Thanks. Both Julie and I appriciate it! She's gotten so sick of her
dialup, and this'll set things up for latter networking possiblities...
Thanks again, James
----- Original Message -----
From: "Ian C. Blenke" <ian@blenke.com>
To: <slug@nks.net>
Sent: Thursday, January 23, 2003 4:54 PM
Subject: Re: [SLUG] OK, general networking question...
> On Thu, Jan 23, 2003 at 02:47:57PM -0500, James Miller wrote:
> > I'm planning on setting up a wireless network between 2 trailers, only
3
> > lots away from each other, because we can't bury any lines here. (Yup,
> > white trailer trash techo geek: dog on the porch, shotgun in the rack,
and a
> > server in the closet. Ain't my momma proud of me... ) I've got 8
systems
> > currently on a DSL modem, behind a Linksys router, and I want to protect
> > them from anyone wardriving or neighbors who might bootleg off my
bandwidth.
> > She'll have 3 systems on her end.
> >
> > What are your opinions about how I should go? Should I put the first
> > wireless router between my router and the DSL modem, and a second
wireless
> > router on her end, connecting all her systems. Ithat even possible to
do it
> > that way? Obviously, we'll need external antennas (coffee can horns are
> > tempting, just to maintain the theme, if nothing else), because of the
> > trailers acting as Faraday cages. I'm a novice here, so what are your
> > thoughts on the subject?
> >
> > Thanks ahead, James
> >
> > (Hmm, sounds like a bad country song. "Livin' mah life in a Faraday
Cage
> > without you"...)
>
> Well, forget about WEP. Don't trust it. Regardless of the key length
> (either 64(40)bit or 160(104)bit, it's all crap due to the IV reuse).
> Script kiddies may not "get it", but any penetration expert worth his salt
> will blow by that in a few hours.
>
> Filtering by MAC is pointless. You can sniff and masquerade as any other
> MAC node painlessly.
>
> I suggest a VPN overlay of some kind at the very least. Consider
> something IPSEC, but any VPN technology at all would be better than
> sending in the clear.
>
> Ideally, you would have a beaconless 802.1x capable Access Point
> authenticating to a RADIUS server and sessions over EAP/TLS:
>
> http://www.missl.cs.umd.edu/wireless/eaptls/
>
> I also like to run fakeap on another machine on the network to
> completely baffle any wardrivers in the neighborhood.
>
> - Ian
>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:46:03 EDT