Order Tray | Contact Us | Home | SIG Lists

[Ham-80211] Access control suggestions

Steven Phillips steven_phillips at yahoo.com
Wed Nov 3 18:19:41 UTC 2004


Here's an idea, get the FCC involved and make it
mandatory for hams to have one of those cards then
you'd get your 10,000.  Hey, the did it with HDTV.

j/k

They could always modify the card to be software
modifiable so we can make the changes ourselves. 
Lisence the modification software under some sort of
modified GPL restricting the use of the software to
ham radio use.  However, every software modification
has been, and will be, hacked by the general
community.  There is no such thing as hack proof.

I think with the existing technology, we can
accomplish what we want.  I think the biggest safe
guard would be to petition the FCC to make rules under
part 97 in regards to hams making a resonable effort
to limit access to wifi equping being used under part
97. There probabaly is already provisions in the rules
to protect us in regards to resonable efforts,
however, can those rules be resonable interprested as
applying to WiFI use?  What would be the definition of
"resonable effort?"  

Another thing that would be almost a self protection
is the available information.  Since these devices
would be on an isolated network and not connected to
the general internet, no commercial information on top
of the type of information they would obtain from such
a network, provides no incentive for the general
public to "hack" into the wireless Hinternet.

If someone did hack into the network just to cause
malitions interference, it would be rather simple to
hunt them down.  Since the radios in the cards are
always transmitting (as long as they are turned on) we
could use standard triangulation.  All APs have a log
that records IP and Mac information.  Get a few hams
driving around the area with laptops and a nifty
little program called NetStumber (freeware), it would
be too difficult.
--- dubose at texas.net wrote:

