Responsible Wireless Access For Your Access Point 64
bgood writes: "O'Reilly Network has an interesting article on authentication for wireless networks. The author discusses both the technical aspects, specifically NoCatAuth, and the overall context of why someone would choose (or not choose) to monitor or track the use of their wireless network. While geared towards network neighborhoods, the article definitely has applicability in more formal settings."
What would be nice (Score:5, Interesting)
Re:What would be nice (Score:2, Interesting)
Specifically allowing businesses and residents to allocate percentages of their bandwidth to opposing buildings/households and reducing their own costs. Possibly even allowing passing motorists with roaming uplinks to their own central servers.
I haven't crunched actual numbers, but I can only guess that that would allow for everyone to have wireless access for an extremely nominal fee and provide the ability for additional redundancy.
Though I don't beleive I'd ever totally do away with a hard line (whether it be phone or cable)
Re:What would also be nice (Score:3, Insightful)
Re:What would also be nice (Score:1)
Re:What would also be nice (Score:1)
Also, the version without the printserver but with more local wired outputs (3 vs. 1) looks similar, but is totally different! Mine has a crummy PCMCIA antenna, the other has 2 nice external antennas. (Same price for either)
Re:What would also be nice (Score:1)
Re:What would also be nice (Score:2)
If you have one machine running a firewall with the public internet connection (that is, it has a real IP address), you can have one set of rules for computers that you trust, one for wireless access. The wireless network has different rules for Owner, Co-Op, and Public, and does not have to use the same firewall rules as your wired network. You can still block the wireless access (different blocking for each group, ie owner might have access to the wired network, Co-Op and Public do not).
Stateful firewalls do not have to filter only one direction, and you could not run No-Cat without a stateful firewall.
Re:What would be nice (Score:3, Interesting)
As for giving them only 10% of my network, just be being 100 feet or so (~30 meters) from the access point they can only get about 1 Mbs from the next house over.
I can see that nobody has ever logged on but in my dreams most of the neighborhood starts providing wireless access and the entire subdivision is wireless and broadband. I'll bring a laptop to the pool and they'll bring a laptop to the basketball hoop down the street. (Ok, it's a weak dream but it seems neat to me)
Re:What would be nice (Score:4, Interesting)
I actually like it - I'm not making any bandwidth limitations as yet, simply because I haven't noticed any problems.
The Internet access is DSL 512kbps down/256kbps up.
I wonder how many other people are giving this service? Is there anyway to advertise it? I'm relying on word-of-mouth, it's probably better that way
If bandwidth or security become a problem I'll get a third interface on the firewall and throttle them down whilst locking them out of my wires network.
Re:What would be nice (Score:1)
and since NANs and CL are community based "grassroots" types of connecting... it would seem appropriate.
unless
like that article that ran some time ago about the guy who turned his primestar dish and a coffee can into a long range wireless antenae.
Re:What would be nice (Score:2)
Re:What would be nice (Score:1)
Re:What would be nice (Score:1)
A registered SSL certificate? (Score:4, Interesting)
Otoh, any marketing folks from Verisign reading here? Could be a whole new niche...
NeighborCert (tm)
auth? (Score:1, Informative)
Re:auth? (Score:4, Informative)
Re:auth? (Score:2)
So run etherreal for about ten minutes and you can use all the mac addresses you just dumped.
Nblug power
Re:auth? (Score:1)
Great for Laptops, but... (Score:2)
Re:Great for Laptops, but... (Score:2)
Try to find a network (mine if you want) in your area that is just a simple configuration of dhcp with NAT setup and try to get it to work. Or you can go downtown in santa rosa and use Sonic.nets Wireless Downtown Network [sonic.net] but you need a sonic account. Good luck.
A combination of crypto and validation techniques (Score:4, Interesting)
Welcome neighbor! (Score:1, Funny)
1) Login as Anonymous Terrorist.
2) Login as Registered Patriot (same as above, only more inconvenient)
3) Login as Port80 Leech-Only.
4) Login as Power-Tripping Network Admin.
5) Exit and try down the street.
My Santa Rosa Freenet (Score:2)
I don't really have to worry much about the bandwidth because no one that would use a wireless freenet comes into my area of town. Most of them have their own dsl, thats the irony of setting it up so far. If your in Santa Rosa near railroad square and you want free access (while traveling etc) send me an email.
Re:My Santa Rosa Freenet (Score:2)
This is based on a semi hacked up version of bandwidth bar (that is available from kernel.org. Once I finish it I will post the source to the newer version.
Requires HTTP and a human (Score:3, Insightful)
Re:Requires HTTP and a human (Score:1, Informative)
Second, and more importantly, the auth system exists _right now_ and it works very very well. If node owners want to require logins, then that is more than their right! To bitch and whine about it shows that you have not considered the issue.
Perhaps you could write some code before you whine.
