Anyone smart enough to setup their machine with a "valid and authorized" ip will be able to surf the net. Since you no longer have the MAC address to verify the IP lease against. Also now you can't do MAC authentication so limited to cookies for automated login or they have to do username password each time they need to login.
Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231-7777 Fax : 620-231-4066 - Your Full Time Professionals - MikroTik, Star-OS, PACWireless, EnGenius, etc http://www.wisp-router.com/ -- JB> How serious is the "small" security hole? JB> John JB> ----- Original Message ----- JB> From: "Eje Gustafsson" <[EMAIL PROTECTED]> JB> To: "John Banes" <[EMAIL PROTECTED]> JB> Sent: Thursday, September 25, 2003 04:45 PM JB> Subject: Re[2]: [smartBridges] AirBridges and Bridging. >> Couldn't said it better myself. >> >> v2.8beta4 and higher have a fix that will allow you to basically >> "disregard" the MAC address so you can have it working with units like >> the aB and the WET11's however it opens up a small security hole. >> >> / Eje >> >> Thursday, September 25, 2003, 2:27:07 PM, you wrote: >> >> JB> Only PPPoE will work with both the AirBridge and the WET11. When you JB> try to use the hotspot through the Airbridge it will substitute it's own MAC JB> address for the client computers address. >> >> JB> Here is the short version of what is happening. Your computer requests JB> an address from the DHCP server and uses it's own MAC Address. this is JB> passed through the airbridge and the mikrotik assigns >> JB> the address, enters it and your MAC address in the arp table and sends JB> it back to your computer. Now you try to send a TCP/IP packet to the JB> mikrotik and the airbridge replaces your MAC address >> JB> with its own MAC address and when it gets to the Mikrotik the MAC JB> address doesn't match what is in the arp table so the Mikrotik won't JB> respond. The WET11 suffers from the same problem. >> >> JB> John JB> ----------ANNOUNCEMENT---------- JB> Don't forget to register for WISPCON IV JB> http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm JB> The PART-15.ORG smartBridges Discussion List JB> To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> JB> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) JB> Archives: http://archives.part-15.org -- [This E-mail scanned for viruses by Declude Virus] ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
