[sclug] Home wireless lan

Bob Franklin r.c.franklin at reading.ac.uk
Sat Oct 25 09:05:48 UTC 2003 

On Tue, 15 Jul 2003, Tim Sutton wrote:

> Thanks for the (very detailed!) reply. All the pcs on the network will
> running linux except for our friend who is coming to stay who has xp. So
> for linux I can just defined a static ip address for each nic and set
> them up manually on each pc?

Probably best.  If you can nominate one machine as the 'server' then that
could run a DNS server, DHCP server, etc. and so provide all the 'glue' to
keep the rest of the machines happy.

This is much like if you've just got a load of machine at home on a
switch; you really need something to provide the DNS/DHCP, otherwise you
end up programming IPs into all the hosts and keeping a 'hosts' list on
each machine in step, otherwise you have to SSH to IP addresses, etc.


> Can one specify mac address restrictions in ad-hoc mode, or will I need
> to set up iptables rules to limit who can jump onto my cable connection?

I don't think you can and I'm not sure it would make sense.  The MAC
address list is usually used by an access point to control which hosts can
associate with the AP and, thus, gain access to the network.

In 'ad hoc' mode, if you could specify it, it would basically control
which devices can associate with that particular host; each host would
need to have the list of MAC addresses kept up-to-date.  I don't think
I've ever seen a card/driver which will let you do this.


There will be a subtle difference with using iptables against the access
list on an AP: if you use iptables, they will still be able to see your
machine, they just won't be able to send traffic; with the MAC access
list, they wouldn't be able to associate with the AP to start with (so
would be unable to connect to your wireless LAN).

But it would still help stop people with unknown MAC addresses from
connecting (changing their MAC address, snooping WEP key and determining
SSID notwithstanding!).


I think I would rely on more security than that, though.  I must admit I'm
quite soft on this at home - I have an AP with 128-bit WEP, closed (no
SSID advertisements) and a MAC address list.  This is easy for someone to
break into, with a little help from Netstumbler, etc. but it does stop
people accidently connecting.

Once they are on the network, there isn't really much security on my
machines - but I try to be vaguely careful ensuring passwords never go
across the wireless in the clear, etc.

Maybe one day I'll put some extra stuff on, but I'm lazy, like most
people.  And I don't get paid to fix these things at home.  :)

  - Bob


-- 
 Bob Franklin <r.c.franklin at reading.ac.uk>          +44 (0)118 378 6630
 Systems and Communications, IT Services, The University of Reading, UK

More information about the Sclug mailing list