Do you have WEP encryption enabled? Are your WEP keys a secret only you know (and NONE of your customers)?
Sevak
On Thu, 2003-10-02 at 15:54, David Moss wrote:
Hello. When searching for airbridges using the software provided ie. SimpleMonitor, I get a list of different subscriber units, but most have the same MAC address. Why is this? Regards. David ----- Original Message ----- From: "Patti Jones" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 02, 2003 8:43 PM Subject: Re: [smartBridges] Why use PPPoE?? > That is what SB uses for radius. For pppoe you can use whatever you want. > We just set it to username and password. That way I can easily keep up with > bandwidth and when I view the connections in Microtik they make some sense > instead of just numbers. > > Patti > ----- Original Message ----- > From: "The Wirefree Network" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 02, 2003 2:24 PM > Subject: Re: [smartBridges] Why use PPPoE?? > > > > Question on username/password for PPPoE. Not for HOTSPOT. > > > > I recall a while back someone mentioning something about using the > > clients MAC address for the username and IP for password. Or something > > like that. > > > > Being that I will provide my clients with the SOHO router preconfigured > > for PPPoE, and the client will not know what these are...I can set them > > to whatever I want. > > > > 1. What should I set them to?? > > 2. What is the purpose of setting MAC and IP into the > > username/password?? > > > > Thanks! > > > > Sully > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Eje Gustafsson > > Sent: Monday, September 29, 2003 9:05 AM > > To: The Wirefree Network > > Subject: Re[2]: [smartBridges] Why use PPPoE?? > > > > That sounds great.. Might want to add hotspot where you can advertise > > your business name as well open up your AP but disallow client to > > client communications. That way someone could find your AP associate > > with it and get your "business ad" then they call you per instructions > > on your page. Can simply remove the login option if you don't want to > > allow automated signups. > > > > / Eje > > > > Monday, September 29, 2003, 10:52:01 AM, you wrote: > > > > TWN> "IF" I use PPPoE, I am pretty sure that my setup scenario will > > prevent > > TWN> what you are speaking of. > > > > TWN> I already provide a router at EVERY install. This router has > > built-in > > TWN> PPPoE. The clients behind this router will ALL gain access to our > > TWN> network via THIS router. The Username/Password is preloaded, and > > TWN> Password is hashed. So...they cant hand it out to someone else. > > My > > TWN> NOC IPs are the only IPs authorized to manage the router. > > > > TWN> I track EVERYONE's usage. If they go over my set bandwidth limits > > (per > > TWN> month), then I charge them. This STOPS them from purposely sharing > > TWN> their bandwidth with neighbors. > > > > TWN> I am using MAC internal (soon RADIUS) for authorizing the sB > > (wireless) > > TWN> device with the aPPo. This STOPS odd balls from associating with > > my > > TWN> aPPo. > > > > TWN> I will most likely use PPPoE for authorization to communicate > > through > > TWN> the gateway. This will STOP folks from being able to surf for free. > > > > TWN> I use WEP for all wireless traffic. This STOPS the illpatient, > > kiddie > > TWN> script hacker from eavesdropping. WEP is not that easy to crack > > (have > > TWN> you done it on an sB network?). > > > > TWN> Again...I am NOT running a HOTSPOT. I do NOT allow passerbys to > > connect > > TWN> to my network to get to a login/payment home page!! > > > > TWN> I provide ALL the equipment necessary to connect to MY network. I > > DO > > TWN> NOT provide the clients with ANY knowledge of the wireless network. > > > > > > TWN> All they know is that they hook up their switch inside their > > TWN> home/building and set all PCs to DHCP. If they want to use their > > own > > TWN> wireless router inside the home/building, then fine...they still > > need to > > TWN> setup the WAN side for DHCP and I dont care what they do on the LAN > > side > > TWN> of their router. I also use the rooftop sB device to periodically > > sniff > > TWN> the wireless traffic (looking for APs) around my clients locations. > > If > > TWN> I find unsecured networks or networks on my channels, I go for a > > drive > > TWN> and inform them of the problems they may have (me as well) with > > their > > TWN> network and offer my assistance (most likely gain a client at the > > same > > TWN> time). > > > > TWN> What