You are right. See below
>From Perftech- Subscriber PC Audit Application Name: Audit Sentry The Audit Sentry application counts and reports the number of users behind a PC modem, helping to detect and resolve theft of service, intended or unintended, for the Provider. It can also alert subscribers to potentially unsecured Wi-Fi access. The network-based application provides continuous monitoring of the number of users on each account, even behind NAT or Wi-Fi routers, proxies, or firewalls. Any resulting high number of users on a single account, as set by the Provider, serves as a contributing indicator of potential theft of service. Benefits: .Providers can more easily spot those who may be attempting theft of service .Providers can avoid any physical confrontation associated with on-site investigation of a potentially illegal sharing of a modem .Providers can message the potential abuser, often causing the service theft to desist .Unsuspecting subscribers can be made aware of uninvited access to their Wi-Fi network and take appropriate steps to secure it -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jonathan Schmidt Sent: Friday, August 21, 2009 6:48 PM To: 'WISPA General List' Subject: Re: [WISPA] Apartment Buildings The only one that I know that does that is Perftech. Otherwise, it must be a black hole. . . . J o n a t h a n -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Josh Luthman Sent: Friday, August 21, 2009 5:43 PM To: WISPA General List Subject: Re: [WISPA] Apartment Buildings Pretty confident finding the MACs behind a NAT device is impossible. I do remember some discussion on this list (or the Moto one) that suggested a white paper by a company that had created software that can intelligently guess if there was NAT judging by how it created sockets. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Aug 21, 2009 at 6:38 PM, ralph <[email protected]> wrote: > Rogue detection mostly a joke. Now before you go all whacky on me- I > don't mean that it is a joke to want to know if you have someone who > has brought an AP into the office building and inadvertently created a > hole in the armor. I just mean that there is very little use for it other than that. > > When I was the "Wireless Subject Matter Expert" for Coca-Cola, I would > have loved this in our corporate headquarters. I actually tried to > buy an IDS but could not fund it. A 25 floor reflective glass and > steel office building is generally isolated enough from the outside > world that a rogue showing up WOULD likely be on your network. Only > place I see any use is in a controlled place like that. And by the > way, I shut down many a rogue using Airmagnet Laptop's "geiger > counter" function. The highlight of the day was the shocked look on > someone's face when I would barge into their office, unplug the AP and > put it and all the wires on their desk all in about 10 seconds! > > Since then, I have done many outdoor mesh systems and indoor wireless > systems using the Cisco Wireless LAN Controller based product. > They include rogue AP detection and it is not only a royal pain, it > cannot be disabled. Who cares if Joe down on the corner has an AP? > Rogue detection wastes time and resources and is truly only > accurate/usable in a controlled setting. In a four square mile city, I > had 300-400 rogue alerts at any given time! I knew where every > Linksys was in the city. And heaven forbid you had a node near a Wal-Mart or Home Depot. > > I saw Ruckus' announcement with their controller product and thought > "now there's another company that is introducing something that really > serves no purpose". > > Anyway- just my two cents about rogue detection > > Ralph > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Faisal Imtiaz > Sent: Friday, August 21, 2009 5:27 PM > To: 'WISPA General List' > Subject: Re: [WISPA] Apartment Buildings > > Just as a FYI..... Systems like Ruckus Wireless have built in 'Rouge AP' > detection capabilities. Which would allow you to manage such from > remote, without the need to do a 'fly by'. > > > > Faisal Imtiaz > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Eric Rogers > Sent: Friday, August 21, 2009 5:17 PM > To: WISPA General List > Subject: Re: [WISPA] Apartment Buildings > > We deploy in fairly dense housing editions for our wireless service > and run across this occasionally. We use PPPoE for logged in routers > and DHCP to put them in a "Not Configured" pool of IP addresses. > During an installation, we configure the routers for them, securing their wireless. > If someone plugs a new router in, by default, most routers use DHCP > for configuration. They get a page that says..."Your Router Lost it's > Configuration... Here is documentation on how to set it up." > In the instructions it walks them through setting up PPPoE and the > wireless on their network. > > We then drive through the edition quarterly to audit and if we find > one wide open, we log into the router and set the WPA Key to > NETWORK_WIDE_OPEN or I_WAS_HERE. Then when they call we explain that > neighbors may possibly be able to get into their computer, they are > usually... "Really, I didn't know that." If they refuse to lock it > down, or we find it multiple times, it violates our Terms of Service > and disable their account until they call in and we tell them to stop > doing it or we will disconnect their service and that sharing is not > permitted. > > We haven't had very many problems with it. We actually had someone > call in because they felt guilty for stealing one of our customer's internet. > We got there for a site-survey and found he was pulling off of > Comcast, not us. We left it... > > Eric Rogers > Precision Data Solutions, LLC > (317) 831-3000 x200 > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Scott Reed > Sent: Friday, August 21, 2009 4:00 PM > To: WISPA General List > Subject: Re: [WISPA] Apartment Buildings > > Sure, but the customer plugs that one connection into his own wireless > router and runs it as a DHCP server. > > richard sterne wrote: > > Could you not set the CPE to DHCP and the IP pool to allow only 1 IP > > address? > > > > Richard > > > > 2009/8/21 Eje Gustafsson <[email protected]> > > > > > >> Not seen a single solution that can do that. That is the > functionality of > >> NAT to hide what is behind it. I take advantage of it all the time > when I'm > >> staying in hotels. Use my own AP that allows my wifi enabled > >> devices > access > >> and connect to the hotels system and I'm paying a single fee for > >> the > hotel > >> that charges for internet. > >> > >> Only way to "fight" it in a MTU type environment or even with > residential > >> is > >> educate the users and strike some fear into them that