From: Xam R. Time (xam_at_chalupa.wi2600.org)
Date: 2002-04-23 02:39:21 UTC
Hopefully I can help here a bit.
> How secure is this host AP?
No more and no less secure than Access Point functions being supported by the myriad of other broken implementations out there. Every style, whether it's host access point mode, or full on real-time OS implementation, there's issues everywhere.
Where do you want to start?
Association of clients & detecting dennial of service? People playing games with mass-deauthentication of clients via. broadcast messages? Other class I and II frame forgeries? How bout association time outs? We could talk about that subject for hours...
> Since this host AP does not support WEP
Incorrect. As of recent versions of the prism2 driver, WEP with 48 and 104 bit keys _are_ supported.
> any one can get access to this Linux Host Access Point.
Define 'get access' -- on what layer do you refer to?
> How can I make Host AP securer so that my neighbors don't get access
> to my AP?
Several ways. The simplest might be to spend some time coding in a few extra features; like being able to disable the broadcasting of the SSID via. beacon frames. Another might be to create a feature that checks against a list of "allowed MAC's" before a BSS association is granted. Another yet, may be to enable WEP, disable all authentication types except shared key, and be done with it.
Or, forgot all that bullshit, and tunnel over IPsec or CIPE.
> I thought about iptables that just allow certain MAC address, but MAC
> address can be "spoofed".
Right. Also, this proposed method won't do anything to limit what stations may associate to the network; it would only be able to limit what source MAC addresses are able to be passed to your computers higher layers.
> So what is the solution?
Heh, well for one, deal with and accept the fact that if you're going to want to make things simple on layer2 you're not going to be able to implement association access lists and use WEP. Furthermore WEP is fundamentally broken outside of some vendors specific fixes, and a pain to get support all-arround in any OS.
Some folks (most, anyway) have taken steps to reduce the risk of having an open, completely untrusable layer2 network. That is, they use static ARP, SSH, Ipsec, or CIPE-esq tunneling methods to move data over the open, insecure, and completely untrustable network.
Or, you can accept the fact that your network is open and untrustable, and not do anything hypercritical over it.
--Tk