Re: [smartBridges] MAC Address lists..

[David Moss]

 Thanks for the advice...   Some more information... The network isn't live yet ie. the gateway to the Internet hasn't been installed yet.  I have about 15 airbridge clients installed for testing though - Each airbridge is simple deployed with a unique name, usually the customers surname... These surnames appear correctly in the list, but the mac addresses are mostly shown as being a particular address.  The problem address is usually the one that is on the end of the list.  There is currently no security whatsoever, so there would be little point in anyone spoofing a mac to get on the network...   I think it must be a small bug in the Simplemonitor software - it isn't causing to much of a problem - its just annoying and doesn't inspire confidence...   thanks for your help...   David   ----- Original Message ----- From: Sevak Avakians To: [EMAIL PROTECTED] Sent: Saturday, October 04, 2003 4:08 PM Subject: Re: [smartBridges] MAC Address lists.. Then are you using PPOE or some other method of authentication? If you aren't, then basically you've left your network open to anyone who wants to get on your network and gain free Internet service.  MAC addresses can be "cloned" easily.  Perhaps one of your customers has given out their MAC address and the others are using it to get online.  (I had similar issues and posted a note about this roughly a week ago...) If you are using simpleNMS, all the MAC addresses should be listed.  The only legitimate MAC addresses will show up as viewable using simpleNMS because they are smartBridges radios.  All the others that are not legitimate SB radios will not be viewable/configurable.  Only the MAC address will show up with a little symbol next to it.  (I think it's a triangle with a exclamation point or question mark inside.) My recommendation would be to turn on WEP encryption and use only the "Shared" method (not "Open" or "Both").  Set it on both the APPO and the CPE.  This will automatically knock off those people who are stealing service from you.  Just NEVER give out the WEP key to anyone and your network is safe from service theft. On Sat, 2003-10-04 at 10:17, David Moss wrote:  I am not using WEP. ----- Original Message ----- From: Sevak Avakians To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 12:00 AM Subject: Re: [smartBridges] MAC Address lists.. David, Do you have WEP encryption enabled?  Are your WEP keys a secret only you know (and NONE of your customers)? Sevak On Thu, 2003-10-02 at 15:54, David Moss wrote: Hello. When searching for airbridges using the software provided ie. SimpleMonitor, I get a list of different subscriber units, but most have the same MAC address. Why is this? Regards. David ----- Original Message ----- From: "Patti Jones" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 02, 2003 8:43 PM Subject: Re: [smartBridges] Why use PPPoE?? > That is what SB uses for radius. For pppoe you can use whatever you want. > We just set it to username and password. That way I can easily keep up with > bandwidth and when I view the connections in Microtik they make some sense > instead of just numbers. > > Patti > ----- Original Message ----- > From: "The Wirefree Network" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 02, 2003 2:24 PM > Subject: Re: [smartBridges] Why use PPPoE?? > > > > Question on username/password for PPPoE. Not for HOTSPOT. > > > > I recall a while back someone mentioning something about using the > > clients MAC address for the username and IP for password. Or something > > like that. > > > > Being that I will provide my clients with the SOHO router preconfigured > > for PPPoE, and the client will not know what these are...I can set them > > to whatever I want. > > > > 1. What should I set them to?? > > 2. What is the purpose of setting MAC and IP into the > > username/password?? > > > > Thanks! > > > > Sully > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Eje Gustafsson > > Sent: Monday, September 29, 2003 9:05 AM > > To: The Wirefree Network > > Subject: Re[2]: [smartBridges] Why use PPPoE?? > > > > That sounds great.. Might want to add hotspot where you can advertise > > your business name as well open up your AP but disallow client to > > client communications. That way someone could find your AP associate > > with it and get your "business ad" then they call you per instructions > > on your page. Can simply remove the login option if you don't want to > > allow automated signups. > > > > / Eje > > > > Monday, September 29, 2003, 10:52:01 AM, you wrote: > > > > TWN> "IF" I use PPPoE, I am pretty sure that my setup scenario will > > prevent > > TWN> what you are speaking of. > > > > TWN> I already provide a router at EVERY install. This router has > > built-in > > TWN> PPPoE. The clients behind this router will ALL gain access to our > > TWN> network via THIS router. The Username/Password is preloaded, and > > TWN> Password is hashed. So...they cant hand it out to someone else. > > My > > TWN> NOC IPs are the only IPs authorized to manage the router. > > > > TWN> I track EVERYONE's usage. If they go over my set bandwidth limits > > (per > > TWN> month), then I charge them. This STOPS them from purposely sharing > > TWN> their bandwidth with neighbors. > > > > TWN> I am using MAC internal (soon RADIUS) for