I'm sorry I don't follow why you wouldn't be able to do much if they use broadband router ?
Yes PPPoE would kill this right off. Sure they can share the username/password BUT with the option of only-one in the pppoe server then only one of them can be online at the same time. If they still want to share then they have to setup a network between themselves so they use ONE connection to get on the net. Then you simply bill them per usage (bandwidth consumed) and when doing pppoe you get accounting data collected and you can easily bill based on it. =) / Eje Monday, September 29, 2003, 8:05:24 AM, you wrote: JO> You can set the PPOE to allow for one session, but if they are using a JO> broadband router, then there's not much you can do. JO> If you are worried about their usage, then you should probably bill by JO> usage. JO> Jeremy JO> -----Original Message----- JO> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] JO> On Behalf Of Sevak Avakians JO> Sent: Monday, September 29, 2003 8:52 AM JO> To: [EMAIL PROTECTED] JO> Subject: Re: [smartBridges] Why use PPPoE?? JO> Here's a scenario (close to what I may be having): JO> 2 friends (or brothers) who live in separate houses decide to pay for only 1 JO> service, use the legitimate MAC address for the other friend and both are JO> online. If we add ppoe, wouldn't they still be able to just share the login JO> & pw? Can anything be done about this? JO> Sevak JO> On Sun, 2003-09-28 at 22:26, Eje Gustafsson wrote: TWN>> This is slightly OT... TWN>> FIRST...a little background: TWN>> I have a pure sB wireless network. ALL of my clients are connected via TWN>> an airBridge or airPoint. I obviously do not provide any information TWN>> about our network to my clients, nor do they have admin rights to the JO> sB TWN>> device. Therefore, the network is pretty locked down...which does not TWN>> allow clients to sniff wireless traffic (without first cracking WEP) TWN>> because they can NOT put the sB device into promiscuous mode. TWN>> I will NEVER have the need to allow non-paying customers to access my TWN>> network either (hotspot webpage login). TWN>> I currently use WEP and MAC internal authentication (although I will TWN>> soon move to external RADIUS). TWN>> I deploy SOHO routers at EVERY client home which is located between the TWN>> sB device and the client internal network. I assign static IPs to JO> EVERY TWN>> sB device and client router. Therefore, there are only 2 IPs seen from TWN>> any one of my clients (sB device and router). TWN>> My SOHO router that I deploy at EVERY client has web based admin TWN>> authorized from ONLY my NOC IP addresses. This allows me to not only TWN>> manage all the devices remotely, but it also allows me to PING the TWN>> internal network (beyond the sB device) to prove that the sB device is TWN>> passing traffic to the wired LAN. Piece of mind for me. TWN>> The SOHO routers have built-in PPPoE that I "could" enable if I want JO> to. TWN>> My question is this....Why should "I" use PPPoE for "THIS" network? JO> Additional security. TWN>> 1. Does it provide more security? (not really, I think) JO> Absolutely. TWN>> 2. Or would the only reason be for bandwidth limiting (which I JO> currently TWN>> can not do)? JO> That to. TWN>> I do NEEEEEED bandwidth limiting, but the new XO radios will do this. TWN>> So...really...does the use of PPPoE provide any greater level of TWN>> security? JO> Yes Sir sure does. TWN>> If someone manages to crack my WEP, then sniff someone's IP and MAC, TWN>> then bumps that client off the network and assumes their identity, JO> would TWN>> PPPoE stop them from surfing? Who would really care at that point?? JO> Cracking your WEP ain't to hard. Sniffing someone's IP and MAC isn't JO> that hard either... Now to the killer they don't need to bump the JO> client of the network to assume their identity. They could simply just JO> assume their identity and surf away with piece in mind. JO> As long as the client can't hear the thiefs radio then their router JO> will not complain about duplicate ip on the network it just assumes JO> the traffic that was sent to the ip/mac combo was someone attempting JO> to communicate with them and simply ignore it while the thief also JO> will get the traffic which is to him legit. JO> The thief will be surfing away stealing your service and you would JO> NEVER know about it. JO> PPPoE if their login have not been authorized they don't get an IP and JO> can not surf. Since you no longer is passing TCP traffic but PPPoE JO> traffic you have to have a special software to create the pppoe JO> tunnel. When you run PPPoE you don't even need to have a IP assign on JO> your routers ethernet interface that is to your clients because it's JO> all done over pppoe. TWN>> Does PPPoE use encrypted LOGIN? JO> Yes Sir. Encrypted logins so they have to capture the PPPoE login JO> frames and then be able to crack the username and password out of JO> those frames (pretty much impossible since it's done on a handshake JO> basis and the password is not reverse decryptable). JO> Also depending on the client and server you can even create a JO> encrypted pppoe tunnel so not only the login frames are encoded but JO> ALL traffic is encrypted as well.. JO> Plus you can turn on compression as well and you can compress the JO> traffic between the clients and the server. Save you some bandwidth JO> there.. TWN>> I just don't see the need right now.....any advice would be greatly TWN>> appreciated? JO> You could probably get away by doing what your doing without any JO> problems. But who knows you might not and the problem is that you will JO> almost NEVER be able to tell for sure if you been hacked. JO> Only way to tell is if you KNOW that a certain radio is offline and JO> yet the client is sending data OR your trying to manage a radio and JO> sometimes you have problem getting into the unit. Say if the hacker is JO> using a different brand of radio and you try to us SimpleMonitor on JO> your clients radio the hackers radio don't understand simplemonitor JO> and when you try to connect it might tell you failure to connect IF JO> the hackers radio responded first. But if the clients radio respond JO> first then you get your info. JO> Also if you look in the association list you might see that the remote JO> client identifies as say a DLINK instead of a smartbridges radio but JO> that is not a guarantee that you will see that (ones again depends on JO> what radio was fastest in their reply). JO> When you run pppoe you can set "only-one" just like on dailup so if JO> user A have successfully logged in he has to logoff before someone JO> else can login with user A's username and password. This way IF the JO> hacker get hold of it as long as user A is online the hacker can't use JO> it. If hacker get online then user A can't get online but then hey he JO> will call complain and you will take a look and see that he is already JO> online. You kick the user offline and he can get online then somewhat JO> later he calls again complain. Now you kick him offline but ask him to JO> turn of his radio and you see him getting back online even though his JO> radio is off.. HACKER ALERT!!! JO> Time to change that users password... JO> Best regards, JO> Eje Gustafsson <mailto:[EMAIL PROTECTED]> JO> mailto:[EMAIL PROTECTED] JO> --- JO> The Family Entertainment Network <http://www.fament.com> JO> http://www.fament.com JO> Phone : 620-231-7777 Fax : 620-231-4066 JO> eBay UserID : macahan JO> - Your Full Time Professionals - Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network eFax : 240-376-7272 Phone : 620-231-7777 Fax : 620-231-4066 Online Store http://www.fament.com/catalog/ - Your Full Time Professionals - -- [This E-mail scanned for viruses by Declude Virus] ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
