When my son was younger - maybe 9 or 10 or so, we were on a plane and he was using his phone and I looked over his shoulder and realized he was on the internet... but I hadn't paid for an internet plan. I said, "son, how are you using the internet?" He said, "oh, a kid at school showed me - if you go here" (he opened up the wifi settings where the DHCP assigned IP address is) "and start changing the numbers, eventually the internet will work." Apparently, at the time, on American Airlines, when somebody bought and paid for an internet plan, it gave them an IP address and authorized it to use the internet... if somebody else guessed your IP address (which was pretty easy, it was a 192.168 address) and spoofed it, they could take over your internet connection with no further authorization.
I had to tell him not to do that, but I was kind of proud of him for having the temerity to go for it.
lol, I used to do this all the time at non-free wifi hotspot locations, only I'd start off with a ping sweep of the entire subnet (nmap -sP) in order to get my ARP cache filled with a bunch of potential usable IP/mac addresses on the network. From there, I'd iterate through each one and set the IP & mac address until I found one that would let me through the firewall.
Granted, being a NOC engineer at Wayport (now AT&T WiFi) certainly helped me understand how it all works.
Yes the key to doing this more seamlessly is to spoof both the IP and the MAC so your machines are not constantly fighting with the other person over the ARP table entry.
Its wifi. You both just pick up the same frame when it is broadcast, then it sees two stations (a level below IP) with the same MAC. Most routers just don't care about that. (it's technically a valid edge case that two stations have the same mac address. It should be vanishingly rare in the wild ... but this is a practical example of why it isn't).
I once bought a cheap Bluetooth dongle from China. Its MAC address was 11:11:11:11:11:11
Obviously there are now a lot of bluetooth dongles in the wild with the same MAC address.
If STP[1] is enabled, but that is unlikely since you'd have dropped connections when roaming for the reasons you just gave. Most likely, STP is not enabled on these networks.
A switched port learns the Mac address for packets sent into it. If port 1 sends a packet with Mac a, the switch associates that address (a) to port 1. When another node sends a packet onto another port with the same mac, say on port 2, the switch will move the learned address a to port 2 and remove it from port 1.
When a switch has learned a mac address all traffic destined to that traffic would be immediately switched to that port. If the switch has no record for that specific mac address it floods all ports except the ingress port. This is expensive and means other devices receive traffic that isn't intended for them so they waste time dropping it.
So in networks that have no protections against those attacks then this could very well be a problem if there are multiple access points and the two nodes are on different access points.
Except that this is a normal thing on wireless networks. A station may roam many times within a few minutes, and due to reflections, may even be in more than one place at a time.
> As a general rule, reset (RST) is sent whenever a segment arrives that apparently is not intended for the current connection. A reset must not be sent if it is not clear that this is the case. There are three groups of states:
> 1. If the connection does not exist (CLOSED), then a reset is sent in response to any incoming segment except another reset. A SYN segment that does not match an existing connection is rejected by this means.
It's possible for a node to be configured not to do this, but this is the default behavior.
"everything works fine" might be overstating a bit, but what happens to packets you weren't expecting when you don't have a connection open for them to go into? They probably get ignored by the network stack.
Worst case scenario, the router/service endpoint sees your connection responses and the other party's strange NACK responses, but I honestly don't know enough about how it works to say "everything works fine"
I'd guess that connectionless protocols will work fine and connected protocols will also work fine. The truth is probably YMMV by protocol, but there is truly no way for the wifi router to detect this is happening or isolate the redundant stations - it's an unencrypted broadcast. The only way this goes sideways is if a connection protocol is engineered to make it go sideways when you try to do that.
I'm pretty sure that any such protocol which succumbs to any unencrypted (or incorrectly keyed) traffic that isn't from the designated counterparty is insecure to begin with. It should be resilient against DoS, so most protocols aren't going to have that vulnerability. Again, I'm guessing, but I'd hope.
I imagine this can only possibly work with unencrypted WiFi.
Still boggles my mind that WiFi clients don't establish an encryption key with the AP and encrypted their traffic even without a shared secret. Yes, that means you can't authenticate the AP, but it would still protect against passive snooping.
Time to consider instead: walk through the plane, look angrily at the other passengers, one at a time, asking: "Do you use 192.168.x.y?". That can solve the problem
If any lawyers or FAA employees are reading this I’m genuinely interested in what, if any, legal implications there would be for running nmap mid flight on an airline. Surely once you have spoofed the MAC address and IP of another passenger to gain unauthorized access to the planes LAN you have committed a crime but what about passively scanning?
I used to do this on airplanes and in hotels. I had more success in hotels, because there was less chance the other person was using it at the time and less chance of getting kicked off.
There was another little hack that I used as a little kid. Remember when airlines would sell or rent special headphones to watch inflight movies? The port was just two holes beside each other and the plug was two tubes. Before a flight, I would stop by one of the fast food places in the terminal and grab a handful of straws (preferably ones with a bendy joint). When I was on the plane I would connect the straws by fitting them into each other to create a long straw. Put one end into the port on and the other into your ear and you got free movies with audio!
Interesting that I have only flown once since 9/11. Almost all of my flying took place in the three decades prior, so the pneumatic headsets are the only ones I remember.
A few years ago I was on a Southwest flight and had OpenVPN running because I forgot to turn it off. I was able to access the Internet through my tunnel without paying for access. I guess at the time they were only port blocking common ports (80, 443, 53 etc) if you didn't pay. They have since closed that hole.
For this same reason you used to be able to send messages via platforms like whatsapp without internet as well! I don't remember the airline I just remember I hadn't paid for internet but I could message and do a few other things but I couldn't browse the internet.
That was probably deliberate. I flew United recently and they advertised free wifi for certain messaging apps, or you could pay to access more apps or the general internet.
I also flew united recently and, in addition to the free messaging access, they also provided free access to the inflight entertainment, in case you wanted to watch it on your device instead of on the screen.
I would have loved to take advantage of this since my wireless earbuds were significantly better than the wired pair I had. Unfortunately, a little pop-up warned me that this was not available on Android 13 devices. I was more than a little annoyed, but also curious as to why this might have been the case.
Here's my hack for United's free messaging. Works on iOS, and makes the flight more useful than before, but not as good as paid internet.
Messaging and Notifications basically follow the same protocol. Even though I usually have notifications disabled, I go and activate it for anything I care about - News, Weather, Slack, Whatsapp (yes I have that silenced). Every single message pops up as a notification. Could be bank alert, Ring alert, homekit alert, whatever ... it just shows. So you can keep tab on things you care about, and if you are really needed, well you can pay and get on the full Wifi. And anyways you can iMessage to communicate if needed.
I had a mosh connection open before I got on my last United flight and was able to use it the whole time. Seemed to me the free messaging/inflight entertainment tier doesn't block arbitrary UDP packets at all.
I flew United recently, and I was able to use the free messaging service for basically everything without any intervention from my part. It's just a tad slow. Not sure if it was intended or not.
There was a report in the early to mid-2000s where someone got iChat AV to work, partly because it was fairly obscure and likely the network engineers didn’t consider blocking it.
KLM and United for sure have free in-flight messaging (at least as of a few days ago, the last time I used them).
It's interesting what does and doesn't go through. e.g. Facebook notifications update, but not the content. I guess that's because they use the same channel as FB Messenger.
The state of "open Wi-Fi" security is actually really sad. I'm not aware of an easy way for the airline to actually do better than this!
I suppose they could use Opportunistic Wireless Encryption [1] and bind session authentication to that (i.e. authenticate a given OWE session, not a given MAC address) if the device supports it, as at least modern Apple devices do? But I have no idea how stable an OWE session is; it would be very inconvenient to have to login again every time my device switches between access points.
In any case, I'm sad that this isn't a solved problem yet, and paid Wi-Fi (as well as securing free Wi-Fi) still requires custom and clunky solutions like unreliable captive portals that need to pass through selective traffic (e.g. for 3DS, for payments, sometimes emails for password reset codes etc and more).
A standardized endpoint and API would also be nice, i.e. something to tell the client whether it's connected, restricted (i.e. able to only access a limited set of hosts such as the in-flight map as described in the article), or needs to pay/authenticate (and if so, at which URL). This could then yield an authentication token, to be provided for seamless reconnections for the same session.
There's "Hotspot 2.0" and WPA-EAP (i.e. WPA Enterprise), but these don't really have a good story for "pay via web portal" style usages and are more geared towards wireless carrier operated hotspot networks and corporate scenarios, respectively.
In cases where the Wi-Fi is provided as a value-add or is bought via another channel than the Wi-Fi network itself, I think you can just generate one-time WPA Enterprise credentials, with a QR code to facilitate data entry?
In case of in-flight Wi-Fi, the credentials/QR code can be printed on the boarding pass, or available in the app (the app caches it in advance while it's still on the ground, so when in the air you can use those credentials to connect).
This doesn't cover 100% of use-cases but it would at least cover a big one (a significant amount of public Wi-Fi is "value add" to another service - whether restaurants, hotels, flights, etc where there's an existing channel to provide one-off wi-Fi credentials over), it's a shame nobody deploys this.
I think you could even take this one step further: Have a captive portal on an unencrypted channel (using TLS obviously) to do the vending, so that the credentials don’t need to be purchased before the flight.
Oh, these are neat ideas, I hadn’t thought of that!
One concern might be expiring access credentials (not sure if most OSes will re-prompt for a new password or just give up), but you could just make the EAP credentials per-user instead and redirect users to the captive portal again once needed.
This leaves clients not supporting WPA-EAP, but these could just continue using the regular unencrypted/MAC-authenticated service.
That’s what Passpoint (aka Hotspot2)’s Online Sign Up is supposed to do. Main network is protected by WPA2/3-Enterprise (aka EAP), and there’s the OSU open network where you can get signed up and get a profile installed for the full main network. And every modern device supports EAP these days.
Well, the customer also needs to futz around with scanning a WR code, and get it from the device she scanned it on to the device she wants to use the wifi on (if they ain't the same.)
Though you could route around these problems, but giving them both a scannable code, and underneath some credentials as plain text they could type.
What if the captive portal just had a link (or on an IFE screen, a QR code) that connected your phone to a different, WPA2/WPA3 protected, hidden WiFi SSID that was generated exclusively for you? Phones nowadays support joining a passphrase protected WiFi AP via a QR code, so I'd imagine that's doable. The hard part would be finding routers that support >300 different hidden SSIDs, but honestly I would hope that that is technically feasible nowadays.
That way you'd at least have the protection of the WPA GTK.
You can have an AP accepting multiple different WPA2-PSK and/or WPA3-SAE passphrases, and since on WPA2 PMK depends on the password, and on WPA3 PMK is different for each client, you can put them in different VLANs or have per PMK MAC mapping if they share the same VLAN.
This. And even if the >300 is not available, how many people actually buy Wi-Fi on the plane? That is the number of clients that need to be supported. And if that's still a problem (or you don't want to guess), the SSID can be hidden and static and the only thing non-static is the password that works for just the duration of the flight you are on.
You can always use an open network to generate passwords for the proper internet connected WPA-EAP network (along with some in-flight multimedia like some carriers do). Extra step for sure but it solves the problem.
PS: I'm a couch expert so I have no idea if there's a problem with this idea.
The first problem that comes to my mind--clients will remember both wifi networks and may continue to choose the open network when e.g. waking from sleep.
The user can go in and forget the open network of course, but most won't know to do that.
QR code to connect to the _open_ but _hidden_ SSID. Instructs user to join WPA-EAP with supplied credentials once they've paid. Remains available to connect via QR in case customer somehow misplaced creds but avoids auto-reconnect during scan.
Isn’t this data meant to be exposed? You can get all this flight status on the Southwest intranet when you’re connected to WiFi as part of the flight status page.
This hack just goes a step further to plot the data over time.
The concern isn’t access to the flight status data (or even your data, which is most likely encrypted these days), but theft of service you paid for, by another passenger on the flight (you would probably at least get kicked out/experience issues with your own connectivity, and might worst-case be blamed if something bad happens using the connection you bought).
I used to play with IP-over-DNS, which more or less worked on an awful lot of these plane wifi systems. Haven't tried it in the past couple years though; it's always slow the point of barely being usable. You can probably get your mail via IMAP if you're patient and nobody's sending you large attachments, that's about it.
There used to be an app that would scan the ip and mac addresses on the network that were already connected to the internet. You could then change your settings to one of the mac addresses and when they were done you'd get the connection to yourself.
I used to travel a lot for work and just refused to pay for WiFi. This was good in airports and coffeeshops when you still had to pay to connect.
Now it's hardly needed, but I could see how it would be helpful where there's still a cost to connect.
It’s not an app, per se, but a concept of setting your WiFi card into monitor mode and listening to the radio traffic. Kismet is one of the suites that does that.
True. I just can't recall the name of the platform I used, but it was something similar to an ip address scanner which gave me a list of all devices already connected to the network along with their mac addresses.
Love stuff like this, it's how kids get into computers. I used to make minecraft servers for my friends and I to play on when I was 12, which lead to a software engineering career. Sounds like you've got something similar on your hands
A slightly more ethical solution, for those wondering, is SSH tunneling. A lot of gated wifi networks allow SSH traffic through without payment.
I used to spend a lot of time at JFK back when they still charged for WiFi. I watched a lot of Netflix for free by just logging into my router and opening a tunnel to my VPN server.
The rule is probably something like "if !paid: deny tcp 80, deny tcp 443". (Hopefully they got UDP for HTTP/3.) I suppose this has the desired effect of captive portals (break GMail until you pay), without having to field support requests from geeks ("I paid but SSH doesn't work, refund me"). I think their plan is that whatever obscure app you're using negotiates over HTTPS, but then actually transfers the data over some other port. I bet things like Zoom work that way. By not touching the obscure data paths, you avoid support requests.
Either that, or they just felt like throwing a fellow nerd a bone. If you ask the PM, "should I block SSH" they'll say yes, but if you just put it in there, who knows ;)
Whoever set that up probably wanted it for their own use, both for easily managing the system when they need to work on it, and for themselves when they're travelling anywhere.
If I'm ever in charge of rigging up a captive portal system like this, I'm certainly going to do something similar if I can get away with it. Maybe even put a hint on how to bypass in the portal's page source. "ssh works on port 46969, don't tell anyone." > rot13 > base64 -> "cache-burst-ID: ZmZ1IGpiZXhmIGJhIGNiZWcgNDY5NjksIHFiYSdnIGdyeXkgbmFsYmFyLgo="
Honestly, I think captive portals are probably on the way out, given how good 4G/5G is these days. I am not sure what business traveler wants 10kbps hotel wifi for $30/day when their phone gets 600Mbps down and 30Mbps up.
The LAN here seems relatively small and fixed, i.e., the number of passengers on a flight is known and does not change during flight. The airline could easily assign a unique IP address to each seat (ticket) without using DHCP.
This is generally in contrast to other instances of public Wifi.
The fact that newer phones (Pixel at least) can use WiFi (client mode) as the WAN/uplink side of its hotspot stack (NAT, AP, etc.) is pretty neat. Not long ago, only the cell modem could serve in that capacity, as far as I'm aware. Frankly I'm surprised a single WLAN radio can pull that off. I pay the $8 on my phone and share it to my laptop and whatever devices my travel companion(s) might have.
Windows has been able to do exactly this since Windows 7! It's called Wireless Hosted Network[0], and if you've ever seen the "Microsoft Virtual WiFi Miniport Adapter" (Windows 7) or "Microsoft Wi-Fi Direct Virtual Adapter" (Windows 10/11) in your list of network adapters (it may be hidden), it's there specifically to enable making a hotspot while being connected to a wireless network.
> Maybe at the cost of latency because it has to switch channels back and forth?
Not necessarily. It can be a client on 2.4Ghz and an access point on 5Ghz. Even without that, if it has MIMO, then one of the antennas can be receiving 2.4Ghz while the other is sending (at least in theory, if the crosstalk between the antennas is low and the selectivity of the receiver is sufficient).
I think kids sense wrongness even when the act is deemed victimless, repercussionless, etc. -- it's pretty clear that a thing was achieved that someone tried to prevent, and undermining someone's effort is typically wrong. Tough to think like a kid, though!
Network devices forward (switch, more technically) packets to and end device based on an internal MAC table (send packets for DE:AD:BE:EF to interface ge-0/0/0.0) and most devices populate their MAC table simply by looking at input packets and sending the "next" packet for that MAC address out the "last" received interface.
If two devices in a network have the same MAC address, they will effectively "fight" for control of the packet flow. You can win that fight by sending a lot of packets.
In practice, the other person is going to get annoyed and give up.
There are lots of technology which avoid this issue now, but the two primary ones are 802.1x (used in corporate/government environments) and DHCP snooping which can be much more broadly deployed. 802.1x is very complicated and I won't go into it, but, DHCP snooping works by limiting L2 forwarding (MAC table population) to only what the DHCP server says the end device should have and it does this just by inspecting the DHCP replies (no custom protocol) with some vendor specific extensions on the DHCP server side for complex scenarios (you can even do things like put ports in a specific VLAN based on the DHCP reply).
This works fine on a physical layer and most hotels are probably using something similar now (less for malicious abusive reasons, though that's a thing) but also just to work around poorly behaving devices and to reduce customer complaints. If you care (and have a modest amount of money) MAC and IP spoofing are dead on the physical layer.
For the wifi layer, very similar stuff exists in high-end gear (Rukus/Cisco) and is starting to trickle down to prosumer level gear like unifi. If you care (and have serious cash for Rukus) MAC and IP spoofing are also dead on the wifi layer.
Fun anecdote from the early 2000's re: duplicate MACs:
Embedded IP time clock kept intermittently barfing out frames with the source MAC addresses of other devices on the network. The switch would update its MAC table and direct packets to this device. The Customer's AS/400 would kill all remote terminal sessions when the clock ended up w/ the AS/400's MAC. (They were doing a layer 2-based connection to the AS/400-- APPN, I believe it was called... Ugh, it was temperamental and didn't like any layer 2 "hiccups".)
MAC addresses flapping between ports is one of those "breaking the laws of physics" kind of problems that teaches you to question your assumptions. Gear with a crazy brain can do anything it wants to and it doesn't care about your assumptions.
> it was temperamental and didn't like any layer 2 "hiccups"
The clock was probably doing the "correct" thing when it got a TCP packet for a connection which it didn't recognize and sent back an RST, which caused the client to abort.
> kind of problems that teaches you to question your assumptions
Yep. I learned a lot from dealing with large layer-2 networks (commonly running on hardware not suited for the task). Mostly I learned to never run large L2 networks.
That greatly depends on whether the medium is broadcast (like a radio) or broadcast-like (a shared copper wire) and if it has CSMA/CD logic. Many of the replies are losing that detail and thinking of how it would effect a 1000base-T network, which maps MAC addresses to specific ports.
For a broadcast network, the answer could be 'nothing' in the sense that both receivers would get the same traffic. The IP stack would then throw away packets destined for the other computer unless they were UDP broadcast or multicast, and even then it would only notice if someone was running Wireshark.
Advanced wifi devices/meshes will use beam forming and mesh allocation and might degrade if there were MAC duplicates, but I think they will generally operate in a non-exclusive basis due to end point movement and fading, so both computers will get a good data rate.
Great question. It could, but there is a strong chance that the true recipient has already partially or fully ACKd the segment, thereby changing the sequence number and preventing a reset.
No way to tell for sure, but I can only assume that he had actually hijacked somebody else's connection and the other person's device stopped working for them. I sure wasn't going to stand up and ask the plane if anybody had had their internet plan hacked...
It more or less turns into an ARP cache race, only one device is gonna win. You can do some tricks with gratuitous ARPs as well for "dumber" networks, but more sophisticated setups usually have some broadcast ARP filters that are tied to an auth layer (radius, 802.1x. etc) and will drop broadcast frames from un-authed hosts.
I should probably know this too, but I'll speculate wildly instead.
MAC is Layer 2, IP address is Layer 3. One way or another, the packet destined for the person you're spoofing will end up at your computer and work its way through the layers. From there, if it's a TCP/IP packet, I think it'll get filtered out at Layer 4 (transport) because your computer wasn't one of the parties that initiated the TCP connection (the sequence numbers won't line up, etc).
Packets being broadcast to multiple machines is common enough in various network setups, it's up to the individual machine to decide whether to process or drop the packet.
Since Wi-Fi is a broadcast medium, shouldn't it not matter? With a switch it would break things because MAC tables, but a Wi-Fi AP is a hub. Each device will receive packets for both devices, sure, but will that break things?
I know Windows gets upset when that happens but the network seems to still work.
It used to be more common about 10 years ago, but especially so among hotels catering to business travel. Your Motel 6 would probably have free wifi, the Hilton wanted an extra $20 a night.
It's a business hotel thing, oddly all the cheap chains will have free breakfast and wifi, but often something like the Hilton will be pay for both, likely because the clientele they're targeting is business employees who will just expense the whole thing.
Conference hotels often soak the companies with booths for internet access. One place I did for my company demanded $1500 for 3 days of internet access for up to 5 devices.
In-room, you get free internet access, but in the windowless ballroom with spotty cell-service, there's nothing available for free.
I’ve also seen the opposite, where in-room Wi-Fi was charged, but in the hotel’s function spaces, it was free. The economics of this are confusing, at best. I have also had the situation where the in-room wi-fi was so slow that using my phone as a hot spot was faster!
From my point of view, free WiFi became normal when it became less important because of affordable mobile internet.
From the point of view of the hotels it was about recovering their missing income after customers got mobile phones and stopped paying half a dollar per minute for using the hotel phones.
There was a period when both mobile roaming and hotel WiFi was expensive, so I often went out from my hotel room and bough a local SIM-card to get internet access.
What annoys me most, is that only when I finally could get a laptop that would work a full transatlantic flight on one charge, then suddenly airplanes all got power outlets.
Yes. You often also have to pay for parking in many places. The price you see online is rarely what you pay for. But that's part of the culture, it's the same for restaurants, online purchases etc.
I suspect the "how" is that we just never got the regulation that would prevent it because the 'small-government and low taxes' are aligned perfectly with the large business interests which tend to fund all campaigns. The "low taxes" types want to maximize the sting of all forms of tax and this is a great way to do that. And the businesses appreciate the psychological benefits of being able to show the minimum possible number. Even if a "display only the final price" rule applied to all a consumer's options, we probably just buy things more when they're labeled as "$99.99" instead of "$109.99."
For extra fun, consider how phone bills attempt to "pass through" their own tax obligations, which have little to do with your own incremental usage, in the form of 'recovery fees' tacked onto bills. I suspect we'll eventually see those creep into all kinds of transactions, especially among other monopolistic/oligopoly businesses where you have little if any choice.
The 2 largest retailers on earth have discovered that the x.99 prices make you less money than pricing at x.99 plus some arbitrary number between .99 and .01.
I think the EU law on that is the "Price indication directive", and AFAIK, it's been around since 1998. (may have replaced an earlier directive, my google-fu is lacking)
I think the norm is to show whatever price you want, with some countries banning that for fairly obvious reasons.
That's a weak justification to apply to prices listed right where the product is sold. Like, if one uses a sticker gun to put a price tag on a product itself.
I don't know of any US businesses other than waffle house that always include all taxes in the listed price, however.
There are laws against adding in taxes on listed prices in places like NJ, likely others as well.
Regardless, I'm not sure why people consider it such a big deal. It's consistent across the board and it's relatively basic math to estimate what the total would be.
I've lived in places that do it both ways and it's a non-issue.
Thankfully competition from AirBNB made them re-think the idea. That's my theory why it mostly went away anyway.
There's still some stragglers though, offering "basic" access free but charging for higher data limits, faster bandwidth, more devices. You can often get the higher plan just by signing up for the hotel's loyalty program.
It's not unheard of but it's probably been a decade since I've been to one personally. Some have free WiFi just for guests (probably good since the bandwidth is so saturated already).
The last couple of hotels I stayed in had free "basic" wifi for guests. Elite status could get higher speeds for free or anyone else could pay something like $10/day/device to get higher speeds.
I just switched to my cell phone data if the wifi was too slow.
This is what I did about 7-8 years ago on flights when I was still a reckless teenager. Would just wait for people to buy the plan, then spoof their Mac address.
There was also a specific airline, although I can't remember which one, which let me in for free without MAC spoofing - by using a Google Cloud VPN I had previously set up. The paywall was essentially blocking all IP ranges except for Google servers for Google Analytics.
Took an airline that required an app to pay to connect… but also opened up a window of a few minutes of open access to let you download said app from the iStore.
I always wondered if there was a way to further exploit that.
IIRC (assuming it was the same airline), it didn't close existing connections once the time ran out, so you'd just ssh to a server and proxy through that. When/if the connection dropped, you'd just change your mac address and start over.
Similar is probably possible on cruise ships, I noticed on Carnival you could still get notifications from discord (I assume because most android notifications go through cloud messaging and it's required for their own app to work without internet).
This is what I used to do at home when my dad would turn off my internet access (by whitelisting MAC-addresses. Before that he blacklisted MAC-addresses, but I just used the built in way to change it with each connection on windows until he found out.). My mom rarely used her PC so I would just change my address to hers. It worked until she had to use it and at that point none of us could access the internet.
WiFi signal is received by both. Packages are ignored if they are not requested by either one of the systems. You can also receive anyone else's packages while you are using your internet but ignoring the ones you don't need. (If interested try aircrack-ng.)
If it's important but you got time, you could always save the packets and crack them when quantum computing comes out for consumers. You have to wait a couple of decades probably, but maybe it's worth it
Of course if you don’t sit in a Faraday cage you can receive any electromagnetic waves around you. But you can’t actually receive other users IP packages.
I had to tell him not to do that, but I was kind of proud of him for having the temerity to go for it.