[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [seriously OT] securing wireless networks
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: [seriously OT] securing wireless networks
- From: Chris Hedemark <chris_(_at_)_yonderway_(_dot_)_com>
- Date: Thu, 29 May 2003 17:37:48 -0400
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday, May 29, 2003, at 04:02 PM, Scott Johnson wrote:
While I certainly agree that WEP is not the solution, it can be a
in preventing somebody from stealing your bandwidth. Recently, a
was running Gnutella on my unencrypted wireless network. My downloads
to a crawl. So I decided to give WEP a shot. The problem is gone.
Want to make the problem go away forever?
Assign your wireless network to a private subnet of its own. Don't
route anything in or out of it. One or two hosts need to be hard wired
to it (depending on whether you use OpenBSD as your AP or use an AP
toaster in conjuction with an OpenBSD box). Anyone can get an IP
address on the wireless network, and you don't have WEP enabled
(pointless... keep reading).
Any "blessed" clients are able to establish an IPsec tunnel to the
OpenBSD box, which will gladly route from there to the Internet or to
your private network. So the only way out of the wireless network is
via VPN. It's very simple, and very discouraging to your neighbor who
can get an IP address just fine but can't do anything with it.
UNIX / Linux / BSD / Mac OS X / Windows consulting available. No job
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.2 (Darwin)
-----END PGP SIGNATURE-----