Re: Gaming adapter as access point
- From: Jeff Liebermann <jeffl@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Feb 2006 23:04:39 GMT
On 13 Feb 2006 13:46:23 -0800, steve317jones@xxxxxxxxxxx wrote:
Only partly right, main AP will be a free taxpayer paid for AP.
Hint. It's not free if your taxes are paying for it.
Ask yourself how many small WISP (wireless ISP) vendors would be in
business if they didn't have to compete with the local government.
I've already read it all, and there seems to be alot of confusion.
That's why I wrote it. I'm not absolutely sure that I got it perfect.
I'm constantly seeing new abuse of the term "bridge". The point to
remember is that *ALL* 802.11 wireless is bridging.
Main thing is as you said below, they don't tell you up front. Guess
we need a new standards board to enforce some standards?
Right. The radio standards enforcement squad. Swoops down on
unsuspecting marketing departments and fines them for metaphor abuse
and engaging in technobabble. The public must be protected from such
obvious evil. Maybe have wireless considered to be a drug and have
the FDA do the enforcement.
Sure I was just wondering if there's anyway to tell before you buy what
the box does; I guess there isn't.
I can't tell except from experience. I know that the following will
do more than one MAC address:
Linksys WET11, WET54G
Linksys WRT54G/GS with DD-WRT firmware in client mode.
I'll have a list at home of those that will only do one MAC address.
Later (if I find it).
One of the APs used will be unencrypted, so thinking of using Tor or
have to study VPN (sheesh, got enough to do already).
Either will work. When using a public wireless system, you have to
bring your own encryption and encapsulation. From the FAQ, list of
VPN service providers:
| http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless/Wi-Fi#VPN_Service_Providers
I thought some routers could act as both APs and routers
simultaneously?
Yes, but only for incoming connection. In these routers, the
wireless part is just another (bridged) port on the LAN side. There
are few sold that will act as a wireless client on the WAN side, and
then act as a router on the LAN side. There are a few that will do
this such as a modified version of the Lucent AP1000 firmware. Some
of the WISP providers have such clients. However, the bulk of the
commodity hardware cannot move the wireless to the WAN side of the
router.
You could roll your own using a Linux based router, where a client
mode adapter can be easily simulated. I don't have any handy links
but can find some if you want to go this route. It's not too
horrible. The hardware is usually based on either an old PC
motherboard, or a dedicated SBC such as:
http://www.soekris.com
http://www.pcengines.ch
How hard is it to set up VPN? Briefly, what's involved?
It varies from trivial to the configuration nightmare from hell.
The thing to remember about VPN's is that they have to terminate
somewhere. It can be terminated in the wireless router, in an ISP's
server farm, or in the destination's router or server. The basic
types are SSL/TLS, PPTP, and IPSec. SSL/TLS aren't really a true
tunnel, but they provide similar functions by encrypting all the
traffic. These are usually terminated in web servers. PPTP is
Microsoft's simplistic VPN. These are terminated in NT4 and W2K
servers, as well as dedicated router. My WRT54G with DD-WRT is
sometimes running a PPTP VPN between my house and office. I can see
all the computahs from both ends. IPSec is the most secure, but also
the most complex. Lots of layers of encryption, authorization, and
authentication. Not too horrible once you've done it a few times, but
a real pain the first time.
Light reading:
http://www.practicallynetworked.com/support/VPN_help.htm
Follow the links.
I meant how can someone running the "hotspot" I am connecting to use it
to get to my hard drive (assuming file sharing is off) or download a
virus, malware on my machines? And will it be sufficient to use a good
software firewall to prevent this, or MUST I get a router in addition?
If you have a firewall between your client adapter and your computers,
they will not be able to go backwards, through the router, into your
system. If you have a mess of redirected IP ports (i.e. holes) in
your firewall, it's possible.
Most municipal LAN's have a feature called "client isolation" (which
is often misnamed "AP isolation"). It prevents one wireless client
from bridging to another wireless client. All traffic goes to the
access point and then to the internet.
If your municipal LAN assigns your client radio a routeable IP
address, it is also possible to be attacked from the internet. For
such an arrangement, you must get something to protect your machines.
If your municipal LAN assigns your client radio a non-routeable IP
address (10.xxx.xxx.xxx, 192.168.xxx.xxx, etc) IP address, then you're
relying on their router to protect you from access via the internet.
Since most such municipal router are intentionally porous so that peer
to peer applications function, you'll still need to get something to
protect your machines. Such protection can be personal software
firewalls, but I suggest a hardware router as generally more
effective.
The real danger is sniffing. With a wide open access point and zero
encryption, someone can sniff your traffic and extract all kinds of
good info. That's where the VPN comes in. Some ISP's supply VPN
client and terminations such as:
http://www.sonic.net/hotspots/portal/
No clue what your municipal wireless provider offers. In any case,
these will protect against hijacking the connection, sniffing, and
attacking your client computers directly.
Dunno. I usually don't write rulesets unless it's a Cisco router.
Were you planning to buy a Cisco router? There are plenty of example
IOS configs on the internet for every ocassion.
Very funny. Wouldn't be here if I was planning on a Cisco router most
likely.
Well, you can write your own iptables rules for the Linux based
wireless routers. I would dump the config from my WRT54G with DD-WRT
but it's a bit long. The nice thing about using Linux is that like
Cisco IOS, there's plenty to copy from. There are also rule set
generators available. Methinks for what you're doing, a seperate
wireless client bridge radio (i.e. access point in client mode), and a
seperate ethernet router that's fairly configurable would be best. I'm
not sure what to recommend. Used Cisco 25xx and 26xx series isn't all
that overpriced. (I just hate the fan noise).
How about a brand/model recommendation for the router to work in
connection with a Buffalo gamer/AP/bridge device?
Later... customers cometh
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@xxxxxxxxxxxxxxxxxxxxxx
# http://802.11junk.com jeffl@xxxxxxxxxx
# http://www.LearnByDestroying.com AE6KS
.
- Follow-Ups:
- Re: Gaming adapter as access point
- From: William P . N . Smith
- Re: Gaming adapter as access point
- References:
- Gaming adapter as access point
- From: steve317jones
- Re: Gaming adapter as access point
- From: Jeff Liebermann
- Re: Gaming adapter as access point
- From: steve317jones
- Gaming adapter as access point
- Prev by Date: Re: Leaky Coax
- Next by Date: Re: cheap wireless router that can block more than 10 ips / subnets
- Previous by thread: Re: Gaming adapter as access point
- Next by thread: Re: Gaming adapter as access point
- Index(es):
Relevant Pages
|
