[isf-wifidog] WIfidog client and non-authenticated user isolation
Gabe Sawhney
gabe at pwd.ca
Dim 19 Fév 17:16:33 EST 2006
Hi Rein --
I think if we were running a plain ol' wireless network this would
make sense, but many of us are interested in the community-building
aspects of the technology and (for me, at least) that means enabling
clients on an AP to communicate directly with one another. There
isn't a ton of stuff out there to do this yet, but the
Rendezvous-based stuff is pretty exciting; apps like Jabber,
SubEthaEdit and iTunes are ones that our users will probably be
interested in using locally.
Of course, if turning on wl0_ap_isolate doesn't disrupt
Rendezvous-based apps, then I'm ok with turning this on.
Do commercial WISPs have something similar enabled on their networks?
If not, why not?
Gabe
On 2/19/06, Rein Petersen <rein.petersen at gmail.com> wrote:
> Hey Max,
>
> Thanks for letting me know about wl0_ap_isolate option in wifidog client - it's nice to know that authenticated users have some protection from wanton wardrivers. I'll be proposing that we implement the feature on all routers part of the Wireless Toronto network.
>
> Thanks again, Rein
>
>
>
> On 2/19/06, Max Horváth <max.horvath at maxspot.de> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi Rein,
> >
> > Rein Petersen wrote:
> >
> > > Hi All,
> > >
> > > I was performing a few tests with Wifidog client and found that a
> > > non-authenticated user was able to ping authenticated users.
> > >
> > > Is OpenWRT capable of isolating all network activity of non-
> > > authenticated users (by MAC address I suppose) to protect legit
> > > users from war-drivers?
> >
> > There is no filtering possible.
> >
> > What you might do is setting the NVRAM variable wl0_ap_isolate to the
> > value of 1. This will enable AP client isolation. It means that you
> > hide clients from each other. Setting it to 0 (which is enabled by
> > default) means that you allow clients to see each other.
> >
> > So wl0_ap_isolate=1 will not only disallow any communication between
> > unauthenticated users, but all. It is what we here at maxspot did.
> > Just to meet security issue. Cause it turns out that you cannot just
> > filter between authenticated and unauthenticated users.
> >
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
More information about the WiFiDog
mailing list