http://www.personaltelco.net/index.cgi/NewCloneArmyInstallMethodology
You might need to change the instructions a bit to suit your situation and the Debian install directions kind of suck, but pretty much that should step you right through it. That said, this is more for blocking than monitoring, which might be the best idea for the situation you describe. Do us a favor and block tcp 139, etc outbound. . . Also check out the wiki at nocat.net and the NoCat mailing list. If you're worried about security, get a cheap 10BaseT router and filter ports, etc on that or set up a second *NIX box as a firewall (between your network and NoCat box). The first solution is probably cheaper and a bit more elegant. Also be nice and don't use the channels that starbucks, etc is using. There are 3 non-overlapping channels available, so there shouldn't be an interference problem. As to what is being filtered, that is always a difficult call, you don't want to filter all mail, but if a spammer comes on. . . Also, if they are worried about leeches, a really devious thing to do is to cover / limit the power outlets - people can come and use wifi until their batteries run out. Of course, if someone sets up a yagi antenna a half mile away, this doesn't work, but it is a good start. You can always ban mac addresses, for whatever that is worth. You may be best off using NoCatSplash, which doesn't really authenticate, it just shows the splash page. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Wright Sent: Saturday, May 08, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: [BAWUG] Secure(ish) Portal? Greetings, I am a general IT consultant. One of my clients was talking about nice things they could do for the community and idea of making themselves a public hotspot came up. Since they are across the street from a park and within a block of a Peets and Starbucks this seems like a good idea. They already have a stack of Aironet equipment sitting around (from when they did 802.11 bridging between buildings) and a pair of lightly used T1s. All the equipment is there. The access would be free so there is no need for accounting. I just want a quick portal with a TOS and some text giving credit to the company. My concern is protecting the internet from their anonymous users, if they decide to go forward. The system would barely be monitored (they don't have an IT staff) and a spammer could do a lot of mischief before being noticed. I like the ideas for a active portal outlined at <http://www.personaltelco.net/index.cgi/ActivePortal> but I can't find anyone that has implemented them. My unix skills are purely user level. I can't do this myself. Is there anyone who has put together a package? So for my web searches have not been successful. Maybe I don't know the vocabulary. Can anyone point me in the right direction? I want a gateway device that would monitor for inappropriate activity (spam, DOS, obvious cracking) and block the user. Obviously a public wireless network is not going to be completely secure but I want to raise the bar a little for the bad guys. Thanks in advance, Dan _______________________________________________ BAWUG's general wireless chat mailing list [unsubscribe] http://lists.bawug.org/mailman/listinfo/wireless _______________________________________________ BAWUG's general wireless chat mailing list [unsubscribe] http://lists.bawug.org/mailman/listinfo/wireless