authorizing the sB > > (wireless) > > TWN> device with the aPPo. This STOPS odd balls from associating with > > my > > TWN> aPPo. > > > > TWN> I will most likely use PPPoE for authorization to communicate > > through > > TWN> the gateway. This will STOP folks from being able to surf for free. > > > > TWN> I use WEP for all wireless traffic. This STOPS the illpatient, > > kiddie > > TWN> script hacker from eavesdropping. WEP is not that easy to crack > > (have > > TWN> you done it on an sB network?). > > > > TWN> Again...I am NOT running a HOTSPOT. I do NOT allow passerbys to > > connect > > TWN> to my network to get to a login/payment home page!! > > > > TWN> I provide ALL the equipment necessary to connect to MY network. I > > DO > > TWN> NOT provide the clients with ANY knowledge of the wireless network. > > > > > > TWN> All they know is that they hook up their switch inside their > > TWN> home/building and set all PCs to DHCP. If they want to use their > > own > > TWN> wireless router inside the home/building, then fine...they still > > need to > > TWN> setup the WAN side for DHCP and I dont care what they do on the LAN > > side > > TWN> of their router. I also use the rooftop sB device to periodically > > sniff > > TWN> the wireless traffic (looking for APs) around my clients locations. > > If > > TWN> I find unsecured networks or networks on my channels, I go for a > > drive > > TWN> and inform them of the problems they may have (me as well) with > > their > > TWN> network and offer my assistance (most likely gain a client at the > > same > > TWN> time). > > > > TWN> What do y'all think?? > > > > TWN> Sully > > > > TWN> -----Original Message----- > > TWN> From: [EMAIL PROTECTED] > > TWN> [mailto:[EMAIL PROTECTED]] On Behalf Of Sevak Avakians > > TWN> Sent: Monday, September 29, 2003 5:52 AM > > TWN> To: [EMAIL PROTECTED] > > TWN> Subject: Re: [smartBridges] Why use PPPoE?? > > > > > > TWN> Here's a scenario (close to what I may be having): > > > > TWN> 2 friends (or brothers) who live in separate houses decide to pay > > for > > TWN> only 1 service, use the legitimate MAC address for the other friend > > and > > TWN> both are online. If we add ppoe, wouldn't they still be able to > > just > > TWN> share the login & pw? Can anything be done about this? > > > > TWN> Sevak > > > > > > TWN> On Sun, 2003-09-28 at 22:26, Eje Gustafsson wrote: > > > > TWN>> This is slightly OT... > > > > > > > > TWN>> FIRST...a little background: > > > > > > > > TWN>> I have a pure sB wireless network. ALL of my clients are > > connected > > TWN> via > > > > TWN>> an airBridge or airPoint. I obviously do not provide any > > TWN> information > > > > TWN>> about our network to my clients, nor do they have admin rights to > > TWN> the sB > > > > TWN>> device. Therefore, the network is pretty locked down...which does > > TWN> not > > > > TWN>> allow clients to sniff wireless traffic (without first cracking > > TWN> WEP) > > > > TWN>> because they can NOT put the sB device into promiscuous mode. > > > > > > > > TWN>> I will NEVER have the need to allow non-paying customers to access > > TWN> my > > > > TWN>> network either (hotspot webpage login). > > > > > > > > TWN>> I currently use WEP and MAC internal authentication (although I > > TWN> will > > > > TWN>> soon move to external RADIUS). > > > > > > > > TWN>> I deploy SOHO routers at EVERY client home which is located > > between > > TWN> the > > > > TWN>> sB device and the client internal network. I assign static IPs to > > TWN> EVERY > > > > TWN>> sB device and client router. Therefore, there are only 2 IPs seen > > TWN> from > > > > TWN>> any one of my clients (sB device and router). > > > > > > > > TWN>> My SOHO router that I deploy at EVERY client has web based admin > > > > TWN>> authorized from ONLY my NOC IP addresses. This allows me to not > > TWN> only > > > > TWN>> manage all the devices remotely, but it also allows me to PING the > > > > TWN>> internal network (beyond the sB device) to prove that the sB > > device > > TWN> is > > > > TWN>> passing traffic to the wired LAN. Piece of mind for me. > > > > > > > > TWN>> The SOHO routers have built-in PPPoE that I "could" enable if I > > TWN> want to. > > > > > > > > TWN>> My question is this....Why should "I" use PPPoE for "THIS" > > network? > > > > > > > > TWN> Additional security. > > > > > > > > TWN>> 1. Does it provide more security? (not really, I think) > > > > TWN> Absolutely. > > > > > > > > TWN>> 2. Or would the only reason be for bandwidth limiting (which I > > TWN> currently > > > > TWN>> can not do)? > > > > > > > > TWN> That to. > > > > > > > > TWN>> I do NEEEEEED bandwidth limiting, but the new XO radios will do > > TWN> this. > > > > TWN>> So...really...does the use of PPPoE provide any greater level of > > > > TWN>> security? > > > > > > > > TWN> Yes Sir sure does. > > > > > > > > TWN>> If someone manages to crack my WEP, then sniff someone's IP and > > TWN> MAC, > > > > TWN>> then bumps that client off the network and assumes their identity, > > TWN> would > > > > TWN>> PPPoE stop them from surfing? Who would really care at that > > TWN> point?? > > > > > > > > TWN> Cracking your WEP ain't to hard. Sniffing someone's IP and MAC > > isn't > > > > TWN> that hard either... Now to the killer they don't need to bump the > > > > TWN> client of the network to