do y'all think?? > > > > TWN> Sully > > > > TWN> -----Original Message----- > > TWN> From: [EMAIL PROTECTED] > > TWN> [mailto:[EMAIL PROTECTED]] On Behalf Of Sevak Avakians > > TWN> Sent: Monday, September 29, 2003 5:52 AM > > TWN> To: [EMAIL PROTECTED] > > TWN> Subject: Re: [smartBridges] Why use PPPoE?? > > > > > > TWN> Here's a scenario (close to what I may be having): > > > > TWN> 2 friends (or brothers) who live in separate houses decide to pay > > for > > TWN> only 1 service, use the legitimate MAC address for the other friend > > and > > TWN> both are online. If we add ppoe, wouldn't they still be able to > > just > > TWN> share the login & pw? Can anything be done about this? > > > > TWN> Sevak > > > > > > TWN> On Sun, 2003-09-28 at 22:26, Eje Gustafsson wrote: > > > > TWN>> This is slightly OT... > > > > > > > > TWN>> FIRST...a little background: > > > > > > > > TWN>> I have a pure sB wireless network. ALL of my clients are > > connected > > TWN> via > > > > TWN>> an airBridge or airPoint. I obviously do not provide any > > TWN> information > > > > TWN>> about our network to my clients, nor do they have admin rights to > > TWN> the sB > > > > TWN>> device. Therefore, the network is pretty locked down...which does > > TWN> not > > > > TWN>> allow clients to sniff wireless traffic (without first cracking > > TWN> WEP) > > > > TWN>> because they can NOT put the sB device into promiscuous mode. > > > > > > > > TWN>> I will NEVER have the need to allow non-paying customers to access > > TWN> my > > > > TWN>> network either (hotspot webpage login). > > > > > > > > TWN>> I currently use WEP and MAC internal authentication (although I > > TWN> will > > > > TWN>> soon move to external RADIUS). > > > > > > > > TWN>> I deploy SOHO routers at EVERY client home which is located > > between > > TWN> the > > > > TWN>> sB device and the client internal network. I assign static IPs to > > TWN> EVERY > > > > TWN>> sB device and client router. Therefore, there are only 2 IPs seen > > TWN> from > > > > TWN>> any one of my clients (sB device and router). > > > > > > > > TWN>> My SOHO router that I deploy at EVERY client has web based admin > > > > TWN>> authorized from ONLY my NOC IP addresses. This allows me to not > > TWN> only > > > > TWN>> manage all the devices remotely, but it also allows me to PING the > > > > TWN>> internal network (beyond the sB device) to prove that the sB > > device > > TWN> is > > > > TWN>> passing traffic to the wired LAN. Piece of mind for me. > > > > > > > > TWN>> The SOHO routers have built-in PPPoE that I "could" enable if I > > TWN> want to. > > > > > > > > TWN>> My question is this....Why should "I" use PPPoE for "THIS" > > network? > > > > > > > > TWN> Additional security. > > > > > > > > TWN>> 1. Does it provide more security? (not really, I think) > > > > TWN> Absolutely. > > > > > > > > TWN>> 2. Or would the only reason be for bandwidth limiting (which I > > TWN> currently > > > > TWN>> can not do)? > > > > > > > > TWN> That to. > > > > > > > > TWN>> I do NEEEEEED bandwidth limiting, but the new XO radios will do > > TWN> this. > > > > TWN>> So...really...does the use of PPPoE provide any greater level of > > > > TWN>> security? > > > > > > > > TWN> Yes Sir sure does. > > > > > > > > TWN>> If someone manages to crack my WEP, then sniff someone's IP and > > TWN> MAC, > > > > TWN>> then bumps that client off the network and assumes their identity, > > TWN> would > > > > TWN>> PPPoE stop them from surfing? Who would really care at that > > TWN> point?? > > > > > > > > TWN> Cracking your WEP ain't to hard. Sniffing someone's IP and MAC > > isn't > > > > TWN> that hard either... Now to the killer they don't need to bump the > > > > TWN> client of the network to assume their identity. They could simply > > just > > > > TWN> assume their identity and surf away with piece in mind. > > > > TWN> As long as the client can't hear the thiefs radio then their router > > > > TWN> will not complain about duplicate ip on the network it just assumes > > > > TWN> the traffic that was sent to the ip/mac combo was someone > > attempting > > > > TWN> to communicate with them and simply ignore it while the thief also > > > > TWN> will get the traffic which is to him legit. > > > > TWN> The thief will be surfing away stealing your service and you would > > > > TWN> NEVER know about it. > > > > TWN> PPPoE if their login have not been authorized they don't get an IP > > and > > > > TWN> can not surf. Since you no longer is passing TCP traffic but PPPoE > > > > TWN> traffic