On 16 Sep 2014, at 14:52, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > I think that we can assume that wired links are secure. > The only time we care if wireless is secured is when we want to form an > adjacency over the wireless link. I think it is acceptable to refuse > to form an adjancency over an insecured wireless link.
A little side story… I have an old house with quite thick walls. Standard 802.11 doesn't reach all rooms. Not that long ago I bought a pair of Netgear powerline Ethernet adaptors to extend coverage between rooms. I’d used an older version before, and it worked well, giving more throughout than the wireless and with the extended range. The interesting thing was that soon after plugging them in I noticed I’d lost connectivity on a laptop, and my desktop was behaving oddly. I looked at the network config to remind myself of the IP address of my default ADSL router. I used a browser to connect to the default router by IP to check its configuration. And got quite a surprise as it was a Sky router - a surprise as I’m not a customer of theirs! To cut a long story short, my powerline adaptors had formed a single network with powerline adaptors in a neighbour’s house. At which point my devices were getting responses from two DHCP servers, and some were routing out via the neighbour’s router. And that included some of my wireless devices - no point having WPA2 to protect against unwanted ‘guests’ if they can come in a power line Ethernet back door :) Now, what I should have done, but it’s easy to get distracted and forget(!), was use the magic ‘auto configure a shared secret’ button on each of my adaptors to avoid them merging with my neighbour’s devices, or manually configure shared secrets (yuk). But clearly neither of us had done that. The interesting thing was I could see the neighbour’s SSID from their Sky router splash screen, but having walked around the nearest streets, I couldn’t find it. I wonder how far away that house was... There’s obviously some interesting implications of this. One is that there are insecure wired links too! Tim _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet