Nothing is being cracked, and digital rights management is not being circumvented to access the underlying MEDIA.

          And even jaywalking is a violation of the Patriot act.

    2. @Anon
      Sorry you’re disappointing with the site. What would you like to see on the site that you aren’t seeing? And please be as specific as possible. We’d appreciate the input.

    3. seriosuly, this is stealing. and “There are reasons for doing such things other than ‘stealing’ broadband access. Restrictive corporate firewalls, ISP proxying, etc.”

      those are just digital versions of OTHER broken laws.

      if you are not allowed to be there, and you go there anyway (broadband, or on foot) that is trespassing.

      why not show things on how to steal a car, or p2p music?
      it is the same thing.

      just because you CAN do it, does not mean it SHOULD be done.

      heck, why not next week, we show how to splice into someone else’s cable, so you can get cable for free?

      and how to get electricity from other people for free?

      and water?

      why is stealing broadband, just fine?

    4. Anonymous – sorry to hear you’re disappointed with this. To me (and I hope at least a few others), it’s very interesting that you can wrap IP traffic inside of a series of DNS queries or ICMP traffic. It’s a clever, non-trivial solution to a challenging problem, regardless of the ethics of using the tool to get free internet access. How would you feel about using this technology in a library, school, corporate, or government network to skirt firewall rules which restrict or censor information? The decision to use this tool, like anything else, is a question that will have to be answered by the best judgement of each reader.

      1. “How would you feel about using this technology in a library, school, corporate, or government network to skirt firewall rules which restrict or censor information?”

        With respect to firewalls, I wonder how often this “hack” actually works. A firewall administrator can safely drop every outbound ICMP packet in this environment, and many probably do, because it’s low hanging security fruit. A reasonable set of firewall rules would probably also block DNS requests headed to the outside world that didn’t originate from an internal DNS server.

        Also, anything that’s even remotely IDS-like (either a firewall that’s doing packet inspection or a proper IDS) is probably going to drop all these bogus packets on the floor, or at least alert the network admins that something fishy is going on so they can implement the firewall rules in the previous paragraph.

  2. One trick I’ve used sometimes works. Depends on the forethought of the IT people.

    Often times when you log connect to pay Wi-Fi, you get redirected to the transaction website. Unknowing web admin don’t turn off most server’s ability to act as a proxy. Get the IP address of the external (it’s be really screwed up if an internal transaction web server gave you free access, but it is possible) transaction web site, and set that as your proxy info in your browser. Sometimes airports will also allow access to an external tourism website that can act as your proxy, as this may not be under the control of the wireless admin.

  3. Knowing HOW to do something and actually doing it are two different things. Don’t stop the flow of information just because it can be used for illegal means. I agree that theft of services is wrong, but the information behind this is great and can be useful for other things.

  4. I like this article, and would like to see more like it.

    This is information plain and simple. I read a lot of articles like this (mostly from 2600, but I also get make). with articles like this you get to learn all kinds of programing and admin tricks. I use them to help write better and more secure programs. I’ve also taken the information and put it to legal uses also (maybe you have a need to do this at work or home for a legitement project)

    If you don’t want to steal broadband and think it’s wrong, then don’t do it. Take the info from the article and use it other ways.

    I’m sure there are many companies that would define the hardware hacking and re purposing as stealing, or least a violation of DMCA. So do we stop those articles also?

  5. I second it. 10$ for 1 hour of internet access is Stealing! Radio waves are free for all to use, you just have to be smart on how you use them. I really like this hack!

    1. I’ve never tried this and it may only work on certain networks, but an easier approach might be to use angryIP scanner and macmakeup. connect to the wireless, use angeryIP scanner to find a mac to use, then spoof your mac to match an existing user. Like I said, I have never used it and only certain setups will allow it to work, but it might be easier to try out then tunneling through another protocol.

      http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
      http://www.angryziber.com/w/Home

      Also, could you tunnel through ssh to accomplish this as well? Is that possible?

  6. Knowing how to break into a car is useful, if say you lock your keys in the car. It is not illegal to break into your own car.

    Fair enough this article targets an illegitimate use but to the extent that most people don’t go around breaking the law, this is just a useful piece of information that can be repurposed to whatever needs people find for it.

  7. I understand that there are and will always be people in the world that think that any knowledge in and of itself is dangerous and should be suppressed, as someone might use it to do something naughty.

    The real puzzler to me is, why in the F*CK are those people even reading MAKE magazine and commenting in the first place? Why are they here and how do we make them leave?

