Re: Don't connect to specific *wired* networks?
On Dec 10 2015, Dan Williams wrote: > On Thu, 2015-12-10 at 08:06 -0800, Nikolaus Rath wrote: >> Hello, >> >> Is there a way to prevent NetworkManager from automatically >> connecting >> to specific *wired* networks? >> >> I think the network could be identified by the presence (or absence) >> of >> specific MACs, but I'd be open to other suggestions as well. > > That's the best option for now, but of course there are security issues > with that since any MAC address can be spoofed. There are vague plans > to attempt to automatically identify wired networks by listening to the > wire for a few seconds and detecting 802.1x EAP-Request Identity packet > s or ARPing a specific IP address and matching the returned MAC. This > feature would have to be opt-in because obviously it would delay > network connections. > > If that's something you'd be willing to work on, that would be great... > what do you say? :) I say that this would be great, but (as you probably feared) I was just wondering if the functionality exists, not volunteering to implement it :-). Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Don't connect to specific *wired* networks?
On Thu, 2015-12-10 at 10:55 -0600, Dan Williams wrote: > On Thu, 2015-12-10 at 08:06 -0800, Nikolaus Rath wrote: > > > If that's something you'd be willing to work on, that would be > great... > what do you say? :) > https://bugzilla.gnome.org/show_bug.cgi?id=737356 has some idea to a related feature: choosing autoconnect-candidate based on Wi-Fi signal strength. The "connect to specific wired network" strategy should somehow integrate in the bigger picture. Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Don't connect to specific *wired* networks?
2015-12-10 16:37 GMT-02:00 Dan Williams : > On Thu, 2015-12-10 at 15:37 -0200, José Queiroz wrote: > > 2015-12-10 14:55 GMT-02:00 Dan Williams : > > > > > On Thu, 2015-12-10 at 08:06 -0800, Nikolaus Rath wrote: > > > > Hello, > > > > > > > > Is there a way to prevent NetworkManager from automatically > > > > connecting > > > > to specific *wired* networks? > > > > > > > > I think the network could be identified by the presence (or > > > > absence) > > > > of > > > > specific MACs, but I'd be open to other suggestions as well. > > > > > > That's the best option for now, but of course there are security > > > issues > > > with that since any MAC address can be spoofed. There are vague > > > plans > > > to attempt to automatically identify wired networks by listening to > > > the > > > wire for a few seconds and detecting 802.1x EAP-Request Identity > > > packet > > > s or ARPing a specific IP address and matching the returned MAC. > > > This > > > feature would have to be opt-in because obviously it would delay > > > network connections. > > > > > > If that's something you'd be willing to work on, that would be > > > great... > > > what do you say? :) > > > > > > Dan > > > > > > > > > What about using IPv6 RA messages to do that? > > This could be another check among many, yes. Though to prevent DoS > most routers have a configured minimum advertisement interval which > could be much longer than a few seconds. > > Dan > What if the workstation send a RS before? ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Don't connect to specific *wired* networks?
On Thu, 2015-12-10 at 15:37 -0200, José Queiroz wrote: > 2015-12-10 14:55 GMT-02:00 Dan Williams : > > > On Thu, 2015-12-10 at 08:06 -0800, Nikolaus Rath wrote: > > > Hello, > > > > > > Is there a way to prevent NetworkManager from automatically > > > connecting > > > to specific *wired* networks? > > > > > > I think the network could be identified by the presence (or > > > absence) > > > of > > > specific MACs, but I'd be open to other suggestions as well. > > > > That's the best option for now, but of course there are security > > issues > > with that since any MAC address can be spoofed. There are vague > > plans > > to attempt to automatically identify wired networks by listening to > > the > > wire for a few seconds and detecting 802.1x EAP-Request Identity > > packet > > s or ARPing a specific IP address and matching the returned MAC. > > This > > feature would have to be opt-in because obviously it would delay > > network connections. > > > > If that's something you'd be willing to work on, that would be > > great... > > what do you say? :) > > > > Dan > > > > > What about using IPv6 RA messages to do that? This could be another check among many, yes. Though to prevent DoS most routers have a configured minimum advertisement interval which could be much longer than a few seconds. Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Don't connect to specific *wired* networks?
2015-12-10 14:55 GMT-02:00 Dan Williams : > On Thu, 2015-12-10 at 08:06 -0800, Nikolaus Rath wrote: > > Hello, > > > > Is there a way to prevent NetworkManager from automatically > > connecting > > to specific *wired* networks? > > > > I think the network could be identified by the presence (or absence) > > of > > specific MACs, but I'd be open to other suggestions as well. > > That's the best option for now, but of course there are security issues > with that since any MAC address can be spoofed. There are vague plans > to attempt to automatically identify wired networks by listening to the > wire for a few seconds and detecting 802.1x EAP-Request Identity packet > s or ARPing a specific IP address and matching the returned MAC. This > feature would have to be opt-in because obviously it would delay > network connections. > > If that's something you'd be willing to work on, that would be great... > what do you say? :) > > Dan > What about using IPv6 RA messages to do that? ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Don't connect to specific *wired* networks?
On Thu, 2015-12-10 at 08:06 -0800, Nikolaus Rath wrote: > Hello, > > Is there a way to prevent NetworkManager from automatically > connecting > to specific *wired* networks? > > I think the network could be identified by the presence (or absence) > of > specific MACs, but I'd be open to other suggestions as well. That's the best option for now, but of course there are security issues with that since any MAC address can be spoofed. There are vague plans to attempt to automatically identify wired networks by listening to the wire for a few seconds and detecting 802.1x EAP-Request Identity packet s or ARPing a specific IP address and matching the returned MAC. This feature would have to be opt-in because obviously it would delay network connections. If that's something you'd be willing to work on, that would be great... what do you say? :) Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Don't connect to specific *wired* networks?
Hello, Is there a way to prevent NetworkManager from automatically connecting to specific *wired* networks? I think the network could be identified by the presence (or absence) of specific MACs, but I'd be open to other suggestions as well. Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
