Re: [SLUG] OK, general networking question...

From: Ian C. Blenke (ian@blenke.com)
Date: Thu Jan 23 2003 - 16:54:26 EST


On Thu, Jan 23, 2003 at 02:47:57PM -0500, James Miller wrote:
> I'm planning on setting up a wireless network between 2 trailers, only 3
> lots away from each other, because we can't bury any lines here. (Yup,
> white trailer trash techo geek: dog on the porch, shotgun in the rack, and a
> server in the closet. Ain't my momma proud of me... ) I've got 8 systems
> currently on a DSL modem, behind a Linksys router, and I want to protect
> them from anyone wardriving or neighbors who might bootleg off my bandwidth.
> She'll have 3 systems on her end.
>
> What are your opinions about how I should go? Should I put the first
> wireless router between my router and the DSL modem, and a second wireless
> router on her end, connecting all her systems. Ithat even possible to do it
> that way? Obviously, we'll need external antennas (coffee can horns are
> tempting, just to maintain the theme, if nothing else), because of the
> trailers acting as Faraday cages. I'm a novice here, so what are your
> thoughts on the subject?
>
> Thanks ahead, James
>
> (Hmm, sounds like a bad country song. "Livin' mah life in a Faraday Cage
> without you"...)

Well, forget about WEP. Don't trust it. Regardless of the key length
(either 64(40)bit or 160(104)bit, it's all crap due to the IV reuse).
Script kiddies may not "get it", but any penetration expert worth his salt
will blow by that in a few hours.

Filtering by MAC is pointless. You can sniff and masquerade as any other
MAC node painlessly.

I suggest a VPN overlay of some kind at the very least. Consider
something IPSEC, but any VPN technology at all would be better than
sending in the clear.

Ideally, you would have a beaconless 802.1x capable Access Point
authenticating to a RADIUS server and sessions over EAP/TLS:

        http://www.missl.cs.umd.edu/wireless/eaptls/

I also like to run fakeap on another machine on the network to
completely baffle any wardrivers in the neighborhood.

- Ian



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:44:56 EDT