That is what SB uses for radius. For pppoe you can use whatever you want. We just set it to username and password. That way I can easily keep up with bandwidth and when I view the connections in Microtik they make some sense instead of just numbers.
Patti ----- Original Message ----- From: "The Wirefree Network" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 02, 2003 2:24 PM Subject: Re: [smartBridges] Why use PPPoE?? > Question on username/password for PPPoE. Not for HOTSPOT. > > I recall a while back someone mentioning something about using the > clients MAC address for the username and IP for password. Or something > like that. > > Being that I will provide my clients with the SOHO router preconfigured > for PPPoE, and the client will not know what these are...I can set them > to whatever I want. > > 1. What should I set them to?? > 2. What is the purpose of setting MAC and IP into the > username/password?? > > Thanks! > > Sully > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eje Gustafsson > Sent: Monday, September 29, 2003 9:05 AM > To: The Wirefree Network > Subject: Re[2]: [smartBridges] Why use PPPoE?? > > That sounds great.. Might want to add hotspot where you can advertise > your business name as well open up your AP but disallow client to > client communications. That way someone could find your AP associate > with it and get your "business ad" then they call you per instructions > on your page. Can simply remove the login option if you don't want to > allow automated signups. > > / Eje > > Monday, September 29, 2003, 10:52:01 AM, you wrote: > > TWN> "IF" I use PPPoE, I am pretty sure that my setup scenario will > prevent > TWN> what you are speaking of. > > TWN> I already provide a router at EVERY install. This router has > built-in > TWN> PPPoE. The clients behind this router will ALL gain access to our > TWN> network via THIS router. The Username/Password is preloaded, and > TWN> Password is hashed. So...they cant hand it out to someone else. > My > TWN> NOC IPs are the only IPs authorized to manage the router. > > TWN> I track EVERYONE's usage. If they go over my set bandwidth limits > (per > TWN> month), then I charge them. This STOPS them from purposely sharing > TWN> their bandwidth with neighbors. > > TWN> I am using MAC internal (soon RADIUS) for authorizing the sB > (wireless) > TWN> device with the aPPo. This STOPS odd balls from associating with > my > TWN> aPPo. > > TWN> I will most likely use PPPoE for authorization to communicate > through > TWN> the gateway. This will STOP folks from being able to surf for free. > > TWN> I use WEP for all wireless traffic. This STOPS the illpatient, > kiddie > TWN> script hacker from eavesdropping. WEP is not that easy to crack > (have > TWN> you done it on an sB network?). > > TWN> Again...I am NOT running a HOTSPOT. I do NOT allow passerbys to > connect > TWN> to my network to get to a login/payment home page!! > > TWN> I provide ALL the equipment necessary to connect to MY network. I > DO > TWN> NOT provide the clients with ANY knowledge of the wireless network. > > > TWN> All they know is that they hook up their switch inside their > TWN> home/building and set all PCs to DHCP. If they want to use their > own > TWN> wireless router inside the home/building, then fine...they still > need to > TWN> setup the WAN side for DHCP and I dont care what they do on the LAN > side > TWN> of their router. I also use the rooftop sB device to periodically > sniff > TWN> the wireless traffic (looking for APs) around my clients locations. > If > TWN> I find unsecured networks or networks on my channels, I go for a > drive > TWN> and inform them of the problems they may have (me as well) with > their > TWN> network and offer my assistance (most likely gain a client at the > same > TWN> time). > > TWN> What do y'all think?? > > TWN> Sully > > TWN> -----Original Message----- > TWN> From: [EMAIL PROTECTED] > TWN> [mailto:[EMAIL PROTECTED] On Behalf Of Sevak Avakians > TWN> Sent: Monday, September 29, 2003 5:52 AM > TWN> To: [EMAIL PROTECTED] > TWN> Subject: Re: [smartBridges] Why use PPPoE?? > > > TWN> Here's a scenario (close to what I may be having): > > TWN> 2 friends (or brothers) who live in separate houses decide to pay > for > TWN> only 1 service, use the legitimate MAC address for the other friend > and > TWN> both are online. If we add ppoe, wouldn't they still be able to > just > TWN> share the login & pw? Can anything be done about this? > > TWN> Sevak > > > TWN> On Sun, 2003-09-28 at 22:26, Eje Gustafsson wrote: > > TWN>> This is slightly OT... > > > > TWN>> FIRST...a little background: > > > > TWN>> I have a pure sB wireless network. ALL of my clients are > connected > TWN> via > > TWN>> an airBridge or airPoint. I obviously do not provide any > TWN> information > > TWN>> about our network to my clients, nor do they have admin rights to > TWN> the sB > > TWN>> device. Therefore, the network is pretty locked down...which does > TWN> not > > TWN>> allow clients to sniff wireless traffic (without first cracking > TWN> WEP) > > TWN>> because they can NOT put the sB device into promiscuous mode. > > > > TWN>> I will NEVER have the need to allow non-paying customers to access > TWN> my > > TWN>> network either (hotspot webpage login). > > > > TWN>> I currently use WEP and MAC internal authentication (although I > TWN> will > > TWN>> soon move to external RADIUS). > > > > TWN>> I deploy SOHO routers at EVERY client home which is located > between > TWN> the > > TWN>> sB device and the client internal network. I assign static IPs to > TWN> EVERY > > TWN>> sB device and client router. Therefore, there are only 2 IPs seen > TWN> from > > TWN>> any one of my clients (sB device and router). > > > > TWN>> My SOHO router that I deploy at EVERY client has web based admin > > TWN>> authorized from ONLY my NOC IP addresses. This allows me to not > TWN> only > > TWN>> manage all the devices remotely, but it also allows me to PING the > > TWN>> internal network (beyond the