[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seriously OT] securing wireless networks



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thursday, May 29, 2003, at 04:02 PM, Scott Johnson wrote:

While I certainly agree that WEP is not the solution, it can be a great help
in preventing somebody from stealing your bandwidth. Recently, a neighbor
was running Gnutella on my unencrypted wireless network. My downloads slowed
to a crawl. So I decided to give WEP a shot. The problem is gone.

Want to make the problem go away forever?

Assign your wireless network to a private subnet of its own. Don't route anything in or out of it. One or two hosts need to be hard wired to it (depending on whether you use OpenBSD as your AP or use an AP toaster in conjuction with an OpenBSD box). Anyone can get an IP address on the wireless network, and you don't have WEP enabled (pointless... keep reading).

Any "blessed" clients are able to establish an IPsec tunnel to the OpenBSD box, which will gladly route from there to the Internet or to your private network. So the only way out of the wireless network is via VPN. It's very simple, and very discouraging to your neighbor who can get an IP address just fine but can't do anything with it.

- --

Chris Hedemark
UNIX / Linux / BSD / Mac OS X / Windows consulting available. No job too small!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.2 (Darwin)


iEYEARECAAYFAj7WfbEACgkQYPuF4Zq9lvaxzACgjgfSsN0srWYozwfO0F3TPits
9E0AnA5nD//FQRs7ymd5aYNt0pvI96yI
=9tBj
-----END PGP SIGNATURE-----