Linux orinoco, wireless, dhcpd setup "gotchas"
Duncan Thomson
duncant at mitre.org
Sat Jul 27 04:32:27 EST 2002
Jim Carter wrote:
>
> On Fri, 26 Jul 2002, Duncan Thomson wrote:
> > First, Orinoco card firmware 8.10 didn't seem to work in ad-hoc mode with kernel
> > drivers included in Linux 2.4.7-10. Nor did it work with drivers included in
> > pcmcia-cs-3.2.0. However, it does seem work with drivers included in kernel
> > 2.4.18. Moral of the story - if you're having problems with Orinoco cards,
> > upgrade to newer kernel if possible.
>
> It's probably easier to just upgrade the module
> (http://ozlabs.org/people/dgibson/dldwd/orinoco-0.11b.tar.gz)
> than to upgrade the whole kernel. But the jump from 2.4.7 to 2.4.18 was
> worth it.
Yeah, I tried to just upgrade the module, but I got a bunch of "unresolved
symbols" when the module was loaded. Probably some mistake I made when building
the module, but I figured the easiest way to fix it was just to upgrade the
entire kernel.
> > Next step: Get IPSEC working to protect the communications between my laptop
> > (windows and linux) over the wireless LAN to my linux firewall, since I think
> > there's good reason not to trust WEP.
>
> My feeling on that is, WEP keeps wardrivers and local teenagers from
> stealing your internet connection, but if someone really wants to steal
> your information, they'll take the time to run AirSnort and crack your WEP.
> So I use SSH for all logins including within the home net. For POP or IMAP
> mail downloads, the right way is the secure protocol, assuming :-) that
> your ISP offers it. But my guess is that the bigger threat is someone
> hacking into your ISP and snatching your POP password off the wire. And of
> course if you have a cable modem connection, that's a feature of the
> service :-)
Well, I already use an IPSEC based VPN system when I connect over the internet
from home to work. We have a Cisco VPN concentrator that is the only way into
our company network from the outside.
For other connections over the internet, most of the stuff that might be
senstive is (hopefully) using SSL. (POP being a notable exception.)
The big weakness in my setup now is that someone could crack my WEP, at which
point they'd probably be able to hack my home machines, and would certainly be
able to get out to the internet through my connection, which would be a bad
thing. Proably my biggest protection in this area is that there are much softer
targets nearby - my neighbor was, as of a few days ago, running an access point
with NO encryption whatsoever. Hack me! Hack me!
But, being a bit paranoid, my idea is to set up a combination of firewall rules
and IPSEC on my linux firewall, so that, even if someone got my WEP key, they
wouldn't be let in. They still might be able to hack my laptop via it's
wireless connection, but it's not running many services, and also isn't turned
on most of the time. (Unlike the linux box, which is on 24x7x365).
Duncan
More information about the wireless
mailing list