[isf-wifidog] rogue gateways?

pjf at cape.com pjf at cape.com
Jeu 6 Sep 22:54:30 EDT 2007 

See it, been there.

I deleted the default node in the db, and created a 'test node' so the
default will never work.

I ran across this when I was helping a startup community group, and they
were installing and setting up their hotspots, we were hosting their
authentication on our server with a different network ID.

Needless to say once they had their own auth-server up, I was still seeing
their new nodes showing up periodically in the default, sometimes for days
at a time, I needed to do something and deleting the default, and creating
a test was the simple answer.  You are supposed to go into the node to set
it up anyways so using a default seemed a bit too easy.

Sice then I have rolled our own wifidog for OpenWRT, with our default test
node setup and all the appropriate settings (needed a default in case of a
reset, or if we needed to do a full reset remotely, and then go into it
and reconfigure as needed)
and yes the password is also pre-set in this package so we can get into it
to manage it from a reset...

Just my 2 cents

-Pete Flaherty
 Cape Com Wifi Services

> This is a weird one...
>
> Today I received a support call from a user -- her password wasn't
> working.
> I asked what hotspot she was logging into, and as it turns out, she's in
> downtown Ottawa.  Wireless Toronto doesn't have any hotspots in Ottawa,
> and
> our tech support phone number is only available on our login & portal
> pages.
>
> So I did a little digging, and this user has been logging into our network
> for the past 2 months, on the node with gw_id "default".  We use that node
> only for testing, and I hadn't noticed that it's been "up" for a while
> now.
>
>
> So, apart from trying to figure out who is running this, I'm wondering
> about
> the question of "rogue" gateways.  Has anyone had this happen to them
> before?  And a related question: what would happen if two gateways were
> reporting the same gw_id?
>
> We *do* have full step-by-step instructions on our wiki about how we set
> up
> our routers, and I'd thought that the benefit-to-the-community aspect
> would
> outweigh the too-much-sensitive-information issue, but now I guess I have
> to
> reconsider.
>
> Has anyone thought about an authentication scheme for gateways?  A cert
> system, maybe, like OpenVPN uses?
>
> Gabe
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

Plus d'informations sur la liste de diffusion WiFiDog