Wireless 'firewall' needed

Adam Smith moc_leader at iprimus.com.au
Fri Jan 31 12:09:02 EST 2003 

Heh, just those poor hacked Windows servers running there scripts
1. People who leave windows servers online even when there not doing
anything are stupid.
2. People who leave any windows server online are idiots anyway ;)

----- Original Message -----
From: "Jim Carter" <jimc at math.ucla.edu>
To: "Daniel Curry" <dcurry at cariocas.com>
Cc: <wireless at lists.samba.org>
Sent: Friday, January 31, 2003 9:48 AM
Subject: Re: Wireless 'firewall' needed


> On Thu, 30 Jan 2003, Daniel Curry wrote:
> > ... Does anyone
> > have any suggestions on an easy to implement 'server' to log users
> > (would like to require at least a valid e-mail address), that either
> > authenticates to a remote server (maybe a community authentication
> > server?) or locally,  and has the ability to restrict bandwidth usage?
>
> My setup:
>
>     laptop ----> access point ----> Linux server ----> DSL egress
>                 Other hosts ---------^
>
> I can configure the desktop server any way I want, and I have to have it
> anyway for printing, backup, nameserver (for my own little intranet), etc.
> I have DHCP configured to recognize my family's machines per MAC address
> (though a competent hacker can just set IP manually), and to route to the
> Internet only if the MAC address is known (or simulated by the hacker).
> Plus the routing firewall rules are pretty restrictive.  On the wireless I
> use WEP (yes, AirSnort).  The Linux machines have firewalls and can defend
> themselves (particularly when they're not at home and are directly on the
> Internet);  the one running WinXP ... well, of course Bill has all the
> security holes plugged :-)  And we know how to run Windows Update.  And
the
> server does NAT, so only a careful targeted attack on the Windows machine
> would succeed.  At least it's not Win98.
>
> I'm balancing effective protection against ease of use and system
> administration.  There is no effective authentication for people to use my
> wireless net (I'm thinking of X.509 certificates and the like).  I've
never
> seen any wireless probes, though my logs are full of crap from the
Internet
> side -- 1 hack packet a minute, on bad days.  Maybe I live in a good
> neighborhood.  Someone who just wanted to download MP3's using my DSL
would
> find it very frustrating due to the routing restrictions; someone who was
> assigned to snoop on my SSL datastreams would have no trouble to do so,
not
> that it would do him any good.
>
> But if you're thinking of setting up community wireless, this doesn't
> address many important issues.  Check your service agreement with your
ISP.
>
> James F. Carter          Voice 310 825 2897    FAX 310 206 6673
> UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA
90095-1555
> Email: jimc at math.ucla.edu    http://www.math.ucla.edu/~jimc (q.v. for PGP
key)
>
>

More information about the wireless mailing list