sB device) to prove that the sB > device > TWN> is > > TWN>> passing traffic to the wired LAN. Piece of mind for me. > > > > TWN>> The SOHO routers have built-in PPPoE that I "could" enable if I > TWN> want to. > > > > TWN>> My question is this....Why should "I" use PPPoE for "THIS" > network? > > > > TWN> Additional security. > > > > TWN>> 1. Does it provide more security? (not really, I think) > > TWN> Absolutely. > > > > TWN>> 2. Or would the only reason be for bandwidth limiting (which I > TWN> currently > > TWN>> can not do)? > > > > TWN> That to. > > > > TWN>> I do NEEEEEED bandwidth limiting, but the new XO radios will do > TWN> this. > > TWN>> So...really...does the use of PPPoE provide any greater level of > > TWN>> security? > > > > TWN> Yes Sir sure does. > > > > TWN>> If someone manages to crack my WEP, then sniff someone's IP and > TWN> MAC, > > TWN>> then bumps that client off the network and assumes their identity, > TWN> would > > TWN>> PPPoE stop them from surfing? Who would really care at that > TWN> point?? > > > > TWN> Cracking your WEP ain't to hard. Sniffing someone's IP and MAC > isn't > > TWN> that hard either... Now to the killer they don't need to bump the > > TWN> client of the network to assume their identity. They could simply > just > > TWN> assume their identity and surf away with piece in mind. > > TWN> As long as the client can't hear the thiefs radio then their router > > TWN> will not complain about duplicate ip on the network it just assumes > > TWN> the traffic that was sent to the ip/mac combo was someone > attempting > > TWN> to communicate with them and simply ignore it while the thief also > > TWN> will get the traffic which is to him legit. > > TWN> The thief will be surfing away stealing your service and you would > > TWN> NEVER know about it. > > TWN> PPPoE if their login have not been authorized they don't get an IP > and > > TWN> can not surf. Since you no longer is passing TCP traffic but PPPoE > > TWN> traffic you have to have a special software to create the pppoe > > TWN> tunnel. When you run PPPoE you don't even need to have a IP assign > on > > TWN> your routers ethernet interface that is to your clients because > it's > > TWN> all done over pppoe. > > > > TWN>> Does PPPoE use encrypted LOGIN? > > > > TWN> Yes Sir. Encrypted logins so they have to capture the PPPoE login > > TWN> frames and then be able to crack the username and password out of > > TWN> those frames (pretty much impossible since it's done on a handshake > > TWN> basis and the password is not reverse decryptable). > > > > TWN> Also depending on the client and server you can even create a > > TWN> encrypted pppoe tunnel so not only the login frames are encoded but > > TWN> ALL traffic is encrypted as well.. > > > > TWN> Plus you can turn on compression as well and you can compress the > > TWN> traffic between the clients and the server. Save you some bandwidth > > TWN> there.. > > > > TWN>> I just don't see the need right now.....any advice would be > greatly > > TWN>> appreciated? > > > > TWN> You could probably get away by doing what your doing without any > > TWN> problems. But who knows you might not and the problem is that you > will > > TWN> almost NEVER be able to tell for sure if you been hacked. > > TWN> Only way to tell is if you KNOW that a certain radio is offline and > > TWN> yet the client is sending data OR your trying to manage a radio and > > TWN> sometimes you have problem getting into the unit. Say if the hacker > is > > TWN> using a different brand of radio and you try to us SimpleMonitor on > > TWN> your clients radio the hackers radio don't understand simplemonitor > > TWN> and when you try to connect it might tell you failure to connect IF > > TWN> the hackers radio responded first. But if the clients radio respond > > TWN> first then you get your info. > > TWN> Also if you look in the association list you might see that the > remote > > TWN> client identifies as say a DLINK instead of a smartbridges radio > but > > TWN> that is not a guarantee that you will see that (ones again depends > on > > TWN> what radio was fastest in their reply). > > > > TWN> When you run pppoe you can set "only-one" just like on dailup so if > > TWN> user A have successfully logged in he has to logoff before someone > > TWN> else can login with user A's username and password. This way IF the > > TWN> hacker get hold of it as long as user A is online the hacker can't > use > > TWN> it. If hacker get online then user A can't get online but then hey > he > > TWN> will call complain and you will take a look and see that he is > already > > TWN> online. You kick the user offline and he can get online then > somewhat > > TWN> later he calls again complain. Now you kick him offline but ask him > to > > TWN> turn of his radio and you see him getting back online even though > his > > TWN> radio is off.. HACKER ALERT!!! > > TWN> Time to change that users password... > > > > TWN> Best regards, > > TWN> Eje Gustafsson <mailto:[EMAIL PROTECTED]> > TWN> mailto:[EMAIL PROTECTED] > > TWN> --- > > TWN> The Family Entertainment Network <http://www.fament.com> > TWN> http://www.fament.com > > TWN> Phone : 620-231-7777 Fax : 620-231-4066 > > TWN> eBay UserID : macahan > > TWN> - Your Full Time Professionals - > > > > > Best regards, > Eje Gustafsson mailto:[EMAIL PROTECTED] > --- > The Family Entertainment Network eFax : 240-376-7272 > Phone : 620-231-7777 Fax : 620-231-4066 > Online Store http://www.fament.com/catalog/ > - Your Full Time Professionals - > > -- > [This E-mail scanned for viruses by Declude Virus] > > ----------ANNOUNCEMENT---------- > Don't forget to register for WISPCON IV > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > smartBridges) > Archives: http://archives.part-15.org > > ----------ANNOUNCEMENT---------- > Don't forget to register for WISPCON IV > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) > Archives: http://archives.part-15.org > ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