you have to have a special software to create the pppoe > > > > TWN> tunnel. When you run PPPoE you don't even need to have a IP assign > > on > > > > TWN> your routers ethernet interface that is to your clients because > > it's > > > > TWN> all done over pppoe. > > > > > > > > TWN>> Does PPPoE use encrypted LOGIN? > > > > > > > > TWN> Yes Sir. Encrypted logins so they have to capture the PPPoE login > > > > TWN> frames and then be able to crack the username and password out of > > > > TWN> those frames (pretty much impossible since it's done on a handshake > > > > TWN> basis and the password is not reverse decryptable). > > > > > > > > TWN> Also depending on the client and server you can even create a > > > > TWN> encrypted pppoe tunnel so not only the login frames are encoded but > > > > TWN> ALL traffic is encrypted as well.. > > > > > > > > TWN> Plus you can turn on compression as well and you can compress the > > > > TWN> traffic between the clients and the server. Save you some bandwidth > > > > TWN> there.. > > > > > > > > TWN>> I just don't see the need right now.....any advice would be > > greatly > > > > TWN>> appreciated? > > > > > > > > TWN> You could probably get away by doing what your doing without any > > > > TWN> problems. But who knows you might not and the problem is that you > > will > > > > TWN> almost NEVER be able to tell for sure if you been hacked. > > > > TWN> Only way to tell is if you KNOW that a certain radio is offline and > > > > TWN> yet the client is sending data OR your trying to manage a radio and > > > > TWN> sometimes you have problem getting into the unit. Say if the hacker > > is > > > > TWN> using a different brand of radio and you try to us SimpleMonitor on > > > > TWN> your clients radio the hackers radio don't understand simplemonitor > > > > TWN> and when you try to connect it might tell you failure to connect IF > > > > TWN> the hackers radio responded first. But if the clients radio respond > > > > TWN> first then you get your info. > > > > TWN> Also if you look in the association list you might see that the > > remote > > > > TWN> client identifies as say a DLINK instead of a smartbridges radio > > but > > > > TWN> that is not a guarantee that you will see that (ones again depends > > on > > > > TWN> what radio was fastest in their reply). > > > > > > > > TWN> When you run pppoe you can set "only-one" just like on dailup so if > > > > TWN> user A have successfully logged in he has to logoff before someone > > > > TWN> else can login with user A's username and password. This way IF the > > > > TWN> hacker get hold of it as long as user A is online the hacker can't > > use > > > > TWN> it. If hacker get online then user A can't get online but then hey > > he > > > > TWN> will call complain and you will take a look and see that he is > > already > > > > TWN> online. You kick the user offline and he can get online then > > somewhat > > > > TWN> later he calls again complain. Now you kick him offline but ask him > > to > > > > TWN> turn of his radio and you see him getting back online even though > > his > > > > TWN> radio is off.. HACKER ALERT!!! > > > > TWN> Time to change that users password... > > > > > > > > TWN> Best regards, > > > > TWN> Eje Gustafsson <mailto:[EMAIL PROTECTED]> > > TWN> mailto:[EMAIL PROTECTED] > > > > TWN> --- > > > > TWN> The Family Entertainment Network <http://www.fament.com> > > TWN> http://www.fament.com > > > > TWN> Phone : 620-231-7777 Fax : 620-231-4066 > > > > TWN> eBay UserID : macahan > > > > TWN> - Your Full Time Professionals - > > > > > > > > > > Best regards, > > Eje Gustafsson mailto:[EMAIL PROTECTED] > > --- > > The Family Entertainment Network eFax : 240-376-7272 > > Phone : 620-231-7777 Fax : 620-231-4066 > > Online Store http://www.fament.com/catalog/ > > - Your Full Time Professionals - > > > > -- > > [This E-mail scanned for viruses by Declude Virus] > > > > ----------ANNOUNCEMENT---------- > > Don't forget to register for WISPCON IV > > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > > smartBridges) > > Archives: http://archives.part-15.org > > > > ----------ANNOUNCEMENT---------- > > Don't forget to register for WISPCON IV > > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > smartBridges) > > Archives: http://archives.part-15.org > > > > ----------ANNOUNCEMENT---------- > Don't forget to register for WISPCON IV > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) > Archives: http://archives.part-15.org > ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