Re:Requires HTTP and a human (Score:2)
And it doesn't require human intervention, either. It's not like they're doing a Turing test.
You could probably whip up a PERL client in an afternoon. Because one of the places http is implemented is in a PERL library.
Re:Requires HTTP and a human (Score:2)
So it's kind of a combined advertising/security warning/authentication system. Which is a great idea. Because if they had implemented an automated client-server authenticator that was invisible to the user, then strangers would just be blocked from the network and would never learn about it or the benefits of (financially) joining it.
There could be interesting possibilities in such a protocol if it were widely used (read, part of Windows) - computers could autodiscover networks and compare their bandwidth, reliability, coverage, prices and policies, producing a nice comparison chart after your walk around town. But given that we cannot affect the client side immediately, NoCatAuth is a pretty good solution.
Oh good... (Score:2, Funny)
Good. I was going to scream if this was another article whose only set of instructions began 'right click on Network Neighborhood'.
Hacking wireless networks (Score:5, Interesting)
The security here is terrible. We use no authentication via radius or any other method. Anyone with a 802.11 network card, and a sufficient antenna could steal connectivity, and we could not currently tell.
There exists ways to detect this, by monitering the MAC addresses connecting to the APs on the towers, but this is not employed. Neither is each radio catalogued, and IPs, for the most part, are assigned by the DHCP server with no logging.
I do not know if this is typical of most wireless companies, but if it is, then things should be ripe for the taking. I'm posting anonymously, because my company has a history of firing and suing for less
.
Re:Hacking wireless networks (Score:2)
Unless the "Anonymous Coward" was replaced by "Kiro" in the new Slashcode, you better hope they don't sue or fire.
I wouldn't worry about it. Really.
Re:802.1x (Score:1)
Liability (Score:3, Insightful)
Just as ISPs have contracts with their customers, and authenticate them, it may end up being necessary to have contracts with your freenet users and to authenticate them. Of course, if they are friends it may be enough to just authenticate them... IANAL but something that indemnifies you against lawsuits etc would be very useful.
This goes against the freenet ideal but unfortunately providing Internet access can be a legal minefield.
What about limitations by the ISP? (Score:1)
My linksys is currently sitting in a box waiting for me to put in on eBay. It is a great piece of work, but my company installed a checkpoint firewall and the router won't work with our VPN even if I put the machine in the DMZ.
I am planning on switching my assigned PC at work for a laptop, and What I would like to have is a wireless access point that works as a hub or switch, not as a router. And I want something that won't allow access to the access point unless there is some real encryption. This way I can have wireless access for my household and I don't have to worry about @home killing my account for violating AUP. I cannot afford to lose my broadband since we don't have DSL around here yet
Any suggestions?
Re:What about limitations by the ISP? (Score:1)
Re:What about limitations by the ISP? (Score:1)
What I cannot do is allow people outside of my household to connect to my network. This is why I cannot just plug-in a wireless gateway until I am sure that I can lock people out of it.
Re:What about limitations by the ISP? (Score:1)
Potential Liability? (Score:1)
The thing that I have to wonder about in all of this is potentially nasty liability that having an open access point [toaster.net] may open you up to.
We have all read the stories of the FBI [spunge.org] busting people's doors down and confiscating equipment because they were suspected of a heinous act [fbi.gov], be it hacking, kiddie-porn, etc.
Hell, just inviting a few thousand of your closest friends to join your pyramid scheme is usually enough to get your ISP to cut your connection with no warning. Do you really want to risk becoming spam central?
The last thing I want is my door being busted down because of what an anonymous freak with an 802.11 card did from behind MY IP address!
Although I applaud the generosity of the people who provide the so-called "community networks", I would have to think they are just opening themselves up to a world of hurt.
Assumptions. (and questions). (Score:2)
And then later:
No, it also requires Javascript. I'm sure I could script a workaround, but it's one more damn thing to go wrong. And if ubiquitous 802.11 existed, I'd want to use it primarily for ssh, not web. Reading between the lines, 'the public' would not be allowed to ssh. This scheme is oriented towards the idea that internet==web, and of course everyone has javascript.
On the whole, however, I'm impressed by this system. The idealistic idea of free open wireless was threatened by the possibility of anonymous abuse and bandwidth hogging. Nocat appears to make it viable, even in the face of real-world threats. This could have far-reaching effects in undermining the emerging broadband monopolies. The ability to charge for unrestricted access could lead to financially healthy networks with lots of upstream bandwidth. And the ability to use before buying means that you would already know a network's reliability and coverage.
Lastly, I'm a little concerned by the centralization of power implied in the article. If I read it correctly, there is a single trusted authentication service at nocat.net. If the nocat scheme takes off, this center will be a natural target for foes of the internet such as MPAA/RIAA/etc. I hope that if the system takes off, multiple authentication sites will emerge.