[isf-wifidog] rogue gateways?
Benoit Grégoire
bock at step.polymtl.ca
Jeu 6 Sep 15:19:03 EDT 2007
> So, apart from trying to figure out who is running this, I'm wondering
> about the question of "rogue" gateways. Has anyone had this happen to them
> before?
Very frequently, it is (or was) a documented feature that anyone can set a
gateway to id "default" and connect to a auth server by default. And isf's
server addresses are in the default config file...
> And a related question: what would happen if two gateways were
> reporting the same gw_id?
Nothing, both would work fine. Off course, you couldn't tell if one of the
two is down.
> We *do* have full step-by-step instructions on our wiki about how we set up
> our routers, and I'd thought that the benefit-to-the-community aspect would
> outweigh the too-much-sensitive-information issue, but now I guess I have
> to reconsider.
>
> Has anyone thought about an authentication scheme for gateways? A cert
> system, maybe, like OpenVPN uses?
Yes, but any of the common crypto libraries a by themselves MUCH bigger than
the wifidog gateway. This would have to be an optional compile.
It would be of really limited value to a community providing free wireless,
and would make deployments quite a bit more complicated. I only see it
making sense only in a context where one is selling access to prevent someone
crafting a request to maliciously run up someone's bill (but your still have
to know a one-time token associated to that user, and that is normally never
run over the air).
Plus d'informations sur la liste de diffusion WiFiDog