> The HSMM tried that 2 years ago with no interest on
> the part of the major
> manufacturers of ham gear.  However one executive
> from Agere said that they
> might be able to make a change at the end of a large
> production run to
> accommodate this if someone would buy the units. 
> This would include changes in
> frequencies, power and inclusion of the capability
> of each unit having a
> hardware name (callsign) that was transmitted
> periodically.
> 
> The question is who would buy 10,000 units.
> 
> If some one were to buy them, then you could use
> common PCI adapters and bridges
> like the WET11 for stand alone bridges by replacing
> the PCMCI card...and perhaps
> create an AP on the line of the WET11/WAP11.
> 
> Walt/K5YFW
> 
> > Here's a thought.  How about we work with major
> > manufacturers such as Icom (who already has wifi
> > products), yaesue, kenwood, etc. to get them to
> > produce a ham radio specific WiFi solution.  The
> > technology would be identical to existing
> products. 
> > Only difference would be is setting the RF
> equipment
> > to work on ham radio frequences that do not fall
> on
> > the shared part 15 frequencies.  If they
> contracted
> > with companies such as Orinoco, Linksys, Cisco and
> > other wifi producers, there would be very little
> > startup costs.  Just  a matter of firmware
> > modification (I think) to use ham specific
> frequences.
> >  If that could happen, then we would not have to
> worry
> > about the mixup between part 15 and part 97 users.
> > 
> > IF they can do this for under $50, even under
> $100, I
> > could jump out and buy one.  
> > 
> > Thoughts?
> > --- dubose at texas.net wrote:
> > 
> > > Please don't get "overly" concerned about access
> > > restrictions.
> > > 
> > > Rmember that just as repeaters are open...they
> are
> > > however on amateur radio
> > > frequencies...this does not prevent someone who
> is
> > > not licensed from
> > > transmitting on that frequency.  You take normal
> > > precautions against improper use.
> > > 
> > > With 802.11b you are sharing the frequency with
> > > un-licensed individuals so you
> > > need to make a reasonable attempt to restrict
> access
> > > to you AP/network.you rig
> > > is any of these are operating under Part 97.
> > > 
> > > MAC, IPs in the 44. domain or a published WEP
> are a
> > > reasonable attempt to keep
> > > unauthorized access to your Part 97 operation. 
> > > Clearly if you see unauthorized
> > > operation as the station controller, you take
> > > appropriate action but other than
> > > that, if you believe that you have taken
> reasonable
> > > care to prevent unauthorized
> > > access, then that solves the problem....but feel
> > > free to lock it down as tight
> > > as you please.
> > > 
> > > I have chosen to use the Public WEP key
> published on
> > > the ARRL/HSMM web pages.
> > > 
> > > Walt/K5YFW
> > > 
> > > 
> > > > On Mon, Nov 01, 2004 at 09:31:28AM -0800,
> Steven
> > > Phillips wrote:
> > > > > That still leaves one question open.  The AP
> is
> > > still
> > > > > being used under part 97 rules.  Is using
> static
> > > IP
> > > > > assignments under AMPERNET sufficient access
> > > > > restriction?  Part 15 users can still
> connect to
> > > the
> > > > > AP, but they will not get any network access
> and
> > > can't
> > > > > do anything beyond connecting to the AP. 
> This
> > > is
> > > > > because they will not have an IP address. 
> The
> > > only
> > > > > exception I can think of is if the general
> > > public
> > > > > discovers the AMPRNET IP scheme and assigns
> > > themselves
> > > > > an IP address?  Simple solution.  When a
> person
> > > > > applies for access to the network, require
> them
> > > to
> > > > > provide the unique MAC address of their WLAN
> > > card(s)
> > > > > and do a MAC check during authentication. 
> If a
> > > person
> > > > > does spoof an IP, they still won't have
> access
> > > because
> > > > > they do not have an authorized MAC address.
> > > > > 
> > > > > So, there's my $20 worth.  Let me know what
> you
> > > think
> > > > > and if you have any thoughts about my
> > > suggestions.
> > > > > 
> > > > 
> > > > Steve,
> > > > 
> > > > MAC authentication is very weak.  One need
> only
> > > eavesdrop on your AP to
> > > > find out the authorized MACs.  Ditto IP
> address
> > > authentication.
> > > > 
> > > > Keep in mind that for a person to "operate"
> your
> > > Part 97 AP, their
> > > > computer needs only to send your AP an 802.11
> > > packet.  Virtually any
> > > > 802.11 management request (Probe,
> Authentication,
> > > Association) will induce
> > > > your AP to send a response.  Also, your AP
> will
> > > probably produce a CTS
> > > > response to any RTS packet, regardless the
> > > RTS-sender's authentication
> > > > status.  Sending your AP a data packet will
> > > likewise yield an 802.11 ACK,
> > > > or even a Deauthenticate response.  As a
> matter of
> > > course, your Part 97 AP
> > > > is going to receive Probe Requests from 802.11
> > > stations that are scanning
> > > > for APs.  A clever and malicious person may be
> > > able to make your Part
> > > > 97 AP send a flood of packets all day long,
> > > without ever authenticating.
> > > > 
> > > > Dave
> > > > 
> > > > -- 
> > > > David Young             OJC Technologies
> > > > dyoung at ojctech.com      Urbana, IL * (217)
> > > 278-3933
> > > > 
> > > >
> _______________________________________________
> > > > ham-80211 mailing list
> > > > ham-80211 at lists.tapr.org
> > > >
> > >
> >
>
https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
> > > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > ham-80211 mailing list
> > > ham-80211 at lists.tapr.org
> > >
> >
>
https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
> > > 
> > 
> > 
> > 
> > 		
> > __________________________________ 
> > Do you Yahoo!? 
> > Check out the new Yahoo! Front Page. 
> > www.yahoo.com 
> >  
> > 
> > 
> > _______________________________________________
> > ham-80211 mailing list
> > ham-80211 at lists.tapr.org
> >
>
https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
> > 
> 
> 
> 
> _______________________________________________
> ham-80211 mailing list
> ham-80211 at lists.tapr.org
>
https://lists.tapr.org/cgi-bin/mailman/listinfo/ham-80211
> 



		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 





More information about the ham-80211 mailing list