On Wed, May 13, 2009 at 01:03:20PM -0600, Brett Glass wrote: > Stefan: > > You are correct: This is not real security. In fact, I would argue that it's > not security at all. > > But many businesses that have to maintain hotspots -- especially some hotel > chains -- are "allergic" to any sort of serious security. This is because a > small but vocal subset of their customers just want to get on the Net and > complain about any sort of security. Even having to enter a password or a WEP > key irks them. (I personally think that these people are ignorant fools and > are setting themselves up for identity theft and worse, but that's just me. > And the businesses seem more willing to allow piracy of their Wi-Fi than to > irritate these boneheads.) Also, these systems have to be usable by some > fairly lame devices -- e.g. an XBox -- that aren't really computers and don't > have the capability to run secure protocols or even a particularly good Web > browser built in. > > So, painful as it is, I have to help these guys implement systems which > "bless" MAC addresses. The "arp -s" command can sort of lock an IP to a MAC > address, but awkwardly and only for outbound packets. What I'd like is to get > this into the firewall, so I can not only block spoofing but trigger a log > entry when it happens. >
Sounds like wlan_acl(4) may be of interest to you. - Christian -- Christian Brueffer ch...@unixpages.org bruef...@freebsd.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D
pgp2gxmKKdNIj.pgp
Description: PGP signature
