Re: [seriously OT] securing wireless networks

[Chris Hedemark <chris_(_at_)_yonderway_(_dot_)_com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thursday, May 29, 2003, at 04:02 PM, Scott Johnson wrote:

> While I certainly agree that WEP is not the solution, it can be a 
> great help
> in preventing somebody from stealing your bandwidth.  Recently, a 
> neighbor
> was running Gnutella on my unencrypted wireless network.  My downloads 
> slowed
> to a crawl.  So I decided to give WEP a shot.  The problem is gone.

Want to make the problem go away forever?

Assign your wireless network to a private subnet of its own.  Don't 
route anything in or out of it.  One or two hosts need to be hard wired 
to it (depending on whether you use OpenBSD as your AP or use an AP 
toaster in conjuction with an OpenBSD box).  Anyone can get an IP 
address on the wireless network, and you don't have WEP enabled 
(pointless... keep reading).

Any "blessed" clients are able to establish an IPsec tunnel to the 
OpenBSD box, which will gladly route from there to the Internet or to 
your private network.  So the only way out of the wireless network is 
via VPN.  It's very simple, and very discouraging to your neighbor who 
can get an IP address just fine but can't do anything with it.

- --

Chris Hedemark
UNIX / Linux / BSD / Mac OS X / Windows consulting available.  No job 
too small!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.2 (Darwin)

iEYEARECAAYFAj7WfbEACgkQYPuF4Zq9lvaxzACgjgfSsN0srWYozwfO0F3TPits
9E0AnA5nD//FQRs7ymd5aYNt0pvI96yI
=9tBj
-----END PGP SIGNATURE-----