[isf-wifidog] WIfidog client and non-authenticated user isolation
Rein Petersen
rein.petersen at gmail.com
Dim 19 Fév 18:10:24 EST 2006
Just another question about wl0_ap_isolate:
Are computers physically connected to the router subject (via ethernet
ports) to this setting?
This just reminded me of another question:
Are computers physically connected to the router (via ethernet ports)
redirected to login/portal pages or can they subvert the process?
Thx, Rein
On 2/19/06, Rein Petersen <rein.petersen at gmail.com> wrote:
>
> Hey Max,
>
> Thanks for letting me know about wl0_ap_isolate option in wifidog client -
> it's nice to know that authenticated users have some protection from wanton
> wardrivers. I'll be proposing that we implement the feature on all routers
> part of the Wireless Toronto network.
>
> Thanks again, Rein
>
> On 2/19/06, Max Horváth <max.horvath at maxspot.de> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi Rein,
> >
> > Rein Petersen wrote:
> >
> > > Hi All,
> > >
> > > I was performing a few tests with Wifidog client and found that a
> > > non-authenticated user was able to ping authenticated users.
> > >
> > > Is OpenWRT capable of isolating all network activity of non-
> > > authenticated users (by MAC address I suppose) to protect legit
> > > users from war-drivers?
> >
> > There is no filtering possible.
> >
> > What you might do is setting the NVRAM variable wl0_ap_isolate to the
> > value of 1. This will enable AP client isolation. It means that you
> > hide clients from each other. Setting it to 0 (which is enabled by
> > default) means that you allow clients to see each other.
> >
> > So wl0_ap_isolate=1 will not only disallow any communication between
> > unauthenticated users, but all. It is what we here at maxspot did.
> > Just to meet security issue. Cause it turns out that you cannot just
> > filter between authenticated and unauthenticated users.
> >
>
--
Rein Petersen MCP MCP+I MCSE MCDBA MCAD
Software Engineer
-------------- section suivante --------------
Une pièce jointe HTML a été enlevée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060219/3dae77a6/attachment-0001.html
More information about the WiFiDog
mailing list