[Ham-80211] Access control suggestions
Steven Phillips steven_phillips at yahoo.comMon Nov 1 17:31:28 UTC 2004
- Next message: [Ham-80211] Access control suggestions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I just did a little skimming through the archives and saw a lot of discussion regarding WEP and access points. I agree that use of WEP for access control and not to obscure the messages is not in violation of FCC rules. Here is my suggestion regarding potection of the WEP keys. The ARRL has a system implace for their log book of the world for credential verification. QSL.NET (?) has similiar provisions. Why can't we utilize one of the systems, or one of our own, to maintain a database of these keys. Ok great, that gives us a way to make the keys available to the ham public, how do we keep them from making it available to the general public? In the instance of the W54RT, it can run linux. Set up a small script and add it to a cron job that will change the WEP key every so often and then upload that information to the database. You don't have an accesspoint that can run linux? No problem, set up a 486 or other junk computer with a small distribution of linux to run a wirless nic in AD-HOC mode. Another key feature is to disable the built in DHCP server and statically assign the ip to an AMRPNET IP address. Another suggestion is to use a system similiar to lessnetworks (www.lessnetworks.com) and leave the access point open to the public. Less networks has a free linux distro for WiFI Hotspots. The linux box goes between the AP and the main network an acts as an authentication proxy server. Similar to what T-Mobile Hotspot does. Link these systems together to a central user database as it is designed to do. The ARRL could host this database and use their credential verification system to verify legitimacy of the users. That still leaves one question open. The AP is still being used under part 97 rules. Is using static IP assignments under AMPERNET sufficient access restriction? Part 15 users can still connect to the AP, but they will not get any network access and can't do anything beyond connecting to the AP. This is because they will not have an IP address. The only exception I can think of is if the general public discovers the AMPRNET IP scheme and assigns themselves an IP address? Simple solution. When a person applies for access to the network, require them to provide the unique MAC address of their WLAN card(s) and do a MAC check during authentication. If a person does spoof an IP, they still won't have access because they do not have an authorized MAC address. So, there's my $20 worth. Let me know what you think and if you have any thoughts about my suggestions. 73 DE KB0OLF Steve __________________________________ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com
- Next message: [Ham-80211] Access control suggestions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the ham-80211 mailing list