Date: Wed, 13 May 2009 23:38:29 +0200 From: Christian Brueffer <brueffer@FreeBSD.org> To: Brett Glass <brett@lariat.net> Cc: net@freebsd.org, Stefan Lambrev <stefan.lambrev@moneybookers.com> Subject: Re: MAC locking and filtering in FreeBSD Message-ID: <20090513213829.GA1248@haakonia.hitnet.RWTH-Aachen.DE> In-Reply-To: <200905131903.NAA17981@lariat.net> References: <200905131648.KAA15455@lariat.net> <5AFBEB69-C59A-4F61-96BE-11E30872A428@moneybookers.com> <200905131903.NAA17981@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 13, 2009 at 01:03:20PM -0600, Brett Glass wrote: > Stefan: >=20 > You are correct: This is not real security. In fact, I would argue that i= t's not security at all.=20 >=20 > But many businesses that have to maintain hotspots -- especially some hot= el chains -- are "allergic" to any sort of serious security. This is becaus= e a small but vocal subset of their customers just want to get on the Net a= nd complain about any sort of security. Even having to enter a password or = a WEP key irks them. (I personally think that these people are ignorant foo= ls and are setting themselves up for identity theft and worse, but that's j= ust me. And the businesses seem more willing to allow piracy of their Wi-Fi= than to irritate these boneheads.) Also, these systems have to be usable b= y some fairly lame devices -- e.g. an XBox -- that aren't really computers = and don't have the capability to run secure protocols or even a particularl= y good Web browser built in. >=20 > So, painful as it is, I have to help these guys implement systems which "= bless" MAC addresses. The "arp -s" command can sort of lock an IP to a MAC = address, but awkwardly and only for outbound packets. What I'd like is to g= et this into the firewall, so I can not only block spoofing but trigger a l= og entry when it happens. >=20 Sounds like wlan_acl(4) may be of interest to you. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFKCz3VbHYXjKDtmC0RApELAKCgQVZjuEzXrcxJ/eNgOGYyVjGTCgCg9uHI 5CHvSngxLAoXZMH8JTzFN4k= =ma8f -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090513213829.GA1248>