[isf-wifidog] rogue gateways?

Benoit Grégoire bock at step.polymtl.ca
Jeu 6 Sep 15:19:03 EDT 2007


> So, apart from trying to figure out who is running this, I'm wondering
> about the question of "rogue" gateways.  Has anyone had this happen to them
> before?

Very frequently, it is (or was) a documented feature that anyone can set a 
gateway to id "default" and connect to a auth server by default.  And isf's 
server addresses are in the default config file...
 
> And a related question: what would happen if two gateways were 
> reporting the same gw_id?

Nothing, both would work fine.  Off course, you couldn't tell if one of the 
two is down.

> We *do* have full step-by-step instructions on our wiki about how we set up
> our routers, and I'd thought that the benefit-to-the-community aspect would
> outweigh the too-much-sensitive-information issue, but now I guess I have
> to reconsider.
>
> Has anyone thought about an authentication scheme for gateways?  A cert
> system, maybe, like OpenVPN uses?

Yes, but any of the common crypto libraries a by themselves MUCH bigger than 
the wifidog gateway.  This would have to be an optional compile.  

It would be of really limited value to a community providing free wireless, 
and would make deployments quite a bit more complicated.  I only see it 
making sense only in a context where one is selling access to prevent someone 
crafting a request to maliciously run up someone's bill (but your still have 
to know a one-time token associated to that user, and that is normally never 
run over the air).  



Plus d'informations sur la liste de diffusion WiFiDog