if they run > open APs > >> they could get in trouble if the others that piggy back on it does > illegal > >> things such as copyrighted filesharing, illegal p0rn or simply are > virus > >> infected and they this way risk getting infected and have their own > >> computers compromised and become BOT slaves. > >> > >> Plus also let them know that they are paying for specific service > speeds > >> and > >> if they let others use it a lot for free then themselves no longer > have the > >> speed for themselves and also possible point to the bit cap portion > of the > >> user agreement letting them know that their account could possibly > >> be > shut > >> down prematurely because someone else is using up all their allow > >> bit count. > >> > >> > >> Some students will not care and there might be two apartment that > even > >> share > >> the cost of the service and then you cannot do much about it > >> besides > maybe > >> limit per connections etc to choke them out. > >> > >> What we do at one location (granted all pre-wired) is that the > landlord is > >> paying a small fee each month but then we provide free internet to > the > >> tenants just fast enough to work for a individual doing normal web > browsing > >> but then we also provide upgrade service on a for pay basis. The > people > >> that > >> pay tend to be greedy and want it all to themselves ;) > >> > >> /Eje > >> > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] > On > >> Behalf Of Josh Luthman > >> Sent: Thursday, August 20, 2009 9:56 PM > >> To: [email protected]; WISPA General List > >> Subject: Re: [WISPA] Apartment Buildings > >> > >> Mikrotik Hotspot does NOT have the capability of catching people > behind > >> NAT. > >> > >> Example: > >> > >> Joe buys a WRT54g. WRT54g bridges to the paid wireless network. > >> Joe > buys > >> and account via laptop plugged into WRT54g. Joe plus in an AP > >> behind > the > >> router and broadcasts ESSID "Free Internet". People mooch. > >> > >> Josh Luthman > >> Office: 937-552-2340 > >> Direct: 937-552-2343 > >> 1100 Wayne St > >> Suite 1337 > >> Troy, OH 45373 > >> > >> "When you have eliminated the impossible, that which remains, > >> however improbable, must be the truth." > >> --- Sir Arthur Conan Doyle > >> > >> > >> On Thu, Aug 20, 2009 at 10:51 PM, Scott Carullo > >> <[email protected]>wrote: > >> > >> > >>> Mikrotik Hotspot between them and the internet.... > >>> > >>> Scott Carullo > >>> Brevard Wireless > >>> 321-205-1100 x102 > >>> > >>> -------- Original Message -------- > >>> > >>>> From: "Joe Laura" <[email protected]> > >>>> Sent: Thursday, August 20, 2009 10:17 PM > >>>> To: "WISPA General List" <[email protected]> > >>>> Subject: Re: [WISPA] Apartment Buildings > >>>> > >>>> I had a nightmare trying to do apartment complexes. I thought I > touched > >>>> > >>> on a > >>> > >>>> goldmine when all the signups started comming in. Then as > >>>> tennants > >>>> > >>> started > >>> > >>>> firing up their own A/P's others would connect to them and cancel > >>>> > >>> service. > >>> > >>>> How are youll dealing with this? Joe Laura > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> > ---------------------------------------------------------------------- > -- > ---- > >> > >>> ---- > >>> > >>>> WISPA Wants You! Join today! > >>>> http://signup.wispa.org/ > >>>> > >>>> > >>> > >> > ---------------------------------------------------------------------- > -- > ---- > >> > >>> ---- > >>> > >>>> WISPA Wireless List: [email protected] > >>>> > >>>> Subscribe/Unsubscribe: > >>>> http://lists.wispa.org/mailman/listinfo/wireless > >>>> > >>>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>>> > >>> > >>> > >>> > >>> > >>> > >> > ---------------------------------------------------------------------- > -- > ---- > >> ---- > >> > >>> WISPA Wants You! Join today! > >>> http://signup.wispa.org/ > >>> > >>> > >>> > >> > ---------------------------------------------------------------------- > -- > ---- > >> ---- > >> > >>> WISPA Wireless List: [email protected] > >>> > >>> Subscribe/Unsubscribe: > >>> http://lists.wispa.org/mailman/listinfo/wireless > >>> > >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>> > >>> > >> > >> > ---------------------------------------------------------------------- > -- > ---- > >> ---- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > >> > ---------------------------------------------------------------------- > -- > ---- > >> ---- > >> > >> WISPA Wireless List: [email protected] > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > >> > >> > >> > >> > ---------------------------------------------------------------------- > -- > -------- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > >> > ---------------------------------------------------------------------- > -- > -------- > >> > >> WISPA Wireless List: [email protected] > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > > > > > > > ---------------------------------------------------------------------- > -- > -------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > ---------------------------------------------------------------------- > -- > -------- > > > > WISPA Wireless List: [email protected] > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > ---------------------------------------------------------------------- > -- > > > > > > No virus found in this incoming message. > > Checked by AVG - www.avg.com > > Version: 8.5.409 / Virus Database: 270.13.63/2317 - Release Date: > 08/21/09 06:04:00 > > > > > > -- > Scott Reed > Sr. Systems Engineer > GAB Midwest > 1-800-363-1544 x4000 > Cell: 260-273-7239 > > > > ---------------------------------------------------------------------- > -- > -------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ---------------------------------------------------------------------- > -- > -------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.392 / Virus Database: 270.13.55/2301 - Release Date: > 08/21/09 06:04:00 > > > > ---------------------------------------------------------------------- > ------ > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------- > ------ > ---- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > ---------------------------------------------------------------------- > ------ > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------- > ------ > ---- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > ---------------------------------------------------------------------- > ---------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------- > ---------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------- ------ WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------- ------ WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
