Order Tray | Contact Us | Home | SIG Lists

[Ham-80211] Access control suggestions

jeff at aerodata.net jeff at aerodata.net
Wed Nov 3 17:27:30 UTC 2004


Steve:

If I am not mistaken, Icom was actually trying to DISCOURAGE hams from
using WiFi, instead trying to encourage them to use their proprietary
D-Star system. I saw one of their powerpoint presentations (DCC?) in which
they had a slide that stated why hams should not participate in the
Hinternent/WiFi.

But I could be wrong, most certainly I'd like to see your
thought/suggestion of support be reality.

As to frequency, we share a subset of the band with the Part 15'ers, so
getting away on frequency, using cheap COTs equipment I don't think is a
option.

However, there are other ways to make the system "incompatible" which will
have the same desired effect. One of the projects I have been following
closely, and am a active user, is the SVEASOFT WRT54G Linux project. You
can see it here:

http://www.linksysinfo.org/
http://www.sveasoft.com/modules/phpBB2/index.php

The WRT54G is a 802.11g router the runs Linux. One of the "problems" of
Linux is you often have to release source, and LinkSys had to just that.
And what has happened as a result of this is quite a number of projects
that have enhanced this router (and added to LinkSys's bottom line I might
add!).

So, I suspect it might be fairly easy to create a "non-compatible" fork of
the source code for hams, that would keep 99.95% of the general public out
of our space.

Now, if only the Japanese manufacturers could open source their products,
we'ed really have something!

-Jeff wb8wka


> Here's a thought.  How about we work with major
> manufacturers such as Icom (who already has wifi
> products), yaesue, kenwood, etc. to get them to
> produce a ham radio specific WiFi solution.  The
> technology would be identical to existing products.
> Only difference would be is setting the RF equipment
> to work on ham radio frequences that do not fall on
> the shared part 15 frequencies.  If they contracted
> with companies such as Orinoco, Linksys, Cisco and
> other wifi producers, there would be very little
> startup costs.  Just  a matter of firmware
> modification (I think) to use ham specific frequences.
>  If that could happen, then we would not have to worry
> about the mixup between part 15 and part 97 users.
>
> IF they can do this for under $50, even under $100, I
> could jump out and buy one.
>
> Thoughts?
> --- dubose at texas.net wrote:
>
>> Please don't get "overly" concerned about access
>> restrictions.
>>
>> Rmember that just as repeaters are open...they are
>> however on amateur radio
>> frequencies...this does not prevent someone who is
>> not licensed from
>> transmitting on that frequency.  You take normal
>> precautions against improper use.
>>
>> With 802.11b you are sharing the frequency with
>> un-licensed individuals so you
>> need to make a reasonable attempt to restrict access
>> to you AP/network.you rig
>> is any of these are operating under Part 97.
>>
>> MAC, IPs in the 44. domain or a published WEP are a
>> reasonable attempt to keep
>> unauthorized access to your Part 97 operation.
>> Clearly if you see unauthorized
>> operation as the station controller, you take
>> appropriate action but other than
>> that, if you believe that you have taken reasonable
>> care to prevent unauthorized
>> access, then that solves the problem....but feel
>> free to lock it down as tight
>> as you please.
>>
>> I have chosen to use the Public WEP key published on
>> the ARRL/HSMM web pages.
>>
>> Walt/K5YFW
>>
>>
>> > On Mon, Nov 01, 2004 at 09:31:28AM -0800, Steven
>> Phillips wrote:
>> > > That still leaves one question open.  The AP is
>> still
>> > > being used under part 97 rules.  Is using static
>> IP
>> > > assignments under AMPERNET sufficient access
>> > > restriction?  Part 15 users can still connect to
>> the
>> > > AP, but they will not get any network access and
>> can't
>> > > do anything beyond connecting to the AP.  This
>> is
>> > > because they will not have an IP address.  The
>> only
>> > > exception I can think of is if the general
>> public
>> > > discovers the AMPRNET IP scheme and assigns
>> themselves
>> > > an IP address?  Simple solution.  When a person
>> > > applies for access to the network, require them
>> to
>> > > provide the unique MAC address of their WLAN
>> card(s)
>> > > and do a MAC check during authentication.  If a
>> person
>> > > does spoof an IP, they still won't have access
>> because
>> > > they do not have an authorized MAC address.
>> > >
>> > > So, there's my $20 worth.  Let me know what you
>> think
>> > > and if you have any thoughts about my
>> suggestions.
>> > >
>> >
>> > Steve,
>> >
>> > MAC authentication is very weak.  One need only
>> eavesdrop on your AP to
>> > find out the authorized MACs.  Ditto IP address
>> authentication.
>> >
>> > Keep in mind that for a person to "operate" your
>> Part 97 AP, their
>> > computer needs only to send your AP an 802.11
>> packet.  Virtually any
>> > 802.11 management request (Probe, Authentication,
>> Association) will induce
>> > your AP to send a response.  Also, your AP will
>> probably produce a CTS
>> > response to any RTS packet, regardless the
>> RTS-sender's authentication
>> > status.  Sending your AP a data packet will
>> likewise yield an 802.11 ACK,
>> > or even a Deauthenticate response.  As a matter of
>> course, your Part 97 AP
>> > is going to receive Probe Requests from 802.11
>> stations that are scanning
>> > for APs.  A clever and malicious person may be
>> able to make your Part
>> > 97 AP send a flood of packets all day long,
>> without ever authenticating.
>> >
>> > Dave
>> >
>> > --
>> > David Young             OJC Technologies
>> > dyoung at ojctech.com      Urbana, IL * (217)
>> 278-3933
>> >
>> > _______________________________________________
>> > ham-80211 mailing list
>> > ham-80211 at lists.tapr.org
>> >
>>
> https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
>> >
>>
>>
>>
>> _______________________________________________
>> ham-80211 mailing list
>> ham-80211 at lists.tapr.org
>>
> https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
>>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Check out the new Yahoo! Front Page.
> www.yahoo.com
>
>
>
> _______________________________________________
> ham-80211 mailing list
> ham-80211 at lists.tapr.org
> https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
>





More information about the ham-80211 mailing list