On 2006/06/06 10:40, Gaby vanhegan wrote:
> Isn't there a pre-shared key used as an IV of some sort in WEP (and
> therefore WPA)? Yes, the traffic will be coming to you, but it's on
> a wireless network, so you can sniff if passively if you want, you
> don't need an IP address for that.
WEP can be sniffed passively, but from what I understand with
WPA there are different keys per client (I don't have anything
running WPA here to check).
> Is there no way to defend against ARP poisoning?
- putting each client in their own subnet
- static arp ('arp -s' on clients at least for things like
the address of the router): realistically, public users
won't do this.
- pppoe?
- does anyone else have ideas?
Some APs can be set to disable client-to-client comms,
I'm not sure if this can be done with hostap on OpenBSD
yet (if so I didn't spot it in the docs).
> If not, then this a good argument for encrypting the data at
> higher layers, rather than relying on link layer security.
Exactly. Trouble is, if you ever need a great example of
how much simpler OpenBSD can be than Windows, look no further
than configuring the built-in IPsec.
I don't know about you but I wouldn't want to run a third-
party binary (i.e. a point-and-drool openvpn installer) just
to access a wireless network (at least unless the network
admin was trusted), and given the type of target user you've
outlined I'm not sure anything more complicated than this
would be suitable.
> Is there video/audio of that presentation? I would be interested to
> hear the whole thing.
Audio - I haven't listened to it yet though - link on undeadly
(bsdcan article). The slide I pointed out describes a way to scale
inter-ap roaming using dynamic routing protocols, it doesn't
mention the ARP tricks. It just so happens that using a subnet
per client helps with both.
