Re: restricting wireless access
MAC-based authentication is a joke. All it takes is for someone to
sniff traffic, then clone your mac(ifconfig ethX hw ether [...]).
The best way IMO to secure a small wireless network is with ipsec. You
can do this very easily with freeswan and a good ipsec howto. Just
create a encrypted/authenticated tunnel between your wireless machine
and your router. On the router, set the policy of the wireless port to
There are ofcourse other options...such as RADIUS...
On Fri, Jan 10, 2003 at 11:56:13PM +0100, martin f krafft wrote:
> i have a cheap-ass wireless access point which doesn't even do
> MAC-based authentication, and neither can I get WEP64 to work between
> it (Addtron AWS-110) and the Orinoco Silver card.
> I would like to have wireless in my appartment, but I need to prevent
> folks on the street from linking into the network. The question is
> how. I want to prevent them from using my internet connection just as
> much as accessing local computers behind the firewall.
> Is there a tools that will send TCP resets to anything coming from an
> unknown MAC address? this isn't 100% secure, but it's better than
> nothing. Or is there a tool that uses a client program to establish
> the identity of the host (like they have in some internet cafes to
> prevent you from using the cables for laptops, even if you change the
> MAC), and if someone connects without the client program, then s/he is
> TCP reset for every packet sent?
> or is there a better solution? maybe someone can help me get WEP to