|
You can set the PPOE to allow for one session, but if they are using a broadband router, then there’s not much you can do.
If you are worried about their usage, then you should probably bill by usage.
Jeremy
-----Original Message-----
Here's a scenario (close to what I may be having): TWN> This is slightly OT... TWN> FIRST...a little background: TWN> I have a pure sB wireless network. ALL of my clients are connected viaTWN> an airBridge or airPoint. I obviously do not provide any informationTWN> about our network to my clients, nor do they have admin rights to the sBTWN> device. Therefore, the network is pretty locked down...which does notTWN> allow clients to sniff wireless traffic (without first cracking WEP)TWN> because they can NOT put the sB device into promiscuous mode. TWN> I will NEVER have the need to allow non-paying customers to access myTWN> network either (hotspot webpage login). TWN> I currently use WEP and MAC internal authentication (although I willTWN> soon move to external RADIUS). TWN> I deploy SOHO routers at EVERY client home which is located between theTWN> sB device and the client internal network. I assign static IPs to EVERYTWN> sB device and client router. Therefore, there are only 2 IPs seen fromTWN> any one of my clients (sB device and router). TWN> My SOHO router that I deploy at EVERY client has web based adminTWN> authorized from ONLY my NOC IP addresses. This allows me to not onlyTWN> manage all the devices remotely, but it also allows me to PING theTWN> internal network (beyond the sB device) to prove that the sB device isTWN> passing traffic to the wired LAN. Piece of mind for me. TWN> The SOHO routers have built-in PPPoE that I "could" enable if I want to. TWN> My question is this....Why should "I" use PPPoE for "THIS" network? Additional security. TWN> 1. Does it provide more security? (not really, I think)Absolutely. TWN> 2. Or would the only reason be for bandwidth limiting (which I currentlyTWN> can not do)? That to. TWN> I do NEEEEEED bandwidth limiting, but the new XO radios will do this.TWN> So...really...does the use of PPPoE provide any greater level ofTWN> security? Yes Sir sure does. TWN> If someone manages to crack my WEP, then sniff someone's IP and MAC,TWN> then bumps that client off the network and assumes their identity, wouldTWN> PPPoE stop them from surfing? Who would really care at that point?? Cracking your WEP ain't to hard. Sniffing someone's IP and MAC isn'tthat hard either... Now to the killer they don't need to bump theclient of the network to assume their identity. They could simply justassume their identity and surf away with piece in mind.As long as the client can't hear the thiefs radio then their routerwill not complain about duplicate ip on the network it just assumesthe traffic that was sent to the ip/mac combo was someone attemptingto communicate with them and simply ignore it while the thief alsowill get the traffic which is to him legit.The thief will be surfing away stealing your service and you wouldNEVER know about it.PPPoE if their login have not been authorized they don't get an IP andcan not surf. Since you no longer is passing TCP traffic but PPPoEtraffic you have to have a special software to create the pppoetunnel. When you run PPPoE you don't even need to have a IP assign onyour routers ethernet interface that is to your clients because it'sall done over pppoe. TWN> Does PPPoE use encrypted LOGIN? Yes Sir. Encrypted logins so they have to capture the PPPoE loginframes and then be able to crack the username and password out ofthose frames (pretty much impossible since it's done on a handshakebasis and the password is not reverse decryptable). Also depending on the client and server you can even create aencrypted pppoe tunnel so not only the login frames are encoded butALL traffic is encrypted as well.. Plus you can turn on compression as well and you can compress thetraffic between the clients and the server. Save you some bandwidththere.. TWN> I just don't see the need right now.....any advice would be greatlyTWN> appreciated? You could probably get away by doing what your doing without anyproblems. But who knows you might not and the problem is that you willalmost NEVER be able to tell for sure if you been hacked.Only way to tell is if you KNOW that a certain radio is offline andyet the client is sending data OR your trying to manage a radio andsometimes you have problem getting into the unit. Say if the hacker isusing a different brand of radio and you try to us SimpleMonitor onyour clients radio the hackers radio don't understand simplemonitorand when you try to connect it might tell you failure to connect IFthe hackers radio responded first. But if the clients radio respondfirst then you get your info.Also if you look in the association list you might see that the remoteclient identifies as say a DLINK instead of a smartbridges radio butthat is not a guarantee that you will see that (ones again depends onwhat radio was fastest in their reply). When you run pppoe you can set "only-one" just like on dailup so ifuser A have successfully logged in he has to logoff before someoneelse can login with user A's username and password. This way IF thehacker get hold of it as long as user A is online the hacker can't useit. If hacker get online then user A can't get online but then hey hewill call complain and you will take a look and see that he is alreadyonline. You kick the user offline and he can get online then somewhatlater he calls again complain. Now you kick him offline but ask him toturn of his radio and you see him getting back online even though hisradio is off.. HACKER ALERT!!!Time to change that users password... Best regards,Eje Gustafsson mailto:[EMAIL PROTECTED] ---The Family Entertainment Network http://www.fament.com Phone : 620-231-7777 Fax : 620-231-4066eBay UserID : macahan - Your Full Time Professionals - |
- Re: [smartBridges] Why use PPPoE?? Jeremy Oswalt
- Re: [smartBridges] Why use PPPoE?? Patti Jones
- Re[2]: [smartBridges] Why use PPPoE?? Eje Gustafsson
- Re: Re[2]: [smartBridges] Why use PPPoE?? Billy Huddleston
