Re: restricting wireless access
MAC-based authentication is a joke. All it takes is for someone to
sniff traffic, then clone your mac(ifconfig ethX hw ether [...]).
The best way IMO to secure a small wireless network is with ipsec. You
can do this very easily with freeswan and a good ipsec howto. Just
create a encrypted/authenticated tunnel between your wireless machine
and your router. On the router, set the policy of the wireless port to
require encryption/auth.
There are ofcourse other options...such as RADIUS...
On Fri, Jan 10, 2003 at 11:56:13PM +0100, martin f krafft wrote:
> i have a cheap-ass wireless access point which doesn't even do
> MAC-based authentication, and neither can I get WEP64 to work between
> it (Addtron AWS-110) and the Orinoco Silver card.
>
> I would like to have wireless in my appartment, but I need to prevent
> folks on the street from linking into the network. The question is
> how. I want to prevent them from using my internet connection just as
> much as accessing local computers behind the firewall.
>
> Is there a tools that will send TCP resets to anything coming from an
> unknown MAC address? this isn't 100% secure, but it's better than
> nothing. Or is there a tool that uses a client program to establish
> the identity of the host (like they have in some internet cafes to
> prevent you from using the cables for laptops, even if you change the
> MAC), and if someone connects without the client program, then s/he is
> TCP reset for every packet sent?
>
> or is there a better solution? maybe someone can help me get WEP to
> work...
>
Reply to: