Date: Wed, 13 May 2009 23:38:29 +0200 From: Christian Brueffer <brueffer@FreeBSD.org> To: Brett Glass <brett@lariat.net> Cc: net@freebsd.org, Stefan Lambrev <stefan.lambrev@moneybookers.com> Subject: Re: MAC locking and filtering in FreeBSD Message-ID: <20090513213829.GA1248@haakonia.hitnet.RWTH-Aachen.DE> In-Reply-To: <200905131903.NAA17981@lariat.net> References: <200905131648.KAA15455@lariat.net> <5AFBEB69-C59A-4F61-96BE-11E30872A428@moneybookers.com> <200905131903.NAA17981@lariat.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, May 13, 2009 at 01:03:20PM -0600, Brett Glass wrote: > Stefan: > > You are correct: This is not real security. In fact, I would argue that it's not security at all. > > But many businesses that have to maintain hotspots -- especially some hotel chains -- are "allergic" to any sort of serious security. This is because a small but vocal subset of their customers just want to get on the Net and complain about any sort of security. Even having to enter a password or a WEP key irks them. (I personally think that these people are ignorant fools and are setting themselves up for identity theft and worse, but that's just me. And the businesses seem more willing to allow piracy of their Wi-Fi than to irritate these boneheads.) Also, these systems have to be usable by some fairly lame devices -- e.g. an XBox -- that aren't really computers and don't have the capability to run secure protocols or even a particularly good Web browser built in. > > So, painful as it is, I have to help these guys implement systems which "bless" MAC addresses. The "arp -s" command can sort of lock an IP to a MAC address, but awkwardly and only for outbound packets. What I'd like is to get this into the firewall, so I can not only block spoofing but trigger a log entry when it happens. > Sounds like wlan_acl(4) may be of interest to you. - Christian -- Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFKCz3VbHYXjKDtmC0RApELAKCgQVZjuEzXrcxJ/eNgOGYyVjGTCgCg9uHI 5CHvSngxLAoXZMH8JTzFN4k= =ma8f -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090513213829.GA1248>