[isf-wifidog] WiFiDog Security problem?

[Benoit Grégoire]

On Tuesday 06 November 2007, Jeff Schallenberg wrote:
> On 11/5/07, Benoit Grégoire <bock at step.polymtl.ca> wrote:
> > It's not a "hole", in the sense that wifidog.conf (as distributed by the
> > wifidog project) has sample configs to block access to upstream LAN if so
> > desired.  Aparently, the MSF firmware chose not to implement this block.
>
> Um - what do you mean, by "sample configs" Benoit? Are there several
> different wifidog.conf files in the package?

No, only one.  It's "sample" as it won't connect to anything out of the box.

> I know the wifidog.conf file in the package we (MSF) install (
> http://downloads.openwrt.org/backports/rc5/wifidog_1.1.3_beta2-1_mipsel.ipk
>) is well commented, is that what you mean by "sample configs"? Is there a
> more recent gateway package we should be installing?

Wow, that's really old.  There have been 5 official releases since beta2!  And 
we don't recommend the packages distributed by openwrt, which have packaging 
problems and are really old.

Use the official packages distributed by the wifidog project.

> I don't have access to any flashed router at the moment. I would like to
> prevent our hotspot users from accessing the upstream LAN, i.e. no access
> to other subnets. Could somebody please post the appropriate modifications
> to wifidog.conf that would accomplish that?

The modificcations are in the config file on recent releases.

-- 
Benoit Grégoire
Technologies Coeus inc.
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 189 octets
Desc: This is a digitally signed message part.
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20071106/52d40a25/attachment.pgp