    1. interesting how you attack another for wanting to “suppress” this knowledge, while you yourself want to purge him?

      make is a blogazine read by those interested. change the internet if you don’t want “those people” reading.

      that said, neat stuff! but i agree with others that the issue is not the hack itself, but the simple fact that the author admits that the services which are the prime targets are indeed pay services.

      knowing that you can see through glass and peeping through your neighbor’s bedroom window are not the same thing.

      – isaac

  8. I really have to point out that doing this in the context suggested by the article is theft of services. And thats illegal. I wouldn’t have any concerns if a statement to the effect of ‘actually doing this on a network you do not own/control or have permission from the owner/controller to use this software may constitute theft.’ Basically my issue is that this theft is set up in the article as something that is perfectly okay to do. Please mention legalities when posting software that is easily turned to illegal uses

    That said, its really cool technology. I’m glad to see it posted (and will certainly be playing with it on my own network) as the distribution of information benefits everyone.

    Finally, to those of you who have said that charging you for hourly internet use is theft – get a clue. There is always the option of not using it. Learn a bit of Econ – if they’re charging a high price, somebody must be paying it, or they wouldn’t make money and wouldn’t offer the service. On the same note, if you steal service, you’re costing the people who run it money without compensating them. If even a small number of people, it may be enough to make them loose money. Then nobody can access the internet.

    And honestly, if I’m traveling with a computer and plan on using the internet, I budget it in. I’m already spending several hundred to be there – an additional 20 isn’t going to kill me.

  9. To everyone saying that this has reasonable applications- prove it. If you’re going to use it on a corporate network to get around limitations placed on it, how is that any better than theft of a service (of which you see value, even if it is overpriced)? Is “the price is too high” a true justification for stealing something? Internet access is not a right, which is what some people here seem to be pitching it as.

    On top of that, using protocols like DNS and ICMP for IP data is very, very inefficient. It places a lot of load on servers and routers that were not designed to deal with that type of traffic.

    But hey, if you’re backing up an article about how to steal stuff, you’re probably not too concerned with that sort of thing.

    Lots of technologies have “good” and “evil” uses. MP3, Xvid, bit torrent, you name it. Like I said, if you can come up with a TRULY legitimate use for IP over DNS or ICMP, I would like to hear it.

    1. Can I point out a use for it at this moment…no. The point is I may run across a situation where I will find it useful later.

      I’ve been in many situations where I needed a new and different approach to solve a problem. Yes this may be an inefficient use, and maybe the hardware was not designed to work this way; but if it solves a problem I’m having, then I don’t care. solutions are not always ideal.

      If I ever pull this one out of my toolbag at work to solve something; I doubt my boss will care if it’s inefficient or not as long as it works.

  10. Don’t worry about the people saying its morally wrong to post this stuff, these are the same people that say chemistry kits should only contain water and food coloring because some of the chemicals in the kit “could” be used to make a bomb. Or a book should be banned because it “could” evoke violent emotions.

    I think the correct term is thought police. Ignore them and they will tend to flock to the next moral injustice.

  11. First of all, thanks to everyone for commenting. It’s awesome to see such a thoughtful discussion. Please keep in mind a couple things to make this as productive as possible (we are makers after all):

    1. Let’s stay away from insults. Disagree and add your opinion, but keep in mind the opinions of others have a place here too. If you feel strongly about something, challenge and convert instead of condemn.

    2. Try and add something to the discussion. The points on theft of services -vs- highway robbery have been made. There’s a big grey area in between not being discussed, and there is a big realm of technical discussion that is being ignored while we focus on the heated ethical debate.

    3. Ideate and inspire. Does this hack give you any ideas about other things that could be done? Do you have a different idea for obtaining the goal of ubiquitous internet access that we haven’t explored? Please share.

    1. Regarding #2, I honestly can’t come up with much of a gray area here. The only thing I can think of is some sort of situation where a network administrator needs to get through a misconfigured router, and can’t bring down the network to fix the problem. That’s pretty esoteric though, and not that useful to most people.

      Can you name some things within this “big gray area” that don’t involve theft?

      1. Personally I don’t like to use a technological hack simply to avoid paying for something because you can, but, you asked for some ethical reasons to do this:
        1/ You book into a hotel, which advertised free internet, and that is why you chose it, when you get there it is $much per night
        2/ You use a platform which is not supported by their system, so CANNOT pay, even if you would like to (happens to me too much)
        3/ You do not have a credit card which is accepted by their system (say it is a foreign one)
        4/ You are in an airport, and someone stole your wallet, you need to contact someone who can help you
        5/ You cannot understand the instructions, because they are in Greek (please insert any other language you don’t speak here, and remember airports are common haunts for people who don’t speak the language)
        6/ The airport authority told other renters in the terminal they needed to remove their free access points so they did not conflict with the deal they signed for pay systems (not that I think this would ever happen, especially in Boston).
        7/ You pay for internet access, and then find that they have restricted ports which you require, but did not disclose this before you paid.

