From owner-freebsd-mobile Thu May 27 16:23:58 1999 Delivered-To: freebsd-mobile@freebsd.org Received: from sirius.ctr.columbia.edu (sirius.ctr.columbia.edu [128.59.64.60]) by hub.freebsd.org (Postfix) with ESMTP id 7D50F14C3D for ; Thu, 27 May 1999 16:23:52 -0700 (PDT) (envelope-from wpaul@ctr.columbia.edu) Received: from startide.ctr.columbia.edu (wpaul@startide.ctr.columbia.edu [128.59.64.52]) by sirius.ctr.columbia.edu (8.9.1/8.6.4.287) with ESMTP id TAA05776; Thu, 27 May 1999 19:23:45 -0400 (EDT) From: wpaul@ctr.columbia.edu (Bill Paul) Received: (wpaul@localhost) by startide.ctr.columbia.edu (8.9.1/8.6.4.788743) id TAA07425; Thu, 27 May 1999 19:23:44 -0400 (EDT) Message-Id: <199905272323.TAA07425@startide.ctr.columbia.edu> Subject: Re: wi driver and WaveLAN IEEE 802.11 Turbo cards To: raj@cisco.com (Richard Johnson) Date: Thu, 27 May 1999 19:23:43 -0400 (EDT) Cc: freebsd-mobile@freebsd.org, karp@eecs.harvard.edu In-Reply-To: <199905272254.PAA14788@kitab.cisco.com> from "Richard Johnson" at May 27, 99 03:54:01 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Of all the gin joints in all the towns in all the world, Richard Johnson had to walk into mine and say: > Thanks for all of the good information. I dealt with the older cards > a long time ago and have forgotten some of the details. > > So, what about security in ad-hoc mode? Is there any security without > an access point system? I believe with the older cards the only real > security was setting the network number. There was an NWID value, yes, however this was not really a security option: if you set the card to promiscuous mode, it would ignore the NWID value in received frames and pass them all to the host. The NWID feature is not present with the 802.11 cards. You are allowed to specify a service set name (which can be up to 32 ASCII characters in length) which controls which access point the wireless station will associate with (the access point's service set name can also be programmed using the Lucent WaveMANAGER software); if you leave the service set empty or set it to "ANY" (the default with the wi driver) then it will associate with the first access point that it finds. On the other side, it is possible to program the access point to only talk to stations with certain addresses (e.g. 00:60:1d:12:34:56). This means that only certain stations will be allowed to join even if they specify the service set name explicitly. Once you associate with a service set, the end station learns an address from the access point called the BSSID, which is basically the station address of the access point (it has its own 6-byte address, just like all the end stations). I think when you transmit data frames, the WaveLAN inserts the BSSID as the 3rd address field in the frame header. (802.11 frames have four address fields, two of which are source and destination, and the other two of which have different uses depending on the frame type.) You can set the desired service set name (SSID) with the wicontrol(8) utility. Note that you can also set the station address with wicontrol(8) which sort of defeats the security: as long as you know the address of an authorized station and that station moves out of range of the access point (or gets turned off) then you can assume its identity and connect to the access point. I don't know if it's possible for a station in ad-hoc mode to monitor traffic of other stations operating in BSS mode on the same radio frequency. You'd think it would be, but I suspect this depends on how the firmware works, and I don't know exactly how the firmware works since Lucent won't release the programming manuals. It may work if you set the card for promiscuous mode. There is no authentication between stations in ad-hoc mode: any station can talk to and listen to any other station that's in range, as long as they're on the same radio frequency. The 802.11 protocol specifies an encryption mechanism called WEP, however the Lucent WaveLAN/IEEE cards do not implement WEP (at least, the ones I have don't), possibly due to the stupid U.S. crypto export restrictions. Aside from WEP, the only thing you can do is change radio frequencies. The driver software supplied by Lucent for Windows 95/98/NT does not let you change the frequency however you can do it in FreeBSD (again, with wicontrol). Come to think of it, I don't believe the Linux driver lets you change the channel either. Cards sold in the U.S. and Europe can be set to any one of a number of channels (11 if I remember right) so you can change the frequencies on all your stations if you don't want any Windows or Linux users to be able to monitor your traffic. :) -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "Mulder, toads just fell from the sky!" "I guess their parachutes didn't open." ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message