assume their identity. They could simply > > just > > > > TWN> assume their identity and surf away with piece in mind. > > > > TWN> As long as the client can't hear the thiefs radio then their router > > > > TWN> will not complain about duplicate ip on the network it just assumes > > > > TWN> the traffic that was sent to the ip/mac combo was someone > > attempting > > > > TWN> to communicate with them and simply ignore it while the thief also > > > > TWN> will get the traffic which is to him legit. > > > > TWN> The thief will be surfing away stealing your service and you would > > > > TWN> NEVER know about it. > > > > TWN> PPPoE if their login have not been authorized they don't get an IP > > and > > > > TWN> can not surf. Since you no longer is passing TCP traffic but PPPoE > > > > TWN> traffic you have to have a special software to create the pppoe > > > > TWN> tunnel. When you run PPPoE you don't even need to have a IP assign > > on > > > > TWN> your routers ethernet interface that is to your clients because > > it's > > > > TWN> all done over pppoe. > > > > > > > > TWN>> Does PPPoE use encrypted LOGIN? > > > > > > > > TWN> Yes Sir. Encrypted logins so they have to capture the PPPoE login > > > > TWN> frames and then be able to crack the username and password out of > > > > TWN> those frames (pretty much impossible since it's done on a handshake > > > > TWN> basis and the password is not reverse decryptable). > > > > > > > > TWN> Also depending on the client and server you can even create a > > > > TWN> encrypted pppoe tunnel so not only the login frames are encoded but > > > > TWN> ALL traffic is encrypted as well.. > > > > > > > > TWN> Plus you can turn on compression as well and you can compress the > > > > TWN> traffic between the clients and the server. Save you some bandwidth > > > > TWN> there.. > > > > > > > > TWN>> I just don't see the need right now.....any advice would be > > greatly > > > > TWN>> appreciated? > > > > > > > > TWN> You could probably get away by doing what your doing without any > > > > TWN> problems. But who knows you might not and the problem is that you > > will > > > > TWN> almost NEVER be able to tell for sure if you been hacked. > > > > TWN> Only way to tell is if you KNOW that a certain radio is offline and > > > > TWN> yet the client is sending data OR your trying to manage a radio and > > > > TWN> sometimes you have problem getting into the unit. Say if the hacker > > is > > > > TWN> using a different brand of radio and you try to us SimpleMonitor on > > > > TWN> your clients radio the hackers radio don't understand simplemonitor > > > > TWN> and when you try to connect it might tell you failure to connect IF > > > > TWN> the hackers radio responded first. But if the clients radio respond > > > > TWN> first then you get your info. > > > > TWN> Also if you look in the association list you might see that the > > remote > > > > TWN> client identifies as say a DLINK instead of a smartbridges radio > > but > > > > TWN> that is not a guarantee that you will see that (ones again depends > > on > > > > TWN> what radio was fastest in their reply). > > > > > > > > TWN> When you run pppoe you can set "only-one" just like on dailup so if > > > > TWN> user A have successfully logged in he has to logoff before someone > > > > TWN> else can login with user A's username and password. This way IF the > > > > TWN> hacker get hold of it as long as user A is online the hacker can't > > use > > > > TWN> it. If hacker get online then user A can't get online but then hey > > he > > > > TWN> will call complain and you will take a look and see that he is > > already > > > > TWN> online. You kick the user offline and he can get online then > > somewhat > > > > TWN> later he calls again complain. Now you kick him offline but ask him > > to > > > > TWN> turn of his radio and you see him getting back online even though > > his > > > > TWN> radio is off.. HACKER ALERT!!! > > > > TWN> Time to change that users password... > > > > > > > > TWN> Best regards, > > > > TWN> Eje Gustafsson <mailto:[EMAIL PROTECTED]> > > TWN> mailto:[EMAIL PROTECTED] > > > > TWN> --- > > > > TWN> The Family Entertainment Network <http://www.fament.com> > > TWN> http://www.fament.com > > > > TWN> Phone : 620-231-7777 Fax : 620-231-4066 > > > > TWN> eBay UserID : macahan > > > > TWN> - Your Full Time Professionals - > > > > > > > > > > Best regards, > > Eje Gustafsson mailto:[EMAIL PROTECTED] > > --- > > The Family Entertainment Network eFax : 240-376-7272 > > Phone : 620-231-7777 Fax : 620-231-4066 > > Online Store http://www.fament.com/catalog/ > > - Your Full Time Professionals - > > > > -- > > [This E-mail scanned for viruses by Declude Virus] > > > > ----------ANNOUNCEMENT---------- > > Don't forget to register for WISPCON IV > > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > > smartBridges) > > Archives: http://archives.part-15.org > > > > ----------ANNOUNCEMENT---------- > > Don't forget to register for WISPCON IV > > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > smartBridges) > > Archives: http://archives.part-15.org > > > > ----------ANNOUNCEMENT---------- > Don't forget to register for WISPCON IV > http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) > Archives: http://archives.part-15.org > ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org