        Now granted, I am not claiming that the system proposed would be the BEST approach to deal with these problems, but I think they are legitimate “grey” areas, or possibly perfectly justified.

        Not intending to flame, just answer a reasonable question.

  12. Alright my question is, is it really theft? So some component was not designed to do something is it the person using the component responsibility to only use it the way it was meant to be used. Or is it the responsibility of the person selling the component to make sure it can only be used as they attended… to me if I buy a PS3 I expect the only restriction for me adding a mod chip would be trying to figure out how to open the case and install the chip, at the same time it is the operators right to restrict me from online access because my system does not meet the meaning of a product they sold as it has been modified.

    To me this is nothing more then a hole in a system and it will be plugged eventually. And to say well its different because I don’t own the access point or internet connection you would forget the fact it is being broadcasted wirelessly which belongs to no one. I am not breaking someone elses product, just sending and receiving signals as i see fit. The same way with satellite signals is it wrong to receive a signal being bombarded on you and do with it as you please? In my eyes receiving and decoding the signal is just as criminal as being bombarded with the signal without your permission.

    As long as I can see a signal I can do with it what I want, otherwise they would stop broadcasting the signal to me…..

    Call me crazy but that is my view on wireless.

    1. If the owners of the access points knew of this flaw, they would certainly want to seal this hole. Their desire is to block your access to the service, until you pay for it.

      Look at it this way. If you were to find the lock on a back door of a movie theater broken, would you consider this to be implicit consent to go in and watch movies for free? Their intent is rather obvious, they have a huge sign out front that says “tickets are $10”. Now it might be their fault that they didn’t lock that door, but it doesn’t make sneaking in to a movie through that door right.

      As for the “wireless” argument, you’re not only passively recieving signals- you are transmitting as well, and using their bandwidth. It’s not the same as a satellite signal. Wifi is a rival good, satellite is not. With satellite, or an MP3, you’re not actively preventing someone else from accessing the service (or degrading their service for that matter.) Satellite TV is completely passive, and the experience doesn’t change any if there are 1 or 1,000,000 people receiving that signal. Wifi isn’t like that. If there are enough freeloaders, the paying customers will start to suffer.

  13. “2. Try and add something to the discussion. The points on theft of services -vs- highway robbery have been made. There’s a big grey area in between not being discussed, and there is a big realm of technical discussion that is being ignored while we focus on the heated ethical debate.”

    I applaud JC for finding even a speck of grey…

    Yeah, its theft. get over it. Or at least it is when presented titled “Getting free wireless in airports and hotels”.

    As JC commented-“Can you name some things within this “big gray area” that don’t involve theft?”

    It would have been nice if the author of the article could have come up with ANY other title and/or example of using this knowledge. (@Jason- I do love the tips and ideas you present us!!!)

    Helll yes I’m gonna try it! ;)

  14. Another option is to sit outside the frequent flier club – they often have free unsecured wireless.

    Sorry, no cool technology workarounds on this one.

  15. These hacks are old news. Slow day in the news room? Covering them from the angle “How to steal wireless in airports and hotels” is weak.

    Make, for me, is about creating something from (practically) nothing and making the world a better place. Abusing a system that suckers paid for is the opposite.

    How about an article on building mesh networks in airports and hotels to share connectivity?

    1. I am sure that all of the people arguing this isn’t theft would be fine with their houses being broken into. If they really didn’t want people rummaging through their belongings, they should have known better to rely on simplistic and easily-bypassed security mechanisms like locks, keys, windows and doors.

      Next up on Make Blog:
      – How to get free telephone, cable, and internet access from your neighbors so you don’t have to pay for your own.
      – How to break into police cruisers and disable the security mechanisms – they are public property, after all!
      – How to get free music, movies, and software from BitTorrent. Have you seen the price tag on Photoshop? What a *crime*
      – How to get free food from your neighbor’s fridge with our new “deadbolt bypass” technique. Have you seen the price of milk these days?
      – How to get free clothes from your local department store by disabling those pesky RFID security tags.

      ICMP and DNS tunneling are interesting (though old) techniques with potentially useful applications, but in the security community this information is generally not published with the headline “how to steal stuff!” This does not seem like “Make” material.

  16. F*CK YO MORALS NIGGA!!
    Admin b!tches betta have that network locked up TIGHT SON!!! You can’t prove SH!T!!!
    -Dave Chapelle

Comments are closed.

Tagged