also sprach Jamin W. Collins <[EMAIL PROTECTED]> [2003.01.11.1817 +0100]:
> > See my other post. If I then get a friend over who wants to connect
> > (legitimally) through wireless but doesn't have IPsec, he won't be
> > able to...
>
> Then take a look at http://nocat.net/ should do what your tryi
martin f krafft, 2003-Jan-13 11:23 +0100:
> also sprach Jeff <[EMAIL PROTECTED]> [2003.01.12.1953 +0100]:
> > Thinking about it, what I described above really isn't a proxy but
> > rather an offload of the SSL part of HTTPS. However, the clear text
> > HTTP on the backend could then be proxied. I
On Tue, 2003-01-14 at 01:49, martin f krafft wrote:
> also sprach Richard Hector <[EMAIL PROTECTED]> [2003.01.13.1127 +0100]:
> > An idea that springs to mind (well, it sprung some time ago, but I had
> > no-one to tell it to) is pppoe to your firewall. Then you block all IP
> > traffic on the inte
also sprach Richard Hector <[EMAIL PROTECTED]> [2003.01.13.1127 +0100]:
> An idea that springs to mind (well, it sprung some time ago, but I had
> no-one to tell it to) is pppoe to your firewall. Then you block all IP
> traffic on the interface talking to the AP (or not even configure IP at
> all)
On Sat, 2003-01-11 at 11:56, martin f krafft wrote:
> i have a cheap-ass wireless access point which doesn't even do
> MAC-based authentication, and neither can I get WEP64 to work between
> it (Addtron AWS-110) and the Orinoco Silver card.
>
> I would like to have wireless in my appartment, but I
also sprach Jeff <[EMAIL PROTECTED]> [2003.01.12.1953 +0100]:
> Thinking about it, what I described above really isn't a proxy but
> rather an offload of the SSL part of HTTPS. However, the clear text
> HTTP on the backend could then be proxied. I've not seen this done
> though.
I know this is p
* martin f krafft ([EMAIL PROTECTED]) wrote:
> also sprach iain d broadfoot <[EMAIL PROTECTED]> [2003.01.11.2115 +0100]:
> >Squid is a FTP, HTTP and HTTPS proxy cache. For general
> >information on
>
> "marketing"
>
> you can't proxy HTTPS, think about it. squid can tunnel it, bu
martin f krafft, 2003-Jan-12 19:27 +0100:
> also sprach iain d broadfoot <[EMAIL PROTECTED]> [2003.01.11.2115 +0100]:
> >Squid is a FTP, HTTP and HTTPS proxy cache. For general
> >information on
>
> "marketing"
>
> you can't proxy HTTPS, think about it. squid can tunnel it, but t
also sprach iain d broadfoot <[EMAIL PROTECTED]> [2003.01.11.2115 +0100]:
>Squid is a FTP, HTTP and HTTPS proxy cache. For general
>information on
"marketing"
you can't proxy HTTPS, think about it. squid can tunnel it, but that's
not more than an circuit level gateway.
> i know
* martin f krafft ([EMAIL PROTECTED]) wrote:
> also sprach iain d broadfoot <[EMAIL PROTECTED]> [2003.01.11.0015 +0100]:
> > as i understand wireless, there is no solution to blocking clients
> > connecting - macs can be faked, ssids are plaintext, wep is crackable
> > fairly quickly...
>
> my phi
On Sat, Jan 11, 2003 at 12:04:40PM +0100, martin f krafft wrote:
> See my other post. If I then get a friend over who wants to connect
> (legitimally) through wireless but doesn't have IPsec, he won't be
> able to...
Then take a look at http://nocat.net/ should do what your trying.
--
Jamin W.
also sprach Jeremy T. Bouse <[EMAIL PROTECTED]> [2003.01.11.0016 +0100]:
> Does the AP have anyway to stop broadcasting it's SSID? If it
> doesn't broadcast then they would have to know your SSID in order to
> make use of your AP... Another idea is if you have a firewall in place
> already as
also sprach Narins, Josh <[EMAIL PROTECTED]> [2003.01.11.0043 +0100]:
> login to the loginbox (only ssh open to start) then restrict all access to
> your IP for the session
so the firewall will only let stuff pass while the SSH connection is
up. that's an idea... i'll think about it!
--
Please
also sprach Jonah Sherman <[EMAIL PROTECTED]> [2003.01.10.1935 +0100]:
> The best way IMO to secure a small wireless network is with ipsec. You
> can do this very easily with freeswan and a good ipsec howto. Just
> create a encrypted/authenticated tunnel between your wireless machine
> and your r
also sprach iain d broadfoot <[EMAIL PROTECTED]> [2003.01.11.0015 +0100]:
> as i understand wireless, there is no solution to blocking clients
> connecting - macs can be faked, ssids are plaintext, wep is crackable
> fairly quickly...
my philosophy: if there's a cracker outside my door capable of
also sprach Jamin W. Collins <[EMAIL PROTECTED]> [2003.01.11.0043 +0100]:
> While you can't stop them from connecting to the AP, you can stop
> traffic from getting beyond it. Simply attach the AP to a firewalled
> system that only allows authenticated VPN clients through it. It's
> fairly easy t
On Fri, Jan 10, 2003 at 11:56:13PM +0100, martin f krafft wrote:
> I would like to have wireless in my appartment, but I need to prevent
> folks on the street from linking into the network. The question is
> how. I want to prevent them from using my internet connection just as
> much as accessing l
MAC-based authentication is a joke. All it takes is for someone to
sniff traffic, then clone your mac(ifconfig ethX hw ether [...]).
The best way IMO to secure a small wireless network is with ipsec. You
can do this very easily with freeswan and a good ipsec howto. Just
create a encrypted/authe
move to a higher apt
sorry, i am very bad if the pun has apt in it
what about
. . . wireless . . . [wirelesshub]--[loginbox]-internet
login to the loginbox (only ssh open to start) then restrict all access to
your IP for the session
it would take a few scripts
-Original Mes
On Fri, Jan 10, 2003 at 11:15:39PM +, iain d broadfoot wrote:
> * martin f krafft ([EMAIL PROTECTED]) wrote:
>
> > I would like to have wireless in my appartment, but I need to
> > prevent folks on the street from linking into the network. The
> > question is how. I want to prevent them from u
Does the AP have anyway to stop broadcasting it's SSID? If it
doesn't broadcast then they would have to know your SSID in order to
make use of your AP... Another idea is if you have a firewall in place
already as it seems, what are the chances of being able to put a
seperate NIC in the fire
* martin f krafft ([EMAIL PROTECTED]) wrote:
> i have a cheap-ass wireless access point which doesn't even do
> MAC-based authentication, and neither can I get WEP64 to work between
> it (Addtron AWS-110) and the Orinoco Silver card.
>
> I would like to have wireless in my appartment, but I need t
22 matches
Mail list logo
