[Ham-80211] Access control suggestions
Reid Crowe bigreidous at sbcglobal.netMon Nov 1 22:29:54 UTC 2004
- Previous message: [Ham-80211] Access control suggestions
- Next message: [Ham-80211] Re: Access control suggestions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
But this just goes back to the point, anyone with a ht can use your repeater, anyone with a packet station can use your station. Nothing is 100% fool proof, the FCC realizes that. If you keep people from accessing your main network they will stop connecting to your AP. Same way if you ignore a pirate on your repeater. They'll stop getting on there. As long as we make a honest effort to keep honest people honest i think that should be good enough. Yes i know, it's not perfect but none of our systems are. If someone wants to hack in to any of our ham networks, be it 802.11, packet, repeaters or HF, they will. -Reid KC0IDI David Young <dyoung at pobox.com> wrote: On Mon, Nov 01, 2004 at 09:31:28AM -0800, Steven Phillips wrote: > That still leaves one question open. The AP is still > being used under part 97 rules. Is using static IP > assignments under AMPERNET sufficient access > restriction? Part 15 users can still connect to the > AP, but they will not get any network access and can't > do anything beyond connecting to the AP. This is > because they will not have an IP address. The only > exception I can think of is if the general public > discovers the AMPRNET IP scheme and assigns themselves > an IP address? Simple solution. When a person > applies for access to the network, require them to > provide the unique MAC address of their WLAN card(s) > and do a MAC check during authentication. If a person > does spoof an IP, they still won't have access because > they do not have an authorized MAC address. > > So, there's my $20 worth. Let me know what you think > and if you have any thoughts about my suggestions. > Steve, MAC authentication is very weak. One need only eavesdrop on your AP to find out the authorized MACs. Ditto IP address authentication. Keep in mind that for a person to "operate" your Part 97 AP, their computer needs only to send your AP an 802.11 packet. Virtually any 802.11 management request (Probe, Authentication, Association) will induce your AP to send a response. Also, your AP will probably produce a CTS response to any RTS packet, regardless the RTS-sender's authentication status. Sending your AP a data packet will likewise yield an 802.11 ACK, or even a Deauthenticate response. As a matter of course, your Part 97 AP is going to receive Probe Requests from 802.11 stations that are scanning for APs. A clever and malicious person may be able to make your Part 97 AP send a flood of packets all day long, without ever authenticating. Dave -- David Young OJC Technologies dyoung at ojctech.com Urbana, IL * (217) 278-3933 _______________________________________________ ham-80211 mailing list ham-80211 at lists.tapr.org https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tapr.org/pipermail/ham-80211/attachments/20041101/b00b63e9/attachment.html
- Previous message: [Ham-80211] Access control suggestions
- Next message: [Ham-80211] Re: Access control suggestions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the ham-